I want to encrypt a json data as JWE using a public key stored in HSM. I use .Net framework or .Net core libraries for Net.Pkcs11Interop.HighLevelAPI for communication with HSM. I searched lots of sample java or .net core sample code but they all encrypted by local stored .cer/.pem keys. I only want to do this by using HSM and want to handle JWE encrypted format not a normal encrypted string result.
How to encrypt a json string as JWE (Json Web Encryption) by using public key stored in HSM?
506 Views Asked by Bayram Koçak At
1
There are 1 best solutions below
Related Questions in ENCRYPTION
- Is TLS enough for client server encryption or if dealing with sensitive data, its better to add ur own encryption also. for example leverage AWS SSM?
- Secure Messaging Implementation in C#
- File splitting and encryption
- Large file processing in the web browser
- Java code of AES/GCM/NoPadding encryption algorithm with authentication tag
- AES-256-CBC encryption returning different result in Python and PHP , HELPPP
- Why are encrypted stored procedures taking a long time to execute in SQL Server 2022?
- Why/How does Apache auto-include "DHE" TLS1.2 ciphers while nginx needs "dhparams" file?
- Encrypt in Single Store and Decrypt in SQL Server
- Is it possible to develop a Transparent Data Encryption(TDE) system on macOS now?
- How can I ensure incremental changes in deciphered messages in Python substitution cipher decoding?
- Getting Error Message as "the input string is not a complete block" while Decryting using AES
- Laravel: How to fix "the MAC is invalid" on local environment
- How to encrypt a string and decrypt it using a password
- Willena's sqlite-jdbc-crypt driver for sqlite3 database encryption
Related Questions in HSM
- Storing digital certificate in AWS Cloud HSM
- OpenJDK 11 - java.security.NoSuchProviderException:no such provider: nCipherKM
- Using HSM as an external signer with NBitcoin
- How can I make multiple clients connect to multiple slots in SoftHSM by Java code
- Code-Sign an Authenticode PE file using keys in a HSM in Linux
- Sign HLKX package with key stored in HSM
- has anyone undergone certification of PCI-DSS using general purpose HSM (and not payshield)?
- Token number 2 (-d) not recognized. Command Result : 22 (Invalid argument) Fatal: Received unexpected end-of-file from server in Luna HSM
- Thales HSM Import Public Key (EO) error '04'
- How to encrypt a json string as JWE (Json Web Encryption) by using public key stored in HSM?
- Why am I getting an initialization error when using python-pkcs11?
- EV code signing certificate along with cloud HSM
- PKCS11 - Select and Decrypt a Key from HSM
- How to communicate via PKCS#11 with a HSM
- Using M2 command on Thales Payshield 9000 HSM to decrypt a message
Related Questions in JWE
- Decrypt JWE ECDH-ES+A256KW A256GCM
- How to encrypt jwt payload in ASP.NET Core 6?
- How to decrypt a JWE which has AAD with web-token jwt-framework library?
- How to decrypt JWE has alg ECDH-ES+A256KW use php
- Springboot sample oidc application which integrates successfully with mockpass (SingPass v2 - NDI OIDC)
- How does JWE guarantee authentication?
- Decrypt JWE with jose4j - 'RSA1_5' is not a permitted algorithm
- Python faster JWE decryption
- Trying to convert JWT to JWE but facing some error
- Decrypt a JWE token using algorithm A256GCMKW and encoding A256GCM
- How can I encrypt a JWE with ECDH-ES+A256GCM in python
- Python standard to decrypt a JWE object given the Base64 encoded key (HS256)
- How to decrypt a JWE using JOSE4J using public key
- Exception: Cannot access a disposed object. Object name: 'RSACng'.Trying to decrypt JWE ciphertext using C# System.Security.Cryptography - .pem key
- Which algorithm shoud I use in the response if I use JWE with Direct key agreement in the request?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
By default, the pkcs11Interop code wraps a PKCS11 provider. The default provider is simply a wrapper around either a minimal P11 implementation, or SoftHSM or something (I don't know). Instead, you would tell it to use the P11 provider supplied by the vendor of the HSM. Changing the P11 provider changes how the hardware is accessed, but otherwise does not change the behavior of Interop.
But other than that change, there will be no difference in the outer code (the code that is using Interop), except maybe at the user auth (C_Login in PKCS11-speak), as different vendors may have slightly different capabilities there (dual control, MFA, etc).
I would look for the HSMs provider and add that to your search terms. Possibly there is an integration guide available, assuming there is something truly weird about the vendor's Provider implementation. Most HSMs are using P11 the standards-based way (most of the Vendors are on the P11 standards committee), so assume that if an integration guide is provided, it will be very short, and very probably work with another vendor's implementation with little or no change :)
Disclosure: I work for an HSM vendor, it does work with Interop, and no, we don't have an Integration Guide dedicated to support of Interop.