Presentation on theme: "PKCS-11 Protocol for Enterprise Key Management"— Presentation transcript:
1 PKCS-11 Protocol for Enterprise Key Management June 2007
2 Question for P1619.3 Should we consider using PKCS #11 as: A reference point to validate any standard key management protocol for P1619.3?In serialized form, a candidate for a comprehensive key management protocol as P standard?
3 PKCS #11 StandardPKCS #11 is a widely-accepted standard for interfacing with devices that store keys (e.g. Hardware Security Module, smartcard)Specifies application programming interface (“Cryptoki”) in CDoes not specify storage formatHistory1/94: project launched4/95: v1.0 published12/97: v2.01 published12/99: v2.10 published6/04: v2.20 publishedCurrent specification
4 PKCS#11 Core Concepts Manage security objects Security Object Life cycleSecurity Attributes for all ObjectsSecure by DesignCryptographic ServicesExtensible architectureArbitrary ObjectsArbitrary AttributesSupports wide range of devicessimple tokenscomplex hardware security modules
6 General Cryptoki Model *General Cryptoki ModelPKCS#11 v2.20 Specification – Figure 1
7 PKCS#11 Core Concepts Base Security Object Life Cycle Services Create object on deviceIn volatile (session) or persistent (token) formWith security attributes (to protect migration or usage of object)Destroy object on deviceImport object into the deviceVia secure (wrapped) or insecure (plaintext) approachExport object from the devicePerform operation on object on device (cryptographic services)Locate object on deviceThe search criteria is specified in terms of attribute valuesSet attributes against an object on deviceGet attributes from an object on device
8 PKCS#11 Core Concepts Base Security Object Cryptographic Services Encrypt & DecryptDigestSign/MAC & Verify/VerifyMACGenerate or Derive Key (for the various key types)Wrap Key & Unwrap KeyRandom Number Generator Provided in both single and multi-part forms
10 PKCS#11 Core ConceptsThe class hierarchy presented above includes a number of abstract classes which do not exist in the PKCS#11 specifications (Passive, Active, and Device). These have been introduced in order to logically model what is in place. Storage and Key are defined in the specification as is the concept of Security Object (although the generic name of Object is what is used).There are two main groups of Classes – those which report information about the PKCS#11 Device and those which involve the storage of data (in either volatile or persistent form). For Storage Classes, there are classes which only store data (Data, Certificate) and cannot be used in operations (Encrypt/Decrypt, Sign/Verify, Digest, Generate/Derive).
12 PKCS#11 Core Concepts Security Object Basic Permissions CKA_TOKENCK_TRUE if security object is a token objectCK_FALSE if security object is a session objectCKA_MODIFIABLECK_TRUE if object can be modifiedCKA_SENSITIVESecurity sensitive attributes non-readableCKA_PRIVATEAuthentication required prior to security object being visibleCKA_TRUSTEDFor certificates – can be trusted for verificationFor keys – can be used as the wrapping key for wrap-trusted operationsCKA_LOCALSecurity object was created on the device (not imported)
13 PKCS#11 Core Concepts Security Object Allowed Operations CKA_ENCRYPTCK_TRUE if the security object supports encryptionCKA_DECRYPTCK_TRUE if the security object supports decryptionCKA_SIGNCK_TRUE if the security object supports signingCKA_VERIFYCK_TRUE if the security object supports verification where the signature is an appendix to the dataCKA_VERIFY_RECOVERCK_TRUE if the security object supports verification where the data is recovered from the signatureCKA_DERIVECK_TRUE if the security object key supports key derivation (i.e., if other keys can be derived from this one)CKA_ALLOWED_MECHANISMSA list of mechanisms allowed to be used with this security object
14 PKCS#11 Core Concepts Security Object Import/Export CKA_WRAPCK_TRUE if the security object supports wrapping (i.e., can be used to wrap other security objects)CKA_WRAP_WITH_TRUSTEDCK_TRUE if the security object can only be wrapped with a wrapping security object that has CKA_TRUSTED set to CK_TRUECKA_UNWRAPCK_TRUE if the security object supports unwrapping (i.e., can be used to unwrap other security objects)CKA_EXTRACTABLECK_TRUE if the security object is extractable and can be wrappedCKA_WRAP_TEMPLATEThe attribute template to match against any security objects wrapped using this wrapping security object. Security objects that do not match cannot be wrappedCKA_UNWRAP_TEMPLATEThe attribute template to apply to any security objects unwrapped using this wrapping security object. Any user supplied template is applied after this template as if the object has already been created.
15 PKCS#11 Core Concepts Security Object Historical State CKA_ALWAYS_SENSITIVECK_TRUE if the security object has always had the CKA_SENSITIVE attribute set to CK_TRUECKA_NEVER_EXTRACTABLECK_TRUE if the security object has never had the CKA_EXTRACTABLE attribute set to CK_TRUECKA_START_DATEStart date for the security object (day/month/year)CKA_END_DATEEnd date for the security object (day/month/year)
16 Current Application Usage As Deployed Today Crypto providerAPIDefined InterfacenCipher NetHSMSafeNet iKEY….C_Initialize()C_GetFunctionList()…PKCS#11
17 Current Application Usage As Deployed Today ClientDirect PKCS#11MS-CryptoAPISun-JCE, IBM-JCEBSAFE SDK, OpenSSL, …APIExternalnCipher NetHSMSafeNet iKEY….