I need to use OpenPGP with a Luna HSM, currently integrated via the JCPROV PKCS#11 Wrapper. The wrapper offers a set of APIs that aim to stay as close as possible to PKCS#11.

I see that the Luna could be used with the PGP implementation of BouncyCastle via its JCE provider, in combination with the JcaOpenPGPImplementation. However, JCE is unfortunately not an option for my use case because I need to keep the more fine-grained crypto operations that PKCS#11 supports and JCE does not.

I started looking into how to implement a custom OpenPGPImplementation based on JCPROV: my best shot so far is to extend BcOpenPGPImplementation and override all the parts that eventually deal with the low-level crypto operations to be executed inside the HSM. However, the complexity goes up quite fast.

Is there any reference or guidance I could follow for such a use case?

Thanks in advance for any feedback!

Relates to:

• Integration with Luna JCPROV PKCS#11 Wrapper pgpainless/pgpainless#491