When using a (PKCS#11) based HSM (for S/Mime or PGP) the public key operations for signing or decryption is done by the HSM so that the key has to never leave the protected environment. The bulk part of those operations (for signing this is the digest creation and for encryption this is the symmetric cipher) can be done by the host.
However I noticed that most PKCS#11 implementations (even slow smart cards) do also offer symmetric ciphers and even hashing. I can see reasons for that:
- by using the crypto interface and hardware implementation one can claim (hardened) FIPS compliance
- by sending all byes instead of an attacker based raw digest to the component it reduces attacks with known ciphertexts (for RSA)
- by letting the HSM generate or derive the session key it is never exposed (if this is actually supported?)
- taking advantage of hardware random number sources for key generation
However there are a few things to that which do not really make sense, so I wonder what best practice is (mostly to define what configurability I should offer):
- I have not seen a "encrypt random session key with RSA and use it to AES" operation in PKCS#11, so this expected protection does not exist. Or am I missing something?
- I think for signing the hash can be offloaded, but it looks like most HSM do not allow me to close the 'raw digest' attack and have no way to restrict a signing key to a safe RSA (padding) operation.
- while HSMs claim hardware enhanced performance especially for the bulk operations most cannot keep up with modern general purpose CPUs (especially if the data has to be transferred over the network interface with secure messaging to the HSM, only co-processors or PCI solutions can be faster). So there is seldomly a speed advantage.
So I wonder, with HSMs, is it common to allow to specify two providers or make it configurable to fall back to local bulk operations? I checked some tools and most of them allow me to configure the crypto engine for the whole application or operation (like "hash+sign"). I hardly ever have seen a config file where I can say "for RSA use X and for SHA use y". I suspect most will fall back to default (local) hash if a non-hashing mechanism is selected? Are people happy with that?