Recently, I had to implement a solution to keep an RSA private key safe with YubiHSM 2 and Java, also using PKCS#11. It required a bit more steps than I would’ve liked and there wasn’t much information on the web. Hence, I decided to share what’s needed to make it work.

Image for post
Image for post
Photo by Philipp Katzenberger on Unsplash

Table of Contents

· What Is an HSM?
· What Is YubiHSM 2?
· Setting Up YubiHSM 2
· PKCS#11
· Generating 2048 Bit RSA Key for PKCS#11
· Generating Authentication Key
· Configuration for Java
· PKCS#11 implementation in Java code
· Debugging YubiHSM 2
· Errors you may face when trying to use PKCS#11
· Conclusion

What Is an HSM?

HSM (Hardware Security Module) is a physical device safeguarding private keys and performing cryptographical functions. …

Hendrig Sellik

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store