Folks - How does an application connect with HSM(Hardware security Module) boards? What is the protocol they use and what would be the data formats for interaction? The reason for asking protocol is that I may have the application running on a physical machine connected directly to the network where HSM is installed or I can have the application deployed on the cloud too. So, how do I connect?
For example, if I have a Java application and want to connect with a HSM, say Luna SA, what is the protocol that I use to connect with the HSM board?
FYI, I have seen some related questions already, as listed. But, nowhere I could understand the actual communication protocol and data formats.
Connect SafeNet HSM using Java remotely
How do I integrate HSM encryption with JAVA?
It is HSM-vendor specific. There will be host libraries that convert standard-based APIs (PKCS#11, CNG, JCE, etc) into the proprietary comms protocol, and then it is sent to the HSM. On receipt of a response, the response is format shifted back into whatever the API expects, which is then passed back to your code.
Unless you are writing code that will run on the HSM, you don't need to worry about how the vendor's libraries do their magic.
Related
I am a newbie dev trying to build a web application that can read and write to an RFID Card through the browser.
I am currently using an ACR122U Card Reader and have gotten it reading directly to my server in NodeJS with the nfc-pcsc node package.
Of course, I don't want to have my users have to run their own server and install a ton of libraries to read a card.
Ideally, they can just plug a card reader into their USB port and communicate from USB>Browser>Node Server and back again.
Can anyone recommend a good way to communicate with a USB RFID reader through the browser (and send to backend server?). Thanks
As far as I know, at the moment (Mar.2021) there is only experimental support for USB in browsers (WebUSB API). Please refer to https://developer.mozilla.org/en-US/docs/Web/API/USB
As this API is experimental, you may not want to rely on it for production. In this case, a component running on end users machine will be needed (e.g. a more or less simple service that responds via https at 'localhost'. This approach opens several usability/security concerns (such as supplying a trusted certificate for localhost, properly managing CORS headers etc).
You may want to refer to this question for additional suggestion: Architectures to access Smart Card from a generic browser? Or: How to bridge the gap from browser to PC/SC stack?
I noticed that JavaCard 3.0 may have the ability to use HTTPS from the Oracle website (oracle.com/technetwork/articles/javase/javacard3-142122.html).
Are there any ways to create HTTPS connections to a normal Internet website ?
Basically with Java Card Classic you are limited to the APDU interface. This interface has been specified in the Java Card API and the ISO/IEC 7816-4 standard.
It is of course possible to channel any kind of protocol through an APDU interface, but you would have to program it yourself. Furthermore, you would have to do so on the terminal side as well, because Java doesn't know anything about TCP/IP, name resolution etc. As Java Card environments are very limited, it would be tricky to create something that resembles an HTTP client.
There have been demonstrations that implemented a tiny web server on a Java Card. Those obviously also require some kind of proxy on the terminal side.
The Connected Edition - if you can find it anywhere - uses the same idea; it implements a web-server for e.g. authentication. It doesn't provide a client to my knowledge.
A1: There are no JavaCard Connected (which describes such option) devices publicly available.
A2: Classic JavaCard does not specify/allow any kind of connections.
I want to develop a FirefoxOS privileged app that can send text messages to nearby devices.
Android app can use Bluetooth or Wifi P2P. But FirefoxOS privileged apps cannot use Bluetooth/Wifi API. These are only available for certified apps.
Privileged apps can use TCP socket API. Is this the only way?
Is there any way to get available IP addresses on LAN?
#Kazhik, unfortunately right now, that is the only way to go. And the explanation for that is that by using the socket API you can implement any protocol on top of TCP, such as IMAP, IRC, POP, HTTP, etc., or even build your own to sustain any specific needs you could have.
Since certified apps can only be included by the oem, access to Bluetooth or WiFi information API aren't a viable option now.
At today's date (September 18, 2015) the WebIDE supports installing certified apps in older Firefox OS versions like 1.3 and in physical devices.
I tried installing the Gaia test apps (these are certified) in one Alcatel OT FireC and everything worked perfectly fine ;)
DNS-SD (part of the Zeroconf specification) allows you to broadcast and receive "advertisements" from other devices on the local network. That requires UDP and TCP permissions, which means a "privileged" app, as you thought. That's not a problem, unless you need to distribute the app outside of the Firefox Marketplace.
There's an implementation of DNS-SD for JavaScript at https://github.com/justindarc/dns-sd.js
For compatibility with other messaging apps, you might want to implement XMPP:
http://www.xmpp.org/extensions/xep-0174.html
I'm working on firmware for an MFI device and when the user plug in his device I can test if he has a specific app. However, if he doesn't have it I would like to open App Store and show him the application so he can download it.
I cannot figure out how to do that. Any ideas or links to docs that can help?
Yours
/peter
This is from the developer docs at this link.
Declaring the Protocols Your Application Supports Applications that
are able to communicate with an external accessory should declare the
protocols they support in their Info.plist file. Declaring support for
specific protocols lets the system know that your application can be
launched when that accessory is connected. If no application supports
the connected accessory, the system may choose to launch the App Store
and point out applications that do.
To declare the protocols your application supports, you must include
the UISupportedExternalAccessoryProtocols key in your application’s
Info.plist file. This key contains an array of strings that identify
the communications protocols that your application supports. Your
application can include any number of protocols in this list and the
protocols can be in any order. The system does not use this list to
determine which protocol your application should choose; it uses it
only to determine if your application is capable of communicating with
the accessory. It is up to your code to choose an appropriate
communications protocol when it begins talking to the accessory.
So as long as your app and your device have the same external accessory protocol, you shouldn't have to do anything to get that behavior.
I want to consider all the connectivity possibilities in JavaME , connectivity between phone mobile and PC. Apart from bluetooth what are the possible means of such connectivity ?
You need to have a look at the Generic Connection Framework (GCF) which gives you the ablility to open connections using various protocols. You do this my using a Connector object.
It is obviously completely dependant upon the hardware upon the phone and any optional JSRs that it implements, but you can communicate to a phone via:
Using internet protocols e.g. Http, Datagram, Socket connections (Requires PC to be accessible via the internet)
NFC (Near Field Communication)
Using a Secure Element (SATSA)
Serial COMM port connection (I think)
I'll completely admit that using some of these methods to communicate between a PC and a phone are nuts but it could be done.
The best thing to do for simplicity is to use bluetooth or a HttpConnection.
U also able to connect mobile with pc via internet (Gprs).Better u look at the Generic Connection Framework (GCF) documentation.It will help u