Menu
▾
▴
ejbca-develop
|
From: Ebtehal H. <h.e...@ya...> - 2015-04-19 05:49:23
|
Hello all;we want to implement CA keys in smartCard-HSM with primeCard module how to accomplish that and it that supported in ejbca 6.0.4 |
|
From: Tomas G. <to...@pr...> - 2015-04-19 15:20:28
|
Hi, PrimeCard is not supported. Perhaps you should take a look at SmartCard-HSM that has been discussed on the list before? Cheers, Tomas On 2015-04-18 22:49, Ebtehal Hassan wrote: > Hello all; > we want to implement CA keys in smartCard-HSM with primeCard module > how to accomplish that and it that supported in ejbca 6.0.4 > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Ebtehal H. <h.e...@ya...> - 2015-04-21 06:09:19
|
Hi Tomas;
which list you are talking about?if you discussed before in the forum please give me the link
From: Tomas Gustavsson <to...@pr...>
To: ejb...@li...
Sent: Sunday, 19 April 2015, 8:20:13
Subject: Re: [Ejbca-develop] PrimeCard
Hi,
PrimeCard is not supported. Perhaps you should take a look at
SmartCard-HSM that has been discussed on the list before?
Cheers,
Tomas
On 2015-04-18 22:49, Ebtehal Hassan wrote:
> Hello all;
> we want to implement CA keys in smartCard-HSM with primeCard module
> how to accomplish that and it that supported in ejbca 6.0.4
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
|
|
From: Andreas S. <and...@ca...> - 2015-04-21 12:07:54
|
The Howto for integrating EJBCA with a SmartCard-HSM can be found here [1]. Andreas [1] http://www.smartcard-hsm.com/2014/09/05/Accessing_your_SmartCard-HSM_from_EJBCA.html On 04/21/2015 08:06 AM, Ebtehal Hassan wrote: > Hi Tomas; > which list you are talking about?if you discussed before in the forum please give me the link > > From: Tomas Gustavsson <to...@pr...> > To: ejb...@li... > Sent: Sunday, 19 April 2015, 8:20:13 > Subject: Re: [Ejbca-develop] PrimeCard > > > Hi, > > PrimeCard is not supported. Perhaps you should take a look at > SmartCard-HSM that has been discussed on the list before? > > Cheers, > Tomas > > > > On 2015-04-18 22:49, Ebtehal Hassan wrote: >> Hello all; >> we want to implement CA keys in smartCard-HSM with primeCard module >> how to accomplish that and it that supported in ejbca 6.0.4 >> >> >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com |
|
From: Andreas S. <and...@ca...> - 2015-11-01 10:08:53
|
Hi, the SmartCard-HSM now supports Public Key Authentication with a n-of-m Threshold Scheme [1]. This enables shared access control for sensitive enterprise keys, like the ones used for CA or code signing. The mechanism replaces the user PIN with a challenge-response authentication done with a private key held by a key custodian. The threshold scheme defines during device initialization which public keys are authorized and how many keys must be authenticated to gain access. Please see the blog for more details. Andreas [1] http://www.smartcard-hsm.com/2015/10/10/Shared_Control_over_Key_Usage.html On 04/21/2015 02:07 PM, Andreas Schwier wrote: > The Howto for integrating EJBCA with a SmartCard-HSM can be found here [1]. > > Andreas > > [1] > http://www.smartcard-hsm.com/2014/09/05/Accessing_your_SmartCard-HSM_from_EJBCA.html > > > On 04/21/2015 08:06 AM, Ebtehal Hassan wrote: >> Hi Tomas; >> which list you are talking about?if you discussed before in the forum please give me the link >> >> From: Tomas Gustavsson <to...@pr...> >> To: ejb...@li... >> Sent: Sunday, 19 April 2015, 8:20:13 >> Subject: Re: [Ejbca-develop] PrimeCard >> >> >> Hi, >> >> PrimeCard is not supported. Perhaps you should take a look at >> SmartCard-HSM that has been discussed on the list before? >> >> Cheers, >> Tomas >> >> >> >> On 2015-04-18 22:49, Ebtehal Hassan wrote: >>> Hello all; >>> we want to implement CA keys in smartCard-HSM with primeCard module >>> how to accomplish that and it that supported in ejbca 6.0.4 >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>> Develop your own process in accordance with the BPMN 2 standard >>> Learn Process modeling best practices with Bonita BPM through live exercises >>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>> >>> >>> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com |
|
From: Tomas G. <to...@pr...> - 2015-11-02 15:43:26
|
Hi, I added the links here: https://www.ejbca.org/docs/adminguide.html#SmartCard-HSM Regards, Tomas ********** PrimeKey will exhibit as partner together with Utimaco at Cartes, November 17-19, 2015. Take the opportunity to meet us in Paris @ Cartes Secure Connexions, Paris Nord, Villepinte, Hall 4, Booth 4 J 078. More information on the conference and exhibition is to be found at www.cartes.com. On 2015-11-01 11:08, Andreas Schwier wrote: > Hi, > > the SmartCard-HSM now supports Public Key Authentication with a n-of-m > Threshold Scheme [1]. This enables shared access control for sensitive > enterprise keys, like the ones used for CA or code signing. > > The mechanism replaces the user PIN with a challenge-response > authentication done with a private key held by a key custodian. The > threshold scheme defines during device initialization which public keys > are authorized and how many keys must be authenticated to gain access. > > Please see the blog for more details. > > Andreas > > [1] > http://www.smartcard-hsm.com/2015/10/10/Shared_Control_over_Key_Usage.html > > > On 04/21/2015 02:07 PM, Andreas Schwier wrote: >> The Howto for integrating EJBCA with a SmartCard-HSM can be found here [1]. >> >> Andreas >> >> [1] >> http://www.smartcard-hsm.com/2014/09/05/Accessing_your_SmartCard-HSM_from_EJBCA.html >> >> >> On 04/21/2015 08:06 AM, Ebtehal Hassan wrote: >>> Hi Tomas; >>> which list you are talking about?if you discussed before in the forum please give me the link >>> >>> From: Tomas Gustavsson <to...@pr...> >>> To: ejb...@li... >>> Sent: Sunday, 19 April 2015, 8:20:13 >>> Subject: Re: [Ejbca-develop] PrimeCard >>> >>> >>> Hi, >>> >>> PrimeCard is not supported. Perhaps you should take a look at >>> SmartCard-HSM that has been discussed on the list before? >>> >>> Cheers, >>> Tomas >>> >>> >>> >>> On 2015-04-18 22:49, Ebtehal Hassan wrote: >>>> Hello all; >>>> we want to implement CA keys in smartCard-HSM with primeCard module >>>> how to accomplish that and it that supported in ejbca 6.0.4 >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>>> Develop your own process in accordance with the BPMN 2 standard >>>> Learn Process modeling best practices with Bonita BPM through live exercises >>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejb...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>> >>> ------------------------------------------------------------------------------ >>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>> Develop your own process in accordance with the BPMN 2 standard >>> Learn Process modeling best practices with Bonita BPM through live exercises >>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>> Develop your own process in accordance with the BPMN 2 standard >>> Learn Process modeling best practices with Bonita BPM through live exercises >>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>> >>> >>> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> >> > > |
|
From: Roman C. <rom...@wi...> - 2015-04-19 16:21:46
|
Dear Ebtehal, What you would like to achieve? You don't want to buy a full HW HSM? Maybe I can propose a solution for you. I am managing EJBCA securely on tokens without HSM. Let me know. With regards, Roman > On 19 Apr 2015, at 07:50, Ebtehal Hassan <h.e...@ya...> wrote: > > Hello all; > we want to implement CA keys in smartCard-HSM with primeCard module > how to accomplish that and it that supported in ejbca 6.0.4 > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Ebtehal H. <h.e...@ya...> - 2015-04-21 06:07:13
|
Hello Roman;
please explain more about your solution
From: Roman Cinkais <rom...@wi...>
To: Ebtehal Hassan <h.e...@ya...>; "ejb...@li..." <ejb...@li...>
Sent: Sunday, 19 April 2015, 8:51:18
Subject: Re: [Ejbca-develop] PrimeCard
Dear Ebtehal,
What you would like to achieve?You don't want to buy a full HW HSM?
Maybe I can propose a solution for you. I am managing EJBCA securely on tokens without HSM.Let me know.
With regards,Roman
On 19 Apr 2015, at 07:50, Ebtehal Hassan <h.e...@ya...> wrote:
Hello all;we want to implement CA keys in smartCard-HSM with primeCard module how to accomplish that and it that supported in ejbca 6.0.4
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
|
|
From: Michael S. <mi...@st...> - 2015-04-21 08:06:40
Attachments:
smime.p7s
|
Roman Cinkais wrote: > What you would like to achieve? > You don't want to buy a full HW HSM? > > Maybe I can propose a solution for you. I am managing EJBCA securely on tokens without HSM. > Let me know. Could you please elaborate on your solution? I'd also like to hear more about it. Are you e.g. using a soft token with PKCS#11 proxy? Ciao, Michael. |
|
From: Roman C. <rom...@wi...> - 2015-04-21 08:47:33
Attachments:
smime.p7s
|
Yes, please see the following: I have EJBCA configured with USB cryptographic tokens from ACS, particularly CryptoMate64. These USB tokens have security certification and are capable to generate and use RSA key pairs up to 4096 bits. Also it is in a form of smart card, if you prefer it. For certificate authority that doesn't need much performance, this is really secure and cheap solution. If you need more performance, use more of these tokens with the same RSA key pair (security procedures for backing up must be in place). You should create your own SunPCKS11 configuration file for CryptoMate64 token to use it in EJBCA and its working fine. Moreover there is a possibility to use it through network with PKCS11 Proxy that could be secured using TLS. Here are useful links: http://www.acs.com.hk/en/products/18/cryptomate64-cryptographic-usb-tokens/ http://www.acs.com.hk/en/products/308/acos5-64-cryptographic-card-contact/ https://github.com/ANSSI-FR/caml-crush Everything is working without any problems. With regards, Roman -----Original Message----- From: Michael Ströder [mailto:mi...@st...] Sent: Tuesday, April 21, 2015 10:06 AM To: ejb...@li...; Ebtehal Hassan Subject: Re: [Ejbca-develop] PrimeCard Roman Cinkais wrote: > What you would like to achieve? > You don't want to buy a full HW HSM? > > Maybe I can propose a solution for you. I am managing EJBCA securely on tokens without HSM. > Let me know. Could you please elaborate on your solution? I'd also like to hear more about it. Are you e.g. using a soft token with PKCS#11 proxy? Ciao, Michael. |
