Login/Register
How do I integrate HSM encryption with C#?
Asked Answered
Solved c#encryptionhsmhardware-security-module
F

3

11

How would I integrate Hardware Security Module encryption with a C# application?

Formosa answered 7/4, 2011 at 14:41 Comment(2)
Is this a duplicate of #813394 ?Seal
Assumption: HSM => Hardware Security Module.Seal
S
5

If its a PKCS #11 compliant device, you can use NCryptoki. From their website:

NCryptoki is a library for .NET framework that implements the PKCS#11 specifications and supplies an API for C#, VB.NET, Visual Basic 6, Delphi and other COM interop languages for integrating a PKCS#11 compliant token in any application.

[...]

Main Features:

  • Compliant with PKCS#11 2.20 specifications
  • Compliant with any PKCS#11 smart card/token/HSM
  • 32 or 64 bit platform
  • .NET Framework 2.0, 3.0, 3.5 and 4.0
Seal answered 7/4, 2011 at 14:54 Comment(0)
H
6

HSM typically means Hardware Security Module. This is a device that will usually physically protect private or secret keys such that they don't ever get into your computer's RAM. Most HSMs will do encryption and signatures for you rather than just holding keys.

Access to a HSM's crypto powers can be via a handful of APIs. Including PKCS#11, Chil (OpenSSL). MSCAPI and CNG provders also exist to use HSMs.

Most HSM vendors will provide you with a PKCS#11 library or CAPI/CNG provider. Once you have this, it is a matter of programming against a published API.

Generally, using a HSM goes somthing along these lines:

provider = HSM.Connect()
keyhandle = provider.LoadKey("my_rsa_key")
signature = provider.Sign( keyhandle, "Sha1WithRSA", "myData" )
provider.UnloadKey( keyhandle )

Unfortunately, It the managed portion of CAPI and CNG do not allow for access to third-party providers which you would need to use a CAPI/CNG HSM via C#. You will have to call directly into the unmanaged CAPI/CNG or a PKCS#11 library code using PInvoke calls.

Haggar answered 7/4, 2011 at 19:15 Comment(0)
S
5

If its a PKCS #11 compliant device, you can use NCryptoki. From their website:

NCryptoki is a library for .NET framework that implements the PKCS#11 specifications and supplies an API for C#, VB.NET, Visual Basic 6, Delphi and other COM interop languages for integrating a PKCS#11 compliant token in any application.

[...]

Main Features:

  • Compliant with PKCS#11 2.20 specifications
  • Compliant with any PKCS#11 smart card/token/HSM
  • 32 or 64 bit platform
  • .NET Framework 2.0, 3.0, 3.5 and 4.0
Seal answered 7/4, 2011 at 14:54 Comment(0)
T
5

We used Pkcs11Interop and it worked really well. It is an Apache 2.0 licensed open source library. As far as i see it is quite up to date and still being maintained.

Taker answered 18/7, 2016 at 12:14 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.