PKCS#11 Plugin
In addition to using the the TSM SDK, it is also possible to integrate with a TSM via PKCS#11.
Blockdaemon provides a golang implementation of the PKCS#11 interface using the TSM for cryptography and key management.
Supported Mechanisms
- CKM_AES_KEY_GEN
- CKM_AES_CTR
- CKM_EC_KEY_PAIR_GEN
- CKM_ECDSA
- CKM_ECDSA_SHA1
- CKM_ECDSA_SHA224
- CKM_ECDSA_SHA256
- CKM_ECDSA_SHA384
- CKM_ECDSA_SHA512
- CKM_RSA_PKCS_KEY_PAIR_GEN
- CKM_RSA_X_509
Java Integration
We support Java CSP integration through SunPKCS11. After configuring the library with TSM info, the provider can be registered as follows:
final String pkcs11ConfigSettings = String.format("name = TSM\n" +
"library =%s\n"
"attributes(*,CKO_SECRET_KEY,CKK_AES) = {\n" +
" CKA_ENCRYPT = true\n" +
"}", libraryPath);
final byte[] pkcs11ConfigBytes = pkcs11ConfigSettings.getBytes();
final ByteArrayInputStream confStream = new ByteArrayInputStream(pkcs11ConfigBytes);
final SunPKCS11 provider = new SunPKCS11(confStream);
Security.addProvider(provider);
Set the libraryPath
to point to the p11Tsm
library file.
Further information
More info on integration with PKCS#11 is provided in our repositories.
Updated 2 months ago