Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java API for HSMs

 
Aryan Khan
Ranch Hand
Posts: 290
Java Oracle Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Has any one tried interfacing with HSMs? I am Looking for Java API for HSM (Preferably Thales HSMs) or a software based simulator.

I found the following which I yet have to try my hands at:
ThalesSIM

Also any experiences with JPOS?

Thanks
Aryan
 
Caeser smith
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Aryan,

Have you managed to get Java API for Thales HSM?

Thanks
 
Joe Harry
Ranch Hand
Posts: 10106
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Aryan Khan wrote:Hi,
Has any one tried interfacing with HSMs? I am Looking for Java API for HSM (Preferably Thales HSMs) or a software based simulator.

I found the following which I yet have to try my hands at:
ThalesSIM

Also any experiences with JPOS?

Thanks
Aryan


The HSM provider should give you the API to interact with the HSM.
 
Ahmad Khan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I ended up using Txrx libraries since my requirements were simple and it did the job. Its not a PKCS 11 API/interface

But I came across this tool recently that might help you

https://www.opendnssec.org/download/

http://www.linkedin.com/news?viewArticle=&articleID=655687393&gid=38412&type=member&item=63224353&articleURL=http%3A%2F%2Ftrac.opendnssec.org%2Fwiki%2FSoftHSM&urlhash=8X1K&goback=.gde_38412_member_63224353
 
Maarten Bodewes
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I "interface" with HSM's all the time.

If you want direct (much more functionality) access, you can use the free PKCS#11 wrapper from IAIK (which is also used internally by the Sun PKCS#11 provider).

If you want compatible (JCE/JCA provider) access you can put a PKCS#11 library under the Sun PKCS#11 provider. It's very X509 certificate (SSL) centered.

Some HSM's may also be available through the MS Windows crypto layer, for which in 1.6 there is also a provider.

And then there is the functionality provided by HSM providers (some of which may be outdated & utter crap, be warned).

If you've got some money, you can pay IAIK for their provider, which at least may offer some assurance regarding compatability with your HSM.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic