Menu
▾
▴
Re: [Ejbca-develop] PrimeCard
|
From: Roman C. <rom...@wi...> - 2015-04-21 08:47:33
|
Yes, please see the following: I have EJBCA configured with USB cryptographic tokens from ACS, particularly CryptoMate64. These USB tokens have security certification and are capable to generate and use RSA key pairs up to 4096 bits. Also it is in a form of smart card, if you prefer it. For certificate authority that doesn't need much performance, this is really secure and cheap solution. If you need more performance, use more of these tokens with the same RSA key pair (security procedures for backing up must be in place). You should create your own SunPCKS11 configuration file for CryptoMate64 token to use it in EJBCA and its working fine. Moreover there is a possibility to use it through network with PKCS11 Proxy that could be secured using TLS. Here are useful links: http://www.acs.com.hk/en/products/18/cryptomate64-cryptographic-usb-tokens/ http://www.acs.com.hk/en/products/308/acos5-64-cryptographic-card-contact/ https://github.com/ANSSI-FR/caml-crush Everything is working without any problems. With regards, Roman -----Original Message----- From: Michael Ströder [mailto:mi...@st...] Sent: Tuesday, April 21, 2015 10:06 AM To: ejb...@li...; Ebtehal Hassan Subject: Re: [Ejbca-develop] PrimeCard Roman Cinkais wrote: > What you would like to achieve? > You don't want to buy a full HW HSM? > > Maybe I can propose a solution for you. I am managing EJBCA securely on tokens without HSM. > Let me know. Could you please elaborate on your solution? I'd also like to hear more about it. Are you e.g. using a soft token with PKCS#11 proxy? Ciao, Michael. |
