Nitrokey HSM2 + Sun PKCS#11 + Java > 8 = no decryption support

Nitrokeys
1

We’ve got a pair of Nitrokey HSM2 and are evaluating their use on in-house developed Java applications, but we just found a serious blocker.

It seems that, after this change in Java (commit), the support for decrypting using the HSM2 through Sun PKCS#11 is gone.

Here are the Mechanism & algorithms supported on Java 8:

Mechanism Algorithm Notes
AlgorithmParameters EC
Cipher RSA/ECB/NoPadding only decrypt
Cipher RSA/ECB/PKCS1Padding only decrypt
KeyAgreement ECDH
KeyFactory EC
KeyFactory RSA
KeyPairGenerator EC keySize={192,521}
KeyPairGenerator RSA keySize={1024,4096}
KeyStore PKCS11
MessageDigest MD5
MessageDigest SHA1
MessageDigest SHA-256
MessageDigest SHA-384
MessageDigest SHA-512
SecureRandom PKCS11
Signature MD2withRSA
Signature MD5withRSA
Signature NONEwithECDSA
Signature SHA1withECDSA
Signature SHA1withRSA
Signature SHA224withECDSA
Signature SHA224withRSA
Signature SHA256withECDSA
Signature SHA256withRSA
Signature SHA384withECDSA
Signature SHA384withRSA
Signature SHA512withECDSA
Signature SHA512withRSA

And here those for Java 11:

Mechanism Algorithm
AlgorithmParameters EC
KeyAgreement ECDH
KeyFactory EC
KeyFactory RSA
KeyPairGenerator EC
KeyPairGenerator RSA
MessageDigest MD5
MessageDigest SHA1
MessageDigest SHA-256
MessageDigest SHA-384
MessageDigest SHA-512
Signature MD5withRSA
Signature NONEwithECDSA
Signature NONEwithECDSAinP1363Format
Signature RSASSA-PSS
Signature SHA1withECDSA
Signature SHA1withECDSAinP1363Format
Signature SHA1withRSA
Signature SHA1withRSASSA-PSS
Signature SHA224withECDSA
Signature SHA224withECDSAinP1363Format
Signature SHA256withECDSA
Signature SHA256withECDSAinP1363Format
Signature SHA256withRSA
Signature SHA256withRSASSA-PSS
Signature SHA384withECDSA
Signature SHA384withECDSAinP1363Format
Signature SHA384withRSA
Signature SHA512withECDSA
Signature SHA512withECDSAinP1363Format
Signature SHA512withRSA

So, we have two main questions:

  1. Doesn’t the HSM2 supports encryption?
  2. What can be done to enable, at least, support for decryption on Java > 8?

Thanks a lot!

2

Hi @pachulo!

I do not entirely understand the motivation behind this commit, that is removing the partial support. Do you?

Regarding the questions:

  1. AFAIK for the asymmetric algorithms the private key operations are done on the device, and public key ones on the host. Thus encryption is done on PC, and decryption through device (hence probably the only decrypt note). For symmetric algos (like AES) both should be possible.
  2. How about interfacing with OpenSC instead? Here is its Wiki for HSM.

You can look at the vendor’s support page as well.

3

No, I don’t really get it either.

Yes, this it what we understand too. We were just wondering if this is a limitation of the hardware itself or just something implemented on the “software” over performance concerns (or other reasons).

Our idea was to use something “standard” as the Sun PKCS#11, so we can later use another HSM if we need to.

We will try to open a case there, thanks!

4

The SUN PKCS#11 provider is often problematic and does not seem to be well supported.

That is the reason why we maintain OpenSC-Java.

There is also a JCE-Provider available for the SmartCard-HSM. Signed binaries are part of the Smart Card Shell, the source code is available in the CardContact Developer Network.

5

Yes, we’ve also seen that, but the last commit is from 2 years ago, so, is it really maintained?

OK, we will try that.

What about this @sc-hsm ? Thanks!

6

Yes, the HSM supports asymmetric decryption with padding format PKCS#1 V1.5 and OAEP with SHA-1 MGF.

7

What about encryption?

8

Encryption is a public key operation that is typically performed outside the HSM.

1 Like
9

And what about this @sc-hsm?

By the way, thanks a lot for your support!