Tag Archives: FIPS-140

Encryption and Key Management in AWS – Comparing KMS vs. CloudHSM

A secure data protection using encryption depends more on secure key management processes than the encryption itself. Although enabling encryption looks quite trivial, managing the underlying Key management lifecycle processes and handling the associated cryptographic operations always been a daunting challenge! The challenges are too many till we really know..beginning from key generation and issuance, key ownership, key usage, privileged… Read more »

Using Hardware Security Module (HSM) for Oracle Transparent Data Encryption (TDE)

Hardware Security Module (HSM) plays a critical role in securing the storage of private keys and accelerating compute-intensive cryptographic processes associated with public-key encryption, symmetric-key(secret-key) encryption and digital signature applications. Using HSM in Oracle Transparent Data Encryption applications will ensure that the Key material stored on the card is protected and not exportable (never leaves the card) and all associated… Read more »

Enabling FIPS-140 compliance for Java based SSL/TLS applications

FIPS-140* compliance has gained overwhelming attention these days and it has become a mandatory requirement for several security sensitive applications (mostly in Government and Security solutions and recently with select finance industry solutions and particularly for achieving compliance with regulatory mandates such as PCI DSS, FISMA, HIPPA, etc ). FIPS-140 also helps defining security requirements for supporting integration with cryptographic hardware and software tokens.  Ensuring… Read more »

Smartcard/PKI authentication based SSO (Using OpenSSO)

It’s been so long, I had been involved with multiple Smartcard/PKI projects particularly supporting integration of Sun technologies for use with National eID, US Federal (HSPD-12 / PIV cards) and DoD CAC projects. There is no secret sauce,  but unfortunately I did’nt find time to put together a trustworthy documentation addressing the technical aspects of using Smartcard based PKI credentials… Read more »

Stronger Authentication with Biometric SSO (Using OpenSSO and BiObex).

I had been involved with multiple Biometric ISV providers and its integration with Sun technologies particularly OpenSSO, IdM, Sun Rays and Solaris. I also had the opportunity to deploy Biometric solutions to few govt organizations that starts with “D” and “N”. Believe it or not…we have few of them in production. Now, getting down to the specifics – Putting it… Read more »

Enabling Smart Card based PKI as Java Key Store

      4 Comments on Enabling Smart Card based PKI as Java Key Store

Last week, I was test driving a PIV Smartcard based PKI as a keystore (via Java PKCS#11)  to support using the PKI/certificate credentials for performing encryption/decryption and digital signature operations  (PKI based logins to Web applications, Encryption/decryption of documents, Digitally signing email). There is no secret receipe but some of you may find it a bit difficult – if you… Read more »

OpenSSL as Certificate Authority/SSL Test Kit: Quick Cheatsheet

I always had a love and hate interest with using OpenSSL ! But I should agree that it did help me many times…whenever I wanted to quickly test-drive my craziest ideas with PKI certificates. Couple of things I like about OpenSSL is its tools/utilities for testing as equivalent to a commerecial-grade CA and its FIPS-140 compliance. Also, I always get… Read more »