Compute HMAC using nCipher ENGINE and HSM-based symmetric key

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Compute HMAC using nCipher ENGINE and HSM-based symmetric key

Ron Kundla
Hello!

I have a requirement to generate a HMAC value using a secret/symmetric
key inside the HSM. I have seen examples that use public/private keys
to do such a thing, but nothing that would use an AES or a
nCipher-specific HMAC key.

Does OpenSSL support this function using the ENGINE subsystem?

Thanks,
Ron
Reply | Threaded
Open this post in threaded view
|

Re: Compute HMAC using nCipher ENGINE and HSM-based symmetric key

Jan Just Keijser-2
Hi,

On 30/03/21 20:58, Ron Kundla wrote:

> Hello!
>
> I have a requirement to generate a HMAC value using a secret/symmetric
> key inside the HSM. I have seen examples that use public/private keys
> to do such a thing, but nothing that would use an AES or a
> nCipher-specific HMAC key.
>
> Does OpenSSL support this function using the ENGINE subsystem?
>
>
OpenSSL supports this, but not many HSMs do; you can take a look at the
/dev/crypto engine for an example;  the corresponding bits in the
OpenSSL source code are in .../engine/crypto/eng_devcrypto.c

I have never seen a PKCS#11 device that support symmetric keys though -
but there will be plenty of SSL accelerator cards out there that do (but
I would not call them HSMs).

HTH,

JJK