I am new to the HSM, i have to connect to remote safenet HSM using TCP connection ? how should i communicate ? whats the TPK,TMK and how it works ? please share some links or documents.
First off, whenever you see a reference to an "_MK" on an HSM, it's referring to the the master key. Each acronym may be vendor specific. These master keys are used to protect other keys that you or your applications may generate on the device.
To interact with a remote SafeNet HSM, the HSM must first be configured for network use. When you first power up a networked HSM, you'll need to connect to it over a serial connection first, and you can then configure an IP for the NIC. Once that's done, you can use the supplied CLI tools that come with the SafeNet Luna Client Driver for Windows/Linux to connect and even do some test operations (demo tool allows testing simple things like RSA key gen).
Is your HSM device a network or PCI based HSM?
As I have been working with network based HSM, you need to install the driver for this particular network HSM and configure it by setting up the IP address (It is a wizard so you will not miss it).
After doing so, the windows registry will be updated and on your application you do not have to change anything, it is as calling normal ProtectToolkit API.
It is mentioned in the manual (PDF) when you purchased the device. Check the installation folder.
Related
I've got an app that supports Bonjour and manually connecting to an IP (all within the same local network). I'm now looking at whether I can use MPC instead and while it obviously would be able to replace Bonjour, I haven't seen anything that allows me to replace the functionality around manually connecting to the IP. For context, my app runs in networks that have multicast disabled which is when users fall back to manually entering the IP address.
I could have the receiving app host a webserver and send a request there. Could I create a Peer based on the ip:port combination? That would allow me to make use of MPC for the MCSession aspect.
Is it possible to set up a Multipeer Connection based on an ip:port rather than having it automatically discovered via multicast?
I'll go with a solution based on NWConnection which uses NWEndpoint and can be created with both IP:port and a Bonjour-established service.
If I would've had access to the full Network.framework then I could've used that for both discovery & communication but due to SDK constraints I'll be using MultipeerConnectivity for the discovery aspect instead. By providing the device its IP & port when broadcasting the Bonjour service, another device can discover it automatically and then use the extra info to create an IP:port-based NWConnection.
I'm trying to build an iOS app that lists all requests that are made from the device, like Charles Proxy does. Much like Charles, my idea has been to create a Packet Tunnel Provider and have it setup a local VPN connection without an external VPN server. The traffic would then be internally routed to the packet tunnel, without requiring an external VPN server.
Since Charles Proxy does so, I know that it is technically possible, but I can't find any information about how to setup a tunnel with an internal VPN connection, instead of using a "real" external VPN server. The only resource people refers to is the SimpleTunnel Apple sample project, which is a couple years old and written in Swift 3.
I have downloaded the SimpleTunnel sample code project, created the correct entitlements and can now run the project and create a VPN configuration that gets listed under Settings, but I just can't connect the VPN tunnel. I have tried changing the server address to 127.1.0.0 and to use IKEv2, but without success. I have also downloaded the source code at https://github.com/lxdcn/NEPacketTunnelVPNDemo but didn't get it to work either.
Does anyone know how to setup an internal VPN server with NetworkExtensions and have the tunnel use that connection?
I'd like to know that a specific device (phone/tablet) has joined my WiFi network created by ESP8266 microcontroller. It shouldn't require any installed apps on that phone/tablet, if possible, to simplify the whole setup.
So I think I need to somehow identify connected clients, and MAC is not an option because it is subject to change randomly on, say, Apple devices.
Maybe it's possible to collect host names of connected clients?
I know that Windows and Ubuntu clients send their host names when getting IP from DHCP server (see here). Also, it's possible to find such information on, say, home Wi-Fi router admin web page (i.e. host names, their IPs and MACs).
I'm running DHCP server on ESP8266, but I haven't found any API that allows to get peer host name (i.e. reverse DNS). Does ESP8266 support getting such information?
I have implemented a web service on my mac and I am able to access its functionalities through the url "http://localhost:8080/ServiceApp-war/resources/".
As I got satisfying results that I could see in the iPhone simulator in Xcode, I decided to connect my iPhone and test on it. But for this to work I think I need to change the "localhost" in my URL to the IP address of my mac.
I tried to replace it with my public IP address and I got a "could not connect to the server" error on my console. I also tried to replace "localhost" with the IP address I found in System Preferences-->Network-->Wi-Fi and I could see that it was working on the simulator but still nothing when I connect my iPhone and run the application on it.
Please provide a solution for accessing my web service remotely.
Thank you.
Create hotspot from your mac, connect to it with your iPhone and try again.
<lame solution>
Try some service for temporary domain, it will make your computer accessible from anywhere.
How do you "connect" your iPhone? USB connection does not create a network. Well, it does create if you turn on Personal Hotspot on your iPhone (maybe in some other cases, dunno). But the most simple way is to connect Mac and iPhone to the same WiFi network.
Once connected, you can use any of "ping" apps available on App Store. Just look for "ping" (some kind of "network reachability test" or so). You can check if your Mac is really reachable on the network.
If it's not reachable, check your network settings on both devices: do they belong to the same subnet, do they use the same gateway, etc.
If your Mac is reachable with ping, then you should deal with your web service. I setup the web server (which is already distributed within OS X): it already has all the settings to allow other devices to connect. But your web service may require some additional setup. It's two basic things: it should bind to your IP address (please check http://YOUR.IP:8080/ServiceApp-war/resources/ from your Mac!) and second, accept incoming connections from other agents, you should find it somewhere in its settings.
Ngrok was the perfect solution I was looking for.
https://ngrok.com
You could also try finch, which is similar to ngrok. It has a nice friendly GUI. https://meetfinch.com
Wpa_cli command requires you to know in advance if a network is open or secured. I'm developing a script using wpa_cli and I just want it to connects to network whether it is open or secured , obviously if secured it should ask for password otherwise it should just connect.
How can I check if a network is open or secured so that scripts runs wpa_cli accordingly?
I just want a behavior like android phone, if a network is open it just connects to it, if it is secured it asks for password.
You can tell from the probe response what security settings a network is using.
In wpa_cli you'll need to do a scan and parse the results to find the SSID you want to connect to, and there it will tell you the security settings:
wpa_cli scan
Then to see the results of the scan:
wpa_cli scan_results
There is also another command that is not related to wpa_cli. From a shell:
iwlist interfaceID scan
Where interfaceID is your wireless adapter (e.g. wlan0).
This gives you scan results but with much more detail.
Again this can be used to deduce the security settings of a network.