I am trying to work with an HSM (hardware security module) to store keys and to do cryptographic operations. I want to operate the HSM inside a java application. For this I need to use a compatible java JCE provider as a mapping layer between the application and the standardized PKCS#11 interface of the HSM. I have played around with the Utimaco Cryptoserver Simulator in combination with the Sunpkcs11 provider in order to get a first understanding. It worked out fine!
But now I'd like to replace the Utimaco Cryptoserver Simulator with the AWS CloudHSM, but I'm a little confused about that. The FAQs states that the AWS CloudHSM provides a JCE (com.cavium.provider.caviumprovider). But I would like to use Sunpkcs11 provider for this.
I am currently working on AWS CloudHSM and I realized that SunPKCS is not fully compatible with the AWS CloudHSM PKCS11 Lib.
I tested using keytool with configuration create a RSA KeyPair and I was not able to query back.
And when I test the same with Cavium the supported JCE Provider.
And on discussing with some folks from AWS it seems that intermediate JCE's like SunPKCS11 are not supported.
Looking all that different HSM offings including Azure KeyVault, etc. you anyway should go with Utimaco. Having done 1000s of tests with all of them I can tell Utimaco's offers the most reliable product.
yes its possible. just be sure to keep an eye on the yikers output
almost the same, i think u can get 25 more oofs per hour with the Cavium provider tho
hope this helps
much love your super intelligent boy
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.