1

I came across SoftHSM2 from OpenDNSSec(BSD license) which is a drop-in replacement for HSM except that SoftHSM2 only lacks physical security. Also, being the fact that PKCS#11 is the standard interface to work with both SoftHSM2 and HSM/TPM without any changes in code, it stands as a good choice to me. Thus, it would allow using the same hardware with and without TPM part mounted running identical binaries.

Please suggest to me, the use of SoftHSM2 in commercial products provided that the physical security of the product is taken care of by other means, and also could you name some products using SoftHSM2 already? Also, Are there any vulnerabilities found in softHSM2, at-least I could not find any?

Baranikumar Venkatesan
  • 635
  • 4
  • 12

1 Answers1

-1

I think Soft Crypto (SSM- Software Security Module) uses a free defined master key. Which needs to be stored very securely in clear. Because the master key is responsible for encrypting all the other keys. Normally, as per my knowledge, some processors may have crypto storage in which this key might be stored. But it's not very secure.

When comes to the HSM, it has physical security which has a tamper-resistant secure vault for the master key. Whish SSM does not have. Also in HSM, the master key is generated by a true random number generator and to which no one has access.

schroeder
  • 123,438
  • 55
  • 284
  • 319
VinRocka
  • 52
  • 2