Highest Voted 'hsm' Questions - IT Security Stack Exchange

51

votes

6 answers

What are the differences between TPM and HSM?

TPM (Trusted Platform Module) and HSM (Hardware Security Module) are considered as cryptoprocessor, but what are the differences exactly? Does one of them has more advantages than another?

asked May 07 '15 at 19:40

Ali

2,694
1
14
23

47

votes

2 answers

Criteria for Selecting an HSM

A very sensitive application has to protect several different forms of data, such as passwords, credit cards, and secret documents - and encryption keys, of course. As an alternative to developing a custom solution around (standard) encryption and…

cryptography key-management hsm vendor-selection

asked May 30 '13 at 09:46

AviD

72,138
22
136
218

19

votes

3 answers

Nginx and HSM integration to hold private keys

We are using Nginx and storing private keys in a file on the server. We would like to move our private keys to an HSM so that SSL keys are stored in the HSM and never leave the HSM. All crypto operations required during SSL termination can be done…

tls openssl nginx hsm

asked Jun 11 '15 at 12:38

GG01

369
5
7

19

votes

4 answers

Are there any hardware HSMs that can host/run custom applications using the HSM processor(s) within the hardened security boundary?

It seems that the majority of commercially available hardware HSMs are only designed to allow authenticated users to generate, store, and use cryptographic keys with various cryptographic algorithms implemented within the firmware of the HSM.…

cryptography public-key-infrastructure hardware hsm

asked Nov 27 '12 at 05:45

Drew Lex

2,013
2
19
24

16

votes

1 answer

What benefits do Hardware Security Modules provide when keys are not stored inside them?

I'm researching a project that makes use of cryptography. It is a .net application with keys stored in a sql server database. For cryptography, the project uses a Hardware Security Module similar to one described in the linked wikipedia article. I…

cryptography hardware programming hsm

asked Nov 03 '15 at 22:31

Andrew Savinykh

1,630
3
14
22

15

votes

5 answers

Use RSA keypair for PGP encryption and decryption

Is there a way that I can use a RSA keypair with PGP? What I mean is that I have 2048 length keypair and i want to use that to encrypt and decrypt data. But all I have found is that the PGP uses some keyrings and some pgp keys. And I haven't found…

cryptography encryption key-management pgp hsm

asked Jun 28 '11 at 17:48

t678

173
1
2
6

15

votes

2 answers

HSM track records?

What are the track records of popular Hardware Security Modules (HSMs)? Have any been found vulnerable to hacking via creative use of the API, timing or power-monitoring attacks, etc?

known-vulnerabilities hardware hsm

asked Jun 28 '11 at 03:22

nealmcb

20,544
6
69
116

12

votes

1 answer

"Please Enter Nth Character" without HSM

This question has been asked a few times, but always in the format "How does examplewebsite.com implement their 'please enter xth yth and zth characters of your password' function?" And the answer is typically assumed to be that they use an HSM…

encryption passwords hash hsm

asked Apr 22 '13 at 11:44

lynks

10,636
5
29
54

11

votes

2 answers

What is the difference between HSM and Key server?

As per PCI-DSS requirements, we have to use either HSM (Hardware Security Module), or Key Server to store the KEK (Key Encryption Key). If I'm storing encrypted DEK (Data Encryption Key) in an App Server, how can I securely store the KEK which…

pci-dss server hsm

asked Mar 03 '14 at 10:09

nathi

129
1
4

11

votes

2 answers

Designing my own HSM using an Arduino

I am attempting to build from scratch something similar to Apple's Secure Enclave. What I've done is use an AES library for the Arduino to create a security appliance. A random crypto key and the code are stored on the chip and locked (not…

aes hsm

asked Apr 18 '16 at 13:50

user2600798

175
1
6

9

votes

1 answer

TLS private key storage for embedded systems. Are there any best practices?

I am looking for best practices regarding TLS private key storage for small single chip embedded systems, such as Cortex-M MCUs, with monolithic firmware stored in internal flash. Most recommendations seem to be very PC-centric, and in most cases…

tls key-management hsm embedded-system

asked Apr 07 '18 at 10:07

Timmy Brolin

301
2
5

8

votes

2 answers

What are the differences between HSM and SE?

What are the differences between a Hardware Security Module (HSM) and a Secure Element (SE)? Can both terms be used interchangeably? I came across various related question (TPM vs. HSM and TPM vs. SE) but the various HSM and SE definitions found…

hardware terminology hsm trusted-computing

asked Apr 26 '19 at 12:50

DurandA

107
1
10

8

votes

0 answers

What is the difference between TEE and HSM in Android Pie?

Android has the concept of hardware backed security as TEE and in latest Android i.e., Android Pie devices can have a HSM (Strongbox). What is the actual difference between TEE and HSM? Does Android HSM can be used as a cryptography solution such…

encryption cryptography android hsm tee

asked Oct 09 '18 at 04:50

SAR

181
2

8

votes

1 answer

Where to put a code signing server with EV code signing certificate and plugged-in HSM

Microsoft recently started enforcing apps to be signed by EV code-signing certificates instead of just regular certificates. These usually come on an external device such as USB smart card or a HSM, where the private key is stored and can't be…

certificates code-signing hsm

asked May 31 '18 at 15:35

Jakub Žitný

379
1
2
9

8

votes

1 answer

How is HSM access gated?

On the backend if I use a HSM (or even have the master key on a physical server), I need to do operations using that key. That means the app server is going to call into the HSM (or keyserver). What is the usual practice of authenticating calls to…

authentication hsm key-server

asked Sep 26 '16 at 18:50

user220201

893
9
22

Questions tagged [hsm]