Menu
▾
▴
Re: [OpenXPKI-users] SmartCard-HSM or Nitrokey integration
|
From: Oliver W. <ma...@ol...> - 2022-11-23 07:00:21
|
Hello Montajab, thats really great to hear - might you be able to share some details on the setup with us, so others might be able to run such a setup too ;) best regards Oliver On 22.11.22 17:07, Montajab Saleh wrote: > Hello, > > Thank you Oliver > Thank you Martin > > Now everything is working as required with the Issuing CA private key > protected inside the SmartCart-HSM token. > > Best Regards > > On Mon, Nov 21, 2022 at 12:12 PM Oliver Welter <ma...@ol...> wrote: > > Hello Montajab, > > welcome to OpenXPKI ;) > > I do not fully understand your question but you basically have to > create an Issuing CA certificate based on the key on the HSM and > import this certificate into the "certsign" group as documented in > the quickstart quide. You then need to make sure that the name of > the key is properly created from the "key" specification in the > realms crypto.yaml file based on the alias created for the > imported token. > > Oliver > > On 21.11.22 08:57, Montajab Saleh wrote: >> Hello, >> >> As I know, openxpki supports PKCS#11 interface via OpenSC >> I'm making a Lab to implement a CA with signer key protected >> inside HSMs such as SmartCard-HSM or Nitrokey, in documentation >> there is an example for YubicoHSM but I don't get the full idea >> and the required steps, >> I tried to adapt the YubicoHSM example with SmartCard-HSM but no >> luck till now, there is no errors in log, but still no signer, >> Is it enough to set the right token in crypto.yaml file with the >> matching secret? >> Is there anything to put in the database or some command to execute? >> How to select which signer key within the token to use? >> >> I would be so grateful If someone provide me with any further details >> -- >> /Regards/ >> /Montajab Saleh/ >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openxpki-users > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > -- > /Regards/ > /Montajab Saleh/ > > > _______________________________________________ > OpenXPKI-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin! |
