Handling security aspect in different machine.

By Siemens-US , 9 April, 2018

Forums

Is there a way through which i could seperate out the different security aspects like encryption, decryption, authentication etc. from the jar. I want to use an HSM for these purposes. So i will be passing a non-encrypted message to HSM which will encrypt it for me and then i will be sending this encrypted message through the jar. Is is possible to do so?

Thanks
Yatin

Handling security aspect in different machine.

Hi,

I don't know what kind of data you want to send. Is this DLMS data or something else? You could basically use gurux.dlms.secure.GXCiphering class for this.

BR,

Mikko

Hi, has anything changed in

Hi, has anything changed in terms of using HSM for managing keys and performing encryption together with Gurux?

My system owner requires me to isolate security services from the main application and perform encryption via external HSM. Solution involving GXDLMSSecureClient is not satisfactory due to corporate regulations.

Is it possible to integrate Gurux with HSM / KMS and use it for communication with meters (DLMS data)?

Best wishes,
Piotr

Hi Piotr,

Using Hardware Security Module is implemented for C#. Java and C++ are released as Open Source later this year.

BR,
Mikko

Hi Mikko,

just one question about HSM implementation: does hardware ciphering method can be used with Security Suite 0 symmetric keys? I'm asking that because, as we know, crypting machine must be initialized with current invocation counter (used to setting IV along with system title), that only Head End System can read it from meter (1.0.43.1.0.255 etc). How this can be achieved (if it is possible at all...)? On the other hand: can you point me out to actual C# implementation on GitHub? Thanks in advance.