You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I need to use OpenPGP with a Luna HSM, currently integrated via the JCPROV PKCS#11 Wrapper. The wrapper offers a set of APIs that aim to stay as close as possible to PKCS#11.
I see that the Luna could be used with the PGP implementation of BouncyCastle via its JCE provider, in combination with the JcaOpenPGPImplementation. However, JCE is unfortunately not an option for my use case because I need to keep the more fine-grained crypto operations that PKCS#11 supports and JCE does not.
I started looking into how to implement a custom OpenPGPImplementation based on JCPROV: my best shot so far is to extend BcOpenPGPImplementation and override all the parts that eventually deal with the low-level crypto operations to be executed inside the HSM. However, the complexity goes up quite fast.
Is there any reference or guidance I could follow for such a use case?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I need to use OpenPGP with a Luna HSM, currently integrated via the JCPROV PKCS#11 Wrapper. The wrapper offers a set of APIs that aim to stay as close as possible to PKCS#11.
I see that the Luna could be used with the PGP implementation of BouncyCastle via its JCE provider, in combination with the
JcaOpenPGPImplementation. However, JCE is unfortunately not an option for my use case because I need to keep the more fine-grained crypto operations that PKCS#11 supports and JCE does not.I started looking into how to implement a custom
OpenPGPImplementationbased on JCPROV: my best shot so far is to extendBcOpenPGPImplementationand override all the parts that eventually deal with the low-level crypto operations to be executed inside the HSM. However, the complexity goes up quite fast.Is there any reference or guidance I could follow for such a use case?
Thanks in advance for any feedback!
Relates to:
Beta Was this translation helpful? Give feedback.
All reactions