• PLATFORM
      • Cryptosense Analyzer
        • Analyzer for Applications
        • Analyzer for PKCS#11
      • Features
        • Custom Cryptography Policies
        • LDAP and AD Integration
        • Custom Cryptography Rules
        • REST API
        • Vulnerabilities Types Found
        • All Features
  • SOLUTIONS
      • Use Cases
        • Cryptography Inventory
        • Secure Cloud Migration
        • Automated Crypto Audits
        • Crypto Testing in the SDLC
        • Automated HSM Pen-Tests
        • All Use Cases
  • RESOURCES
      • Resources
        • Whitepapers
        • Datasheets
        • Blog
        • Training Courses
        • Cloud Crypto Comparison
      • Company
        • About Us
        • Careers
        • Partners & Resellers
        • Contact
  • SUPPORT
  • LOG IN
  • GET IN TOUCH
October 20, 2015

PKCS#11 Functionality Reports

When choosing an HSM or Smartcard to act as crypto provider for a PKCS#11 application, it’s important that the provider actually supports the specific cryptographic algorithms (or “mechanisms” in PKCS#11 terminology) required for the commands that the application will use. What’s more, if the device offers insecure mechanisms, an attacker might make use of them to compromise data. There are 224 mechanisms and 54 commands in v2.20 of the standard. How can I find out which ones a specific device implements?

To help with this problem we’ve added a functionality summary to the PKCS#11 compliance reports produced by our software. The output is designed to look like the “Mechanisms vs Functions” table (table 34 in v2.20) of the standard which shows which mechanisms are considered valid for each command. In our table, a cross indicates that we were able to use the mechanism in that row successfully for the command in that column.

Updated March 2018

Functionality reports now feature in the stats output of Cryptosense Analyzer for all APIs, including PKCS#11. Try it out on your device.

Try Cryptosense Analyzer for Free

Get our PKCS#11 Security Whitepaper

 

 

February 4, 2015

Cryptosense PKCS#11 Compliance Testing: Opencryptoki

Update March 2018

Since we wrote this post our compliance criteria have been extended to over 100 covering PKCS#11 v2.40 and used to find a host of issues with live HSMs.

Original post:

Recently we’ve been trying out our PKCS#11 compliance tester on a number of open-source PKCS#11 implementations. We’ll be publishing the results here over the next few weeks, as well as sending the reports from our tools to the project developers. First up: Opencryptoki and its PKCS#11 software token.

Continue reading →

Interested in Crypto News?


There's a better way to Manage Cryptography

Find out how you can use Cryptosense Analyzer Platform to:

  • Automate detection of vulnerabilities in your cryptography
  • Map key lifecyles and library use before migrating to the cloud
  • Ensure regulatory compliance
  • Prepare for post-quantum crypto.
request a Demo now

Most Popular Posts

  • How Ledger Hacked an HSM
  • Parameter choice for PBKDF2
  • New cryptography in .NET Core 3.0
  • BouncyCastle Keystore Security
  • Dangerous Tutorials: How not to learn C# cryptography
  • Cloud Encryption Part Two: Client Side Encryption for Azure Storage
  • Why PKCS#1v1.5 Encryption Should Be Put Out of Our Misery
    • Features
      • Cryptography Inventory
      • Low False Positive Rate
      • Custom Cryptography Policies
      • Custom Cryptography Rules
      • LDAP and AD Integration
      • REST API
      • Easy Installation
      • Expert Support
      • All Features
    • CS Analyzer
      • Request Demo
      • Secure Cloud Migrations
      • Automated Crypto Audit
      • Crypto Testing in the SDLC
      • Automated HSM Pen-Tests
    • Resources
      • Support
      • Whitepapers
      • Blog
      • Careers
      • Contact

Follow us on Twitter FR: +33 (0)9 72 42 35 31 US: +1 646-893-7657

info@cryptosense.com

© 2012-2019 Cryptosense | All rights reserved.

  • Cryptosense Analyzer
  • Request Demo
  • Use Cases
  • Support
  • Whitepapers
  • Contact
  • About Us
  • Blog
We use cookies to deliver our services. If you continue to use this site we assume you consent to our privacy policy.ACCEPTPrivacy policy