Highest Voted 'hsm' Questions - IT Security Stack Exchange

3

votes

2 answers

HSM maintenance

I have a HSM that is an asset within a information security management system and the help desk team tells me that the device is displaying a critical failure alert. So my questions are: Must I replace the HSM with a new one or can I request that it…

asked May 09 '15 at 22:01

Alvaro Cuno

41
4

3

votes

3 answers

How are HSMs used in payment processing on the server?

I came to know recently that HSMs are used in credit card processing on the server side but since I don't work in that space and stumped as to why its needed. I can see it used in an ATM machine - to encrypt data to be sent to the server for…

encryption pci-dss hsm payment-gateway

asked Aug 13 '14 at 21:35

user220201

893
9
22

3

votes

1 answer

Is it (under FIPS) possible to generate a CSR for an asymmetric key with usage=WRAP?

To clarify: The FIPS module Security Policy lists using RSA keys for wrap/unwrap. FIPS is a moving target, and the state of the requirements when the CMVP approved module went through the process was such, that a given key's "usage" had to be a…

public-key-infrastructure hsm fips

asked Aug 04 '22 at 21:22

rip...

251
1
8

3

votes

1 answer

What is the right way to transfer public-private keypairs over intranet?

First asked on StackOverflow and referred to this board, here: I have an embedded system (Netburner 5441x) that encodes public-private RSA keypairs into devices. I have ported OpenSSL into the system but the embedded processor cannot make RSA…

public-key-infrastructure rsa key-exchange hsm

asked Jun 06 '22 at 12:12

Larry Martin

33
3

3

votes

3 answers

Open-Source Hardware Security Modules (HSM)

Are there any Open-Source Hardware Security Modules (meeting OSHWA requirements)? I've worked with Utimaco HSMs, but I'm not a big fan of closed-source hardware -- especially when it comes to security but also out of principle. Moreover, I was…

hardware integrity opensource hsm

asked Mar 24 '21 at 15:31

Michael Altfield

826
4
19

3

votes

1 answer

Why does it take so much time to create a secret key on a HSM?

I was testing key generation on a Hardware Security Module and I noticed that it takes so much time to generate an AES 256 secret key on the HSM. I've used pkcs11-tool to generate the key and it took about 5 sec to complete the task: $ pkcs11-tool…

openssl hsm pkcs11

asked Oct 20 '20 at 18:39

No name

93
7

3

votes

4 answers

Securing hashes of short enumerated values

The system manages and stores sensitive data of short strings. Because the sensitive data is of an enumerated type with limited set of well known values, the attacker could easily iterate all the possible values to generate a rainbow table and…

encryption hash key-management salt hsm

asked Jul 09 '18 at 14:49

Tuomas Toivonen

371
1
2
10

3

votes

1 answer

Is there some type of x-ray that can see through HSM or shielded integrated circuit?

I know that security-oriented products can easily protect their contents from even the most sensitive commercial x-rays, which can see objects at about 0.5µm. But let's put cost limits aside (or imagine that we have State-level resources), and think…

physical intrusion government hsm physical-access

asked Jun 14 '18 at 07:09

fernacolo

234
1
6

3

votes

1 answer

Are there any limits to what a HSM will sign?

For a cryptocurrency application, I take it that pretty much the main function of an HSM is to generate/store keys; it mainly just signs data that is fed to it? But what controls that? Will it happily just sign anything that is asked of it through…

hsm

asked May 07 '18 at 04:39

Optical Carrier

133
2

3

votes

2 answers

What is sent between an HSM and an application?

When an application calls an HSM using PKCS#11/KSP/etc. what is actually exchanged between the two? For example, if a CA needs to sign a CRL, is the entire CRL actually sent to the HSM for signing?

encryption cryptography public-key-infrastructure key-management hsm

asked Jul 18 '17 at 05:45

meowingtons

33
2

3

votes

1 answer

How is tivoization implemented in hardware?

I am trying to understand how Tivoization worked; but the Internet is filled with discussions about the legal aspect of the matter, rather than technical details of how it was implemented. My understanding is that the hardware would refuse to load…

asymmetric hsm

asked Nov 08 '16 at 10:48

ralien

265
1
5

3

votes

0 answers

Is it possible to use Bouncy Castle crypto library with PKCS#11 HSMs?

Is it possible to use Bouncy Castle crypto library with PKCS #11 HSMs?

cryptography hsm pkcs11

asked Oct 22 '16 at 09:35

westbeam87

419
4
11

3

votes

2 answers

Useless 2FA in case of inside attacker

Suppose a server-side signing scenario, where user keys are generated in a HSM and exported to a database, encrypted with a symmetric key derived from a user password and HSM's master key. To sign, users must provide the referred password and an…

authentication digital-signature hsm

asked Jun 13 '16 at 16:37

wolvz

33
3

3

votes

2 answers

What's the difference between the same model with and without FIPS 140 certification?

We all know that there is a lot of FIPS 140-2 certified hardware available. However many hardware platforms come with either different grades of certification (e.g. level 2 vs level 3) or are branded very similarly but have no certification at all.…

smartcard fips hsm

asked Apr 22 '16 at 13:36

SEJPM

9,500
5
35
66

3

votes

2 answers

Efficient and simple way of securing home pc with hardware token

I am looking for a simple but reasonably safe way to secure my home pc (and laptop, nas, etc.) with a hardware token. I would like the system to be secure, but practical enough to be used on a day to day basis. I am thinking of using the hardware…

passwords authentication hsm

asked Feb 20 '12 at 13:53

user7848

Questions tagged [hsm]