Re: [Ejbca-develop] Issue with key escrow and Luna HSM

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Mon 29 July, Tomas Gustavsson wrote:
> 
> Hi Bruno,
> 

Hi Tomas,

thanks for you feedback.

> 
> It is so that it tries to use PKCS#11 for the symmetric encryption as 
> well, not only for asymmetric. So flags on your keys do not matter. 
> Unfortunately symmetric ciphers on HSMs is a nightmare, where you have 
> to code specifically for each HSM. So this might work with another HSM, 
> but not the Luna. The solution was to use BC (soft) for the symmetric 
> session keys and asymmetric (HSM) for session key wrapping.
> 
> This requires a later version of BC than present in EJBCA 4, something 
> that is a big task. So backporting the fix to EJBCA 4 is unfortunately 
> not an option at this point.
> 
> You best options currently might currently be:
> - Move to Enterprise Edition (CC certified EJBCA 5)
> - Use soft CA keys
> - Wait for EJBCA 6 (sometimes during autumn)

It is possible to use a soft key only for key ciphering?

Anyway, thanks you again.

-- 
http://asyd.net/home/    - Home Page
http://netvibes.com/asyd - Portal