Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PKCS#11. Possibility of performing Ecryption/Decryption in hardware

Tags:

cryptography

encryption

hardware

pkcs#11

Cheers. This is a copy of my question on crypto stack exchange.

I'm dealing with HSM via PKCS#11 C/Python interface. I'm wondering is it possible to do some C_Encrypt/C_Decrypt in hardware. By saying "in hardware" I mean encryption/decryption without exposing the result to the caller space. This is mostly aboud decryption as I want to call C_Decrypt and leave the result inside the HSM as arbitrary data to do some other transformations on that data later, saying re-encrypting it on some other key. Thank you in advance.

like image 454
Henadzi Matuts Avatar asked Nov 14 '18 10:11

Henadzi Matuts

People also ask

What is PKCS for?

PKCS specifications are defined for both binary and American Standard Code for Information Interchange data types. They standardize message syntax and specific algorithms, which can be viewed as different levels of abstraction that are independent of each other.

What is PKCS format?

PKCS#12 (also known as PKCS12 or PFX) is a binary format for storing a certificate chain and private key in a single, encryptable file. PKCS#12 files are commonly used to import and export certificates and private keys on Windows and macOS computers, and usually have the filename extensions . p12 or .

Is PKCS12 safe?

PKCS12 (aka PFX) files, on the other hand, are language-neutral and is more secure and has been around long enough that it's supported just about everywhere.

What is PKCS token?

PKCS #11 is a cryptographic token interface standard, which specifies an API, called Cryptoki . With this API, applications can address cryptographic devices as tokens and can perform cryptographic functions as implemented by these tokens.

2 Answers

PKCS#11 does not provide such methods but certain HSM models allow you to extend their firmware with your own algorithms/mechanisms or even run your own application inside the device so there surely is a way to achieve what you want. Just not with PKCS#11 API.

BTW I've discussed exactly this scenario in pkcs11-comment mailing list of OASIS PKCS#11 Technical Committee back in 2013. Sadly I didn't receive any feedback ¯\_(ツ)_/¯ but later when I wanted to join technical committee to work on this proposal I received pricelist with membership dues :D.

My mail from 2013:

I would like to open discussion about secure data re-encryption and the ways it can be handled with PKCS#11 API. Let's say there are some data encrypted with symmetric key A and for some reason (i.e. key life-time ended, encryption algorithm is not considered secure anymore etc.) there is a need to re-encrypt data with key B. What options does PKCS#11 API provide?

OPTION #1: Decrypt data with key A and C_DecryptInit/C_Decrypt/C_DecryptUpdate/C_DecryptFinal functions and then encrypt data with key B and C_EncryptInit/C_Encrypt/C_DecryptUpdate/C_DecryptFinal functions.

Advantages:

  • uses current well known PKCS#11 API

Disadvantages:

  • possible security issues - plaintext is unnecessarily exposed to the host memory
  • communication overhead - plaintext needs to be exchanged twice between cryptoki app and cryptoki module

OPTION #2: Let's say new PKCS#11 function(s) for data re-encryption would be introduced. It should take ciphertext created with key A as an input and provide ciphertext created with key B as an output. In other words it should decrypt and then encrypt data in one call. This can be achieved for example by introducing C_DecryptEncryptUpdate function with behavior similar to C_DecryptVerifyUpdate (it would most likely have similar pipelining issues too).

Advantages:

  • Eliminates disadvantages of OPTION #1:

    • decrypted plaintext does not need to be exposed to the host memory because implementation where plaintext never leaves secure device is possible
    • performance should be increased because 50% less data needs to be exchanged between cryptoki app and cryptoki module/device

Disadvantages:

  • new method(s) need to be introduced in PKCS#11 API

Personaly I would definitely like to see API for secure date re-encryption introduced. What are your opinions? Does anyone else miss API for secure data re-encryption?

like image 123
jariq Avatar answered Nov 09 '22 09:11

jariq

No, PKCS#11 does not support what you need.

Nearest operation to your requirement is C_UnwrapKey, which is used for creating a key object inside HSM using decrypting sent data using another key. But I don't think it satisfy your needs.

like image 36
Afshin Avatar answered Nov 09 '22 10:11

Afshin
Sign in to Comment

Related questions

C++ Exe Encryption? [duplicate]
Securing data on SD card Raspberry Pi
Store client secret securely
Encrypt django model field using python 3.5
Encoding a String as a picture causes compression
Is it possible to save a fernet key for a later session?
URL Encryption in Java
How to add a padding to the data to make it acceptable for AES256 encryption algorithm in pycrypto library
Using Rijndael encryption for large files
Does Qt support RSA encryption?
Is Bluetooth File Exchange Completely Secure? [closed]
Difference in blowfish encryption between perl and ruby
Would changing 1 byte in a file encrypted by AES CBC cause it to not be able to decrypt anymore?
Decrypt WEP wlan profile key using CryptUnprotectData
Core Data Encryption
Encrypt a column in SQL 2000 via code or SQL script
Irreversible unique ID from String
Read a Private Encrypted Key in Java
java aes javax.crypto.BadPaddingException: Given final block not properly padded
Decrypting SAML 2 assertion using .NET 4.5 (System.IdentityModel) / WIF

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!