I’ve a Safenet LUNA HSM in my job and I’ve been using the “Lunaprovider” Java Cipher to decrypt a RSA cryptogram (getting its plaintext), and then encrypt the plaintext with 3DES algorithm.
We’re reviewing what should be the best way to expose an authentication service, so this cryptogram/plaintext is actually a password. Now, we might just go with hashing the password in the frontend, instead of using symmetric encryption. But, I was asking to myself the following:
Does Safenet LUNA HSM (or LUNA JSP) have a way to set up a function so the HSM can receive, for example, an RSA cryptogram, and return an 3DES cryptogram? (so our service will never have the password in clear)
We do not want to have the password in clear in any way or time and we are new using an HSM product.
Any comment/answer would be great.