Andreas Schwier | 28 Sep 2022
Enrollment over Secure Transport (EST) is an automatic certificate enrollment protocol defined in RFC 7030. It allows both, the initial enrollment of a X.509 certificate and later certificate renewal. The beauty of EST is, that is uses simple PKCS#10 and PKCS#7 objects, transmitted using https with TLS client authentication.
Andreas Schwier | 20 Jun 2022
Andreas Schwier | 11 May 2022
The PKI-as-a-Service Portal now offers the ability to operate your own TrustCenter. With this new function you can create your own PKI with the SmartCard-HSM as secure key store for the certification authority.
Andreas Schwier | 09 May 2022
This screencast shows how to prepare a SmartCard-HSM for use with a TrustCenter in the PKI-as-a-Service Portal.
Andreas Schwier | 17 Sep 2019
Caused by a bug in the GENERATE SYMMETRIC KEY command, the SmartCard-HSM (aka Nitrokey HSM2) in versions 3.1 and 3.2 generates weak AES keys with little to no entropy.
Andreas Schwier | 15 Mar 2019
The release of the SmartCard-HSM 4K marks an important milestone, with support for larger keys, support for AES and the introduction of key domains. The next generation SmartCard-HSM will make key management even more flexible and secure.
Andreas Schwier | 13 Feb 2018
SmartCard-HSMs are great devices to store cryptographic keys. However, managing a bunch of token, setting up and running a PKI can be a quite daunting task.
Andreas Schwier | 17 Oct 2017
On October 16th, 2017 a group of security researchers published a report about a flaw detected in the RSA key generation function, which is part of the cryptographic library used in Infineon Smartcard microcontroller and TPM modules.
Andreas Schwier | 14 Feb 2017
Devices for the Internet-of-Things (IoT) often operate in hostile environments. That makes securing cryptographics keys even more important, as you don’t want your keys to access the infrastructure (LAN and back-end) floating around in cyberspace.
Andreas Schwier | 25 Feb 2016
The new 2.1 release of the SmartCard-HSM is a minor release, adding two important new features: Controlled secure messaging binding of the authentication state and key agreement with authenticated public keys.
Andreas Schwier | 20 Nov 2015
Building a SmartCard-HSM cluster is a very cost-effective way to increase cryptographic processing power. The ability to securely migrate keys from one SmartCard-HSM to another allows adding devices as the demand increases.
Andreas Schwier | 10 Oct 2015
Cryptographic keys do not only need to be well protected from copying, it is just as important to control key access and usage. Placing keys on a hardware security module helps little, if it is easier to steal the hardware than it is to break into the software.
Andreas Schwier | 11 Mar 2015
SSH is the de-facto standard used by system administrators to access remote systems. Often SSH is used with password based authentication, however the recommended way is to use public key authentication.
Andreas Schwier | 07 Jan 2015
In October 2014, I had the pleasure to present IAEA’s new Universal Instrument Token at the Symposium on International Safeguards.
Andreas Schwier | 10 Nov 2014
Starting in November 2014, the SmartCard-HSM USB-Stick ships with a new hardware revision.
Frank Thater | 25 Sep 2014
Have you ever accidently deleted an important cryptographic key? Or suffered a hardware defect which results in the loss of key material?
Andreas Schwier | 05 Sep 2014
EJBCA is the most popular open-sourced and enterprise-ready certification authority. It’s build on J2EE technology and scales well from small corporate installations to national PKIs with millions of issued certificates. Since version 6 it has a great UI to manage keys in a HSM.
Andreas Schwier | 22 Aug 2014
The SmartCard-HSM has always had support for Elliptic Curve Cryptography (ECC), however initial support in OpenSC was somewhat limited. With the latest 0.14 release of the popular open source crypto middleware, support for ECC is on-par with RSA support.