Peter Stuge <pe...@stuge.se> writes: >SafeNet Luna SA 5.2.1 or later >Thales Nshield Connect 11.62 or later" > >"HSM client" has nothing to do with PKCS#11.
Given that the native API for the Luna tokens is PKCS #11, it'd be hard to not use PKCS #11 for them. In addition unless the nCipher interface is using JCE or CryptoAPI, it'll be using PKCS #11 as well. So you could start with SoftHSM: https://github.com/opendnssec/SoftHSMv2 and then migrate the functionality into the hardware HSM. If the PA gear is hardcoded to only allow the Luna and nCipher devices then you'd have to fake them via the SoftHSM layer, i.e. return a Luna or nCipher ID string or whatever it is the PA expects to see. Peter. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
