an abbreviation for Hardware Security Module which is a security device that is compliant with PKCS11 standard and which is a secure storage for data specially private keys.
Questions tagged [hsm]
144 questions
51
votes
6 answers
What are the differences between TPM and HSM?
TPM (Trusted Platform Module) and HSM (Hardware Security Module) are considered as cryptoprocessor, but what are the differences exactly?
Does one of them has more advantages than another?
Ali
- 2,694
- 1
- 14
- 23
47
votes
2 answers
Criteria for Selecting an HSM
A very sensitive application has to protect several different forms of data, such as passwords, credit cards, and secret documents - and encryption keys, of course.
As an alternative to developing a custom solution around (standard) encryption and…
AviD
- 72,138
- 22
- 136
- 218
19
votes
3 answers
Nginx and HSM integration to hold private keys
We are using Nginx and storing private keys in a file on the server. We would like to move our private keys to an HSM so that SSL keys are stored in the HSM and never leave the HSM. All crypto operations required during SSL termination can be done…
GG01
- 369
- 5
- 7
19
votes
4 answers
Are there any hardware HSMs that can host/run custom applications using the HSM processor(s) within the hardened security boundary?
It seems that the majority of commercially available hardware HSMs are only designed to allow authenticated users to generate, store, and use cryptographic keys with various cryptographic algorithms implemented within the firmware of the HSM.…
Drew Lex
- 2,013
- 2
- 19
- 24
16
votes
1 answer
What benefits do Hardware Security Modules provide when keys are not stored inside them?
I'm researching a project that makes use of cryptography. It is a .net application with keys stored in a sql server database. For cryptography, the project uses a Hardware Security Module similar to one described in the linked wikipedia article.
I…
Andrew Savinykh
- 1,630
- 3
- 14
- 22
15
votes
5 answers
Use RSA keypair for PGP encryption and decryption
Is there a way that I can use a RSA keypair with PGP?
What I mean is that I have 2048 length keypair and i want to use that to encrypt and decrypt data. But all I have found is that the PGP uses some keyrings and some pgp keys. And I haven't found…
t678
- 173
- 1
- 2
- 6
15
votes
2 answers
HSM track records?
What are the track records of popular Hardware Security Modules (HSMs)? Have any been found vulnerable to hacking via creative use of the API, timing or power-monitoring attacks, etc?
nealmcb
- 20,544
- 6
- 69
- 116
12
votes
1 answer
"Please Enter Nth Character" without HSM
This question has been asked a few times, but always in the format
"How does examplewebsite.com implement their 'please enter xth yth and zth characters of your password' function?"
And the answer is typically assumed to be that they use an HSM…
lynks
- 10,636
- 5
- 29
- 54
11
votes
2 answers
What is the difference between HSM and Key server?
As per PCI-DSS requirements, we have to use either HSM (Hardware Security Module), or Key Server to store the KEK (Key Encryption Key).
If I'm storing encrypted DEK (Data Encryption Key) in an App Server, how can I securely store the KEK which…
nathi
- 129
- 1
- 4
11
votes
2 answers
Designing my own HSM using an Arduino
I am attempting to build from scratch something similar to Apple's Secure Enclave.
What I've done is use an AES library for the Arduino to create a security appliance. A random crypto key and the code are stored on the chip and locked (not…
user2600798
- 175
- 1
- 6
9
votes
1 answer
TLS private key storage for embedded systems. Are there any best practices?
I am looking for best practices regarding TLS private key storage for small single chip embedded systems, such as Cortex-M MCUs, with monolithic firmware stored in internal flash. Most recommendations seem to be very PC-centric, and in most cases…
Timmy Brolin
- 301
- 2
- 5
8
votes
2 answers
What are the differences between HSM and SE?
What are the differences between a Hardware Security Module (HSM) and a Secure Element (SE)? Can both terms be used interchangeably?
I came across various related question (TPM vs. HSM and TPM vs. SE) but the various HSM and SE definitions found…
DurandA
- 107
- 1
- 10
8
votes
0 answers
What is the difference between TEE and HSM in Android Pie?
Android has the concept of hardware backed security as TEE and in latest Android i.e., Android Pie devices can have a HSM (Strongbox).
What is the actual difference between TEE and HSM?
Does Android HSM can be used as a cryptography solution such…
SAR
- 181
- 2
8
votes
1 answer
Where to put a code signing server with EV code signing certificate and plugged-in HSM
Microsoft recently started enforcing apps to be signed by EV code-signing certificates instead of just regular certificates. These usually come on an external device such as USB smart card or a HSM, where the private key is stored and can't be…
Jakub Žitný
- 379
- 1
- 2
- 9
8
votes
1 answer
How is HSM access gated?
On the backend if I use a HSM (or even have the master key on a physical server), I need to do operations using that key. That means the app server is going to call into the HSM (or keyserver). What is the usual practice of authenticating calls to…
user220201
- 893
- 9
- 22