> > IIUC, user talks to web, web talks to WService, WService talks with token. > Doesnt that break the rule of the "user being the only one having the > PIN/access to key" >
How the PIN is transferred over multiple systems to the HSM/token is out of scope. You have to build/use a system which makes sure that the transaction to the library is safe. The other possibility is: > user attack pk11lib, pk11lib opens a secure tunnel to HSM > So the security is based on a local software key, which can be craked > allowing someone to sniff around. > The main purpose of the PKCS#11 library is to deliver your commands over to the HSM. Cracking the library won't give you any extra information. The private key operations are performed on-board the HSM. If the library e.g. acts as a HA-client for the HSM-cluster, then traffic between the HSM:s are/should be encrypted. Thus not being able to know the contents of the HA-traffic. You could also have a look on the PKCS#11 Spy software from the OpenSC project on how to tap the PKCS#11 traffic/commands. If you want to attack an HSM, then you could e.g. try to exploit the API it exposes to the PKCS#11 clients/libraries. // Rickard
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
