On Tue, Aug 20, 2013 at 11:14 AM, Rickard Bellgrim <rick...@opendnssec.org>wrote:
> IIUC, user talks to web, web talks to WService, WService talks with token. >> Doesnt that break the rule of the "user being the only one having the >> PIN/access to key" >> > > How the PIN is transferred over multiple systems to the HSM/token is out > of scope. You have to build/use a system which makes sure that the > transaction to the library is safe. > Thats what im looking for ;) > > The other possibility is: >> user attack pk11lib, pk11lib opens a secure tunnel to HSM >> So the security is based on a local software key, which can be craked >> allowing someone to sniff around. >> > > The main purpose of the PKCS#11 library is to deliver your commands over > to the HSM. Cracking the library won't give you any extra information. The > private key operations are performed on-board the HSM. If the library e.g. > acts as a HA-client for the HSM-cluster, then traffic between the HSM:s > are/should be encrypted. Thus not being able to know the contents of the > HA-traffic. > > You could also have a look on the PKCS#11 Spy software from the OpenSC > project on how to tap the PKCS#11 traffic/commands. > > If you want to attack an HSM, then you could e.g. try to exploit the API > it exposes to the PKCS#11 clients/libraries. > Exactly what im thinking. If user attack application (firefox) and app has pkcs#11 lib loaded, y could easily hook another library (like PKCS#11 SPY) and have the PIN which give access to key usage. Seems OTP and similar mechanisms are the only way to secure this (a bit more)
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
