EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Safenet Luna HSM support

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#17215
Posted: 08/05/2011 12:27:59
by J Makin (Basic support level)
Joined: 08/05/2011
Posts: 6

Hi,

Does the product support, out of the box, the storage and retrieval of public and private pgp keys via the SafeNet Luna HSM please? My developer has staetd that the product requires a key file on disk and I need to challenge that view with code examples if possible?

Many thanks,
John
#17217
Posted: 08/05/2011 13:54:13
by Ken Ivanov (EldoS Corp.)

Thank you for your interest in our products.

Does this token (SafeNet Luna) support access through PKCS#11? In fact, there does exist a possibility of utilising RSA keys stored on PKCS#11-capable tokens for OpenPGP signing, yet DSA and Elgamal keys are not supported at the moment.
#18058
Posted: 11/03/2011 05:25:13
by J Makin (Basic support level)
Joined: 08/05/2011
Posts: 6

Yes, it has a PKCS#11 interface and comes with a cryptoki.dll file. However we have attempted to use the 2007 version of your SBB and thsi fails to work.

Have you code samples for using a PKCS#11 interface with the dll in .NET for OpenPGP that you can provide?

Please call me if you have any further questions.
#18059
Posted: 11/03/2011 05:31:27
by J Makin (Basic support level)
Joined: 08/05/2011
Posts: 6

Further... we would like to buy the tool, but with a clause that it is refundable if it does not work with the SafeNet Luna HSM. How do we do this please?
#18060
Posted: 11/03/2011 05:48:48
by Ken Ivanov (EldoS Corp.)

Quote
Have you code samples for using a PKCS#11 interface with the dll in .NET for OpenPGP that you can provide?

Sorry, there is no such sample available at the moment. Yet, we will create one for you, as indeed plugging PKCS#11 keys to OpenPGPBlackbox is not a straightforward task. I think we will be able to provide you with a code snippet within a day or two.

Quote
Further... we would like to buy the tool, but with a clause that it is refundable if it does not work with the SafeNet Luna HSM. How do we do this please?

You can freely evaluate the product without purchasing it for as long as you need it to ensure that it satisfies your needs (subject to evaluation restrictions, such as nag screens and intentional speed slowdowns). The evaluation version is available for download here.
#18096
Posted: 11/04/2011 09:46:37
by Mike Ardron (Priority Standard support level)
Joined: 11/03/2011
Posts: 8

I am trying to connect to the Luna SA cryptoki.dll using this code in VB.NET

Dim certStore As New SBPKCS11CertStorage.TElPKCS11CertStorage
certStore.DLLName = "cryptoki.dll"
certStore.Open()

I get this error on the open call
PKCS#11 provider DLL function returned fatal error (error code is 5)
Which dll is giving the error the SecureBlackbox_PKCS11Proxy or the cryptoki? What is the error about?
#18097
Posted: 11/04/2011 09:55:57
by Ken Ivanov (EldoS Corp.)

The CKR_GENERAL_ERROR in most cases is returned by the SecureBlackbox_PKCS11Proxy driver, generally in response to some underlying general failure.

First of all, please try to pass the complete path to cryptoki.dll to the DLLName property. Next, please ensure that you are referencing the correct proxy and driver DLLs. A common mistake is referencing x86 DLLs from an x64 project or vice versa.
#18105
Posted: 11/07/2011 05:16:36
by Mike Ardron (Priority Standard support level)
Joined: 11/03/2011
Posts: 8

I have tried using the full path with the cryptoki dll in its original location and moving it to the application directory as shown in the code. I have also tried with 32 and 64 bit versions of the cryptoki dll. All give me the same error message.
Can you please tell me which component is returning the error?
#18106
Posted: 11/07/2011 06:05:43
by Ken Ivanov (EldoS Corp.)

The error is reported by the TElPKCS11CertStorage object, which in turn gets it from the proxy DLL. Although there are many possible reasons for CKR_GENERAL_ERROR to be returned, there is no "typical" failure scenario. The only thing we can tell for now is that driver initialization goes wrong for some reason, and we have to discover this reason yet.

OK, let's try some tracing tools. I'm attaching the proxy driver with compiled-in logging capabilities. Please substitute the original SecureBlackbox_PKCS11Proxy.dll with the attached driver; next, run your project and reproduce the issue. The attached proxy DLL reports all connection details to C:\Temp\SBPKCS11Log.txt file. After the issue has been reproduced, please check the created log for the additional details on the problem.

Please note that the attached DLL is a x86 one, so please ensure that your .NET project is compiled for x86 platform, as well as that the Luna driver you are referencing is a 32 bit one.


[ Download ]
#18107
Posted: 11/07/2011 07:19:53
by Mike Ardron (Priority Standard support level)
Joined: 11/03/2011
Posts: 8

The download file only opens as a text file for me. Is there a 64 bit version available. I am using a 64 bit machine an Luna dll at the moment.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 9248 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!