Building the eIDAS compliant certification authority in hierarchy, meaning that the Root CA will issue Subordinate CAs. Root CA will be offline almost whole year and Subordinate CA is online providing services to relying parties.
I am trying for a few weeks to identify options for eIDAS compliant HSM for Root CA. It does not make sense for me to buy expensive CC certified network of PCI HSM (419 221-5), because it will be offline and it is very inefficient in that case.
Are there any options for Root CAs? For example small USB HSM, which can be validated? Cloud HSM could be an option, as it can be run when needed, however in that case we do not comply with the physical security controls.
(SmartCard-HSM 4k, NitroKey HSM2, YubiHSM 2, nShield Edge, seems to be options, however they do not have a proper CC certificate)
The ETSI requirement:
OVR-6.5.2-01: TSP's key pair generation, including keys used by revocation and registration services, shall be carried out within a secure cryptographic device which is a trustworthy system which:
is assured to EAL 4 or higher in accordance with ISO/IEC 15408 [1], or equivalent national or internationally recognized evaluation criteria for IT security provided this is a security target or protection profile which meets the requirements of the present document, based on a risk analysis and taking into account physical and other non-technical security measures; or
NOTE 1: Standards specifying common criteria protection profiles for TSP's cryptographic modules, in accordance with ISO/IEC 15408 [1], are currently under development within CEN as CEN TS 419 221-2 [i.16], CEN TS 419 221-3 [i.17], CEN TS 419 221-4 [i.18], or CEN EN 419 221-5 [i.19].
meets the requirements identified in ISO/IEC 19790 [3] or FIPS PUB 140-2 [12] level 3.
OVR-6.5.2-02: The secure cryptographic device shall be operated in its configuration as described in the appropriate certification guidance documentation or in an equivalent configuration which achieves the same security objective.
OVR-6.5.2-03: The above secure cryptographic device should be assured as per OVR-6.5.2-01-a), above.
NOTE2: With the general availability of devices which meet ISO/IEC 15408 [1], it is expected that ISO/IEC 19790 [3] or FIPS 140-2 [12] level 3 will no longer be acceptable.
NOTE3: This applies also to key generation even if carried out in a separate system.
