Hello, Gemalto HSM are currently not supported directly - you need to write your own implementation of the "Engine" module, have a look here at those for OpenSSL and nCipher.
https://github.com/openxpki/openxpki/blob/develop/core/server/OpenXPKI/Crypto/Backend/OpenSSL/Engine/ You can then either reference the keys using the pseudo-key files which are provided by the HSM driver or change the key definitions in the crypto.yaml file to directly use the names of the keys. best regards Oliver Am 14.02.19 um 03:37 schrieb Sang-Ho Johan Na: > Dear OpenXPKI User, > I want to setup openXPKI with HSM (Gemalto ProtectServer +). > Is there anyone who had experienced? > > At first, I wonder how can I configure key location of HSM. > > OpenXPKI document says, > > "*Move the key files to /etc/openxpki/ssl/ca-one/ *and name them > ca-one-signer-1.pem, ca-one-vault-1.pem, ca-one-scep-1.pem. *The key > files must be readable by the openxpki user*, so we recommend to make > them owned by the openxpki user with mode 0400. > Now import the certificates to the database." > > I can move my certificates to /etc/openxpki/ssl/ca-one/, except the keys > of my hsm and name them like that. Then how openxpki app can read my > keys in the hsm? > I cannot find any configurations regarding HSM for key management. > > Best regards, > Sang-Ho Na > -- > --------------------------------------------------------------------------------------- > *Korea Institute of Science and Technology Information(KISTI)* > *G*lobal *S*cience experimental *D*ata hub *C*enter > > Sang-Ho Na > Senior Researcher / Ph.D. > > E-mail: [email protected] > <mailto:[email protected]> / [email protected] > <mailto:[email protected]> > Phone: +82-42-869-0663 Fax: +82-42-869-1015 > Mobile: +82-10-7193-7295 > address : 245, Daehak-ro, Yusong-gu, Daejeon, 34141, Korea > --------------------------------------------------------------------------------------- > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
