How do i integrate Hardware Security Module encryption with a java application? I'm looking for code samples to connect to HSMs, generate keys(asymmetric, symmetric), encrypt and decrypt data (asymmetric, symmetric) and store keys.
Asked
Active
Viewed 1.5k times
2 Answers
16
In JAVA you can just use JCE/JCA. Ask your provider for the implementation, you will need some jar files, and you're ready.
Paul Whelan
- 16,574
- 12
- 50
- 83
Frank
- 16,476
- 7
- 38
- 51
-
1would you tell me how to connect to HSM ? – Armin Oct 19 '12 at 20:32
-
that will depend on your provider, but in my case it was all configuration done on the WAS server. – Frank Oct 19 '12 at 20:33
-
so i just need to add provider jar file to project and call Security.addProvider(provider) and start coding like follow codes ? SecureRandom random = new SecureRandom(); KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC"); generator.initialize(256, random); pair = generator.generateKeyPair(); – Armin Oct 19 '12 at 21:03
-
be careful to always use the correct provider code/string in all your calls and your safe – Frank Oct 19 '12 at 21:12
-
To use a Luna HSM for example you must add a LunaProvider, login with an LunaSlotManager and then you can get a `KeyStore` connected to the HSM `KeyStore.getInstance("Luna")` or get a `KeyPairGenerator` `KeyPairGenerator.getInstance("RSA", "LunaProvider")` http://cloudhsm-safenet-docs-5.3.s3-website-us-east-1.amazonaws.com/007-011136-006_lunasa_5-3_webhelp_rev-c/Content/sdk/s8_-_luna_jsp.htm – Rafael Membrives Feb 16 '16 at 08:01
2
All HSM should support common API interfaces, such as PKCS11, JCE or MSCAPI. For Java integration, they would offers JCE CSP provider as well. Simply configure the provider, and they you can use the Keystore/KeyGenerator as per normal.
Zhenxin Sun
- 39
- 2