Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Java API for HSMs  RSS feed

 
Aryan Khan
Ranch Hand
Posts: 290
Java Oracle Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Has any one tried interfacing with HSMs? I am Looking for Java API for HSM (Preferably Thales HSMs) or a software based simulator.

I found the following which I yet have to try my hands at:
ThalesSIM

Also any experiences with JPOS?

Thanks
Aryan
 
Caeser smith
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Aryan,

Have you managed to get Java API for Thales HSM?

Thanks
 
Joe Harry
Ranch Hand
Posts: 10128
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Aryan Khan wrote:Hi,
Has any one tried interfacing with HSMs? I am Looking for Java API for HSM (Preferably Thales HSMs) or a software based simulator.

I found the following which I yet have to try my hands at:
ThalesSIM

Also any experiences with JPOS?

Thanks
Aryan


The HSM provider should give you the API to interact with the HSM.
 
Ahmad Khan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I ended up using Txrx libraries since my requirements were simple and it did the job. Its not a PKCS 11 API/interface

But I came across this tool recently that might help you

https://www.opendnssec.org/download/

http://www.linkedin.com/news?viewArticle=&articleID=655687393&gid=38412&type=member&item=63224353&articleURL=http%3A%2F%2Ftrac.opendnssec.org%2Fwiki%2FSoftHSM&urlhash=8X1K&goback=.gde_38412_member_63224353
 
Maarten Bodewes
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I "interface" with HSM's all the time.

If you want direct (much more functionality) access, you can use the free PKCS#11 wrapper from IAIK (which is also used internally by the Sun PKCS#11 provider).

If you want compatible (JCE/JCA provider) access you can put a PKCS#11 library under the Sun PKCS#11 provider. It's very X509 certificate (SSL) centered.

Some HSM's may also be available through the MS Windows crypto layer, for which in 1.6 there is also a provider.

And then there is the functionality provided by HSM providers (some of which may be outdated & utter crap, be warned).

If you've got some money, you can pay IAIK for their provider, which at least may offer some assurance regarding compatability with your HSM.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!