From: Bruno B. <as...@as...> - 2013-07-29 13:13:11
|
On Mon 29 July, Tomas Gustavsson wrote: > > Hi Bruno, > Hi Tomas, thanks for you feedback. > > It is so that it tries to use PKCS#11 for the symmetric encryption as > well, not only for asymmetric. So flags on your keys do not matter. > Unfortunately symmetric ciphers on HSMs is a nightmare, where you have > to code specifically for each HSM. So this might work with another HSM, > but not the Luna. The solution was to use BC (soft) for the symmetric > session keys and asymmetric (HSM) for session key wrapping. > > This requires a later version of BC than present in EJBCA 4, something > that is a big task. So backporting the fix to EJBCA 4 is unfortunately > not an option at this point. > > You best options currently might currently be: > - Move to Enterprise Edition (CC certified EJBCA 5) > - Use soft CA keys > - Wait for EJBCA 6 (sometimes during autumn) It is possible to use a soft key only for key ciphering? Anyway, thanks you again. -- http://asyd.net/home/ - Home Page http://netvibes.com/asyd - Portal |