PKCS#11
dblas opened this issue · comments
Interesting project in security: new way of seeing key protection.
As you may know the standard interface towards historical HSM is PKCS#11.
That's the way we use to use remote HSMs to store Certification Authorities secrets and, more generally, private keys.
Any software that has to deal with such keys has a PKCS#11 interface (often through openssl).
How could we use ehsm that - old - way? Via a specific openssl plugin?
Thank you a lot,
db
Hi dblas,
Thanks for your interest, the PKCS#11 interfaces are in future plan and currently are not supported yet.
Hi dblas,
Thanks for your interest, the PKCS#11 interfaces are in future plan and currently are not supported yet.
Well, I'll wait but in the meantime is there a recipe showing how to make a reverse-proxy (apache, nginx) protect its private keys using eHSM?
Thanks,
db
the simplest way to protect private keys is to generate a CMK and then use it to wrap/encrypt your private keys.