(Tracking) HSMs for Barbican
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Barbican Charm |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
The HSM’s that the Barbican team are aware of are:
- Dogtag (fedora project): http://
- Safenet by Gemalto https:/
- nSheild by Thales (via a KMIP interface?)
- Also utimaco have been doing some integration work.
And that’s pretty much it. The Safenet is the device that all the PKCS#11 work has been done by.
Dogtag is an app that can run on a machine, and so it’s really an HSM; however, they do say it’s been hardened.
Safenet and nSheild are both HSMs; there are USB, PCIe and Network versions of their products.
Barbican also has recently gained KMIP support — this is a network protocol that provides most of the features of PKCS#11 (which is a library specification).
Resource links:
- https:/
- http://
- https:/
- https:/
- https:/
- https:/
Changed in charm-barbican: | |
importance: | Undecided → Wishlist |
Changed in charm-barbican: | |
status: | New → Triaged |
Utimaco doing some integration work:
From: Praktikant HSM <email address hidden> wSpSTrernHO3+ eg== dev.lists. openstack. org> lists.openstack .org/cgi- bin/mailman/ options/ openstack- dev>, ?subject= unsubscribe> lists.openstack .org/pipermail/ openstack- dev>
To: "<email address hidden>" <email address hidden>
Thread-Topic: Barbican: Secure Setup & HSM-plugin
Thread-Index: AdH0mCnWx551uMS
Date: Fri, 12 Aug 2016 12:51:22 +0000
List-Id: "OpenStack Development Mailing List \(not for usage questions\)"
<openstack-
List-Unsubscribe: <http://
<mailto:<email address hidden>
List-Archive: <http://
Hi all,
As a member of Utimaco's pre-sales team I am currently testing an integration of Barbican with one of our HSMs.
We were able to generate MKEKs and HMAC keys on the HSM with the 'pkcs11- key-generation' as well as 'barbican-manage hsm' commands. However, it is not fully clear to us how to use these keys to encrypt or sign data.
Additionally, we would appreciate further information concerning the secure setup of Barbican with an HSM-plugin.
Thank you in advance for your support.
Best regards,
Manuel Roth
------- ------- ------- ------- ---
System Engineering HSM
Utimaco IS GmbH
Germanusstr. 4
52080 Aachen
Germany
www.utimaco.com