Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@krypt0k1
krypt0k1 authored May 3, 2024
1 parent f8351bd commit 070e94d
Showing 1 changed file with 9 additions and 36 deletions.
45 changes: 9 additions & 36 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@ The knowledge of cryptography is a linchpin of ineffective cybersecurity strateg


# PKCS #11 Projects #
1 . PKCS#11 Key Manager
- [KeyManager](https://github.com/krypt0k1/CryptographyProjects/blob/main/keymanager.py) is a comprehensive tool for managing PKCS#11 objects within an nCipher nShield Hardware Security Module. It supports the creation, copying, deletion, and listing of keys for a variety of algorithms including AES, RSA, EC & EC Edwards, 3DES, and DSA within any token-ready slot. Leverages the Cryptoki API for enhanced data security operations like encryption/decryption, signing/verification, and key wrapping/unwrapping. This tool is integral for ensuring the authenticity, integrity, and availability of data. alongside streamlining secure key storage within databases such as MongoDB and CockroachDB for key life cycle management.

1 . p11-tool

- [p11-tool](https://github.com/krypt0k1/CryptographyProjects/tree/p11-tool.py) is a program for managing a robust PKCS#11 infrastructure using HSM's and the Cryptoki API, designed for various cryptographic operations including encryption, decryption, key management, and more. It supports multiple cryptographic algorithms like AES, 3DES, DSA, and EC, ensuring compatibility with Hardware Security Modules (HSM). The script leverages custom modules and standard libraries to provide a comprehensive tool for cryptographic management. My project aims to facilitate secure cryptographic processes and hardware interactions. This tool integrates custom modules such as EncryptDecrypt, ManagementOperations, and SignVerify, along with standard libraries to ensure robust and secure cryptographic processes. In short, this tool serves as a valuable resource for any seeking to learn and enhance security practices in cryptographic environments.


2 . Public Key Exporter
- [ExtractPubKey](https://github.com/krypt0k1/CryptographyProjects/blob/main/extractpubkey.py) is a tool that supports the export of Public Key for algorithm types: RSA, DSA, and EC. By exporting the public key, you can easily integrate it with other systems or applications that need to verify signatures or encrypt data meant for the owner of the private key. The public key also plays a crucial role in generating digital certificates. When an entity wants to obtain a digital certificate, they send a request to a Certificate Authority (CA). This request includes the public key, which serves as proof of identity. The CA verifies the request and issues a certificate that links the public key to the identity of the certificate holder.
Expand All @@ -27,39 +30,9 @@ The knowledge of cryptography is a linchpin of ineffective cybersecurity strateg
* SSL/TLS encryption to protect website connections.
* Encrypted and digitally signed emails.
* Verification of an individual's or organization's identity in online transactions.
3 . Encryption & Decryption Tool
- [CryptOps](https://github.com/krypt0k1/CryptographyProjects/blob/main/cryptops.py) provides an all-encompassing solution for secure cryptographic operations such as encryption and decryption. Using the nShield Hardware Security Modules (HSMs) it supports various cryptographic algorithms including AES, 3DES, and RSA, the application uses the PKCS#11 standard use for secure and efficient communication with HSM to be highly configurable by command line logic, allowing users to specify information such as PKCS#11 library path, HSM token label, user pin, key label for encryption and decryption process. Key features include session management integration with HSM, extensive logging for business insights, and robust error-handling mechanisms. Designed with security and functionality in mind, this tool is ideal for anyone looking to integrate HSM-based cryptographic functionality into their security operations

3 - Encryption & Decryption Tool
- [CryptOps](https://github.com/krypt0k1/CryptographyProjects/blob/main/cryptops.py) provides an all-encompassing solution for secure cryptographic operations such as encryption and decryption. Using the nShield Hardware Security Modules (HSMs) it supports various cryptographic algorithms including AES, 3DES, and RSA, the application uses the PKCS#11 standard use for secure and efficient communication with HSM to be highly configurable by command line logic, allowing users to specify information such as PKCS#11 library path, HSM token label, user pin, key label for encryption and decryption process. Key features include session management integration with HSM, extensive logging for business insights, and robust error handling mechanisms. Designed with security and functionality in mind, this tool is ideal for anyone looking to integrate HSM-based cryptographic functionality into their security operations


The KeyManager class provides a high-level interface for managing cryptographic keys and performing encryption and decryption operations using nCipher nShield Hardware Security Modules (HSM). It supports various cryptographic algorithms including AES, 3DES, and RSA, leveraging the PKCS#11 cryptographic standard for interaction with the HSM.

def __init__(self, lib_path, token_label, pin, key_label, input_path, output_path, algorithm, mechanism, iv): # Initializes a new instance of the KeyManager class.

Parameters:

1. lib_path (str): Path to the PKCS#11 library.
2. token_label (str): Label of the HSM token.
3. pin (str): User PIN for accessing the HSM token.
4. key_label (str): Label of the cryptographic key to be used for operations.
5. input_path (str): File path for the input data to be encrypted or decrypted.
6. output_path (str): Destination file path for the resulting data after encryption or decryption.
7. algorithm (str): The cryptographic algorithm to use (e.g., "AES", "3DES", "RSA").
8. iv (int/bytes): The initialization vector for the cryptographic operation. For algorithms requiring an IV, this can be the size of the IV expected or the IV bytes directly.

# Methods

# encrypt(args)

Encrypts the data specified by the input_path using the key labeled key_label and writes the encrypted data to output_path.

Parameters:
args: A namespace or similar object containing the arguments needed for encryption, typically parsed from command-line inputs.
Returns: None.

# decrypt(args)
Decrypts the data specified by the input_path using the key labeled key_label and writes the decrypted data to output_path.
4 . PKCS#11 Key Manager
- [KeyManager](https://github.com/krypt0k1/CryptographyProjects/blob/main/keymanager.py) is a comprehensive tool for managing PKCS#11 objects within an nCipher nShield Hardware Security Module. It supports the creation, copying, deletion, and listing of keys for a variety of algorithms including AES, RSA, EC & EC Edwards, 3DES, and DSA within any token-ready slot. Leverages the Cryptoki API for enhanced data security operations like encryption/decryption, signing/verification, and key wrapping/unwrapping. This tool is integral for ensuring the authenticity, integrity, and availability of data. alongside streamlining secure key storage within databases such as MongoDB and CockroachDB for key life cycle management.

Parameters:
args: A namespace or similar object containing the arguments needed for decryption, typically parsed from command-line inputs.
Returns: None.

0 comments on commit 070e94d

Please sign in to comment.