Is there a NitroKey product that meets these requirements? I’m having a hard time finding something that supports AES in ECB and CBC modes.
The HSM appliance must expose a client side PKCS#11 interface (a *.dll file). A 64bit DLL must be used.
The HSM must have at least one slot that fulfills the following:
Slot flags:
Flag
Description
CKF_HW_SLOT
hardware slot
CKF_TOKEN_PRESENT
token is present in the slot
CKF_RNG
random number generation is supported
The slot mechanism must have the following flags:
Flag
Description
CKF_HW encryption is done in-hardware
CKF_ENCRYPT has encryption capability
CKF_DECRYPT has decryption capability
CKF_GENERATE
mechanism supports key generation
The HSM must support AES-256 encryption in ECB and CBC modes (this is part of the supported slot mechanisms).
The following HSM functions are relevant.
Function Mandatory
C_GenerateKey Yes
C_EncryptInit Yes
C_Encrypt Yes
C_UnwrapKey Yes
C_FindObjectsInit Yes
C_FindObjects Yes
C_GetAttributeValue Yes
C_FindObjectsFinal Yes
C_DecryptInit Yes
C_Decrypt Yes
C_Logout Yes
C_CloseSession Yes
C_Finalize Yes
C_OpenSession Yes
C_Initialize Yes
C_GetSlotList Yes
C_GetSlotInfo Yes
C_GetTokenInfo Yes
C_GetMechanismInfo Yes
C_Login Yes
C_CreateObject Yes
C_GenerateKeyPair Yes
C_GetFunctionList Yes
C_GenerateRandom Yes
C_DestroyObject No