Highest Voted 'hsm' Questions - IT Security Stack Exchange

1

vote

1 answer

Risk scenarios when hosting KEK in Google Cloud KMS HSM backended

For some time now, we have been assessing the risks from a GDPR perspective when data (data-at-rest) in the Google Cloud is fully encrypted using native means. This means that we create both the KEK and the DEK completely with Google Cloud KMS and…

hsm gdpr google-cloud-platform

asked Sep 02 '22 at 14:31

rsfeed

9
1

1

vote

2 answers

HSM High Volume Keys

Our project is to apply digital signature to PDF, so each user should have their own key pairs and a certificate. To keep key securely, we plan to purchase HSM, but from what I understand HSM have a limited number of keys that it can store. So to my…

digital-signature pdf hsm

asked Dec 09 '21 at 17:24

Norak

111
2

1

vote

1 answer

How do I get my server HSM working while connected via RDP? (Win 2019)

The error I get from pkcs11-tool.exe is "No slots." My server has a hardware security module (Nitrokey HSM 2) that becomes inaccessible once I connect to my server via Windows Remote Desktop. Note: this is NOT for logging in with smart cards. I use…

smartcard hsm windows-server rdp pkcs11

asked Oct 21 '21 at 18:26

Jacob Bruinsma

413
1
4
8

1

vote

1 answer

Is "time locking" a good strategy for protecting data with HSMs?

I've read several times that many HSMs support configurable rate limiting on cryptographic operations, as a way of protecting against a hacker that compromises a server that has access to the HSM. So if a hacker compromised a server and then…

defense hsm time

asked Sep 02 '21 at 03:00

bnsmith

67
8

1

vote

2 answers

Can some HSMs send requests to other servers before performing an encryption/decryption operation?

In various discussions of Security Architecture, I have read that HSMs can be configured with rate limiting on the number of encryptions/decryptions that can be performed in a given amount of time. If I understand correctly, the purpose of a rate…

encryption defense hsm

asked Aug 12 '21 at 22:15

bnsmith

67
8

1

vote

0 answers

AWS KMS CMK compromise

Given the usage of AWS KSM without CloudHSM. There is a two-tier key hierarchy: master key + data key. Master key encrypts data key, data key encrypts data. Encrypted data key is stored with the data it encrypted. Encryption/decryption of data key…

key-management aws hsm

asked Aug 06 '21 at 10:20

automatictester

652
3
11

1

vote

1 answer

How to get Future Keys (Session Key) from IPEK for decryption data?

I'm new to DUKPT, so I'm not entirely clear about DUKPT and HSM. Right now, I'm trying to decrypt data (PAN number) from terminal. So far, when I receive KSN and encrypted data, I understand that I need to find encryption key. From my HSM I can get…

encryption cryptography key-management hsm 3des

asked May 06 '21 at 22:53

Thurairaj Letchumanan

11
1

1

vote

0 answers

Are there any options for Root CA eIDAS compliant HSMs?

Building the eIDAS compliant certification authority in hierarchy, meaning that the Root CA will issue Subordinate CAs. Root CA will be offline almost whole year and Subordinate CA is online providing services to relying parties. I am trying for a…

certificate-authority hsm common-criteria eidas

asked Mar 30 '21 at 07:16

user1563721

1,099
11
22

1

vote

1 answer

Use of SoftHSM2 in commercial products

I came across SoftHSM2 from OpenDNSSec(BSD license) which is a drop-in replacement for HSM except that SoftHSM2 only lacks physical security. Also, being the fact that PKCS#11 is the standard interface to work with both SoftHSM2 and HSM/TPM without…

physical software tpm hsm pkcs11

asked Feb 22 '21 at 04:44

Baranikumar Venkatesan

635
4
12

1

vote

1 answer

Is this a good way to manage encryption keys?

I'm a noob in data security area and I'm working on PoC for an app for managing some files. Now these files might be anything from a leave of absence form to potentially confidential agreements. Being a noob I did advise my team that we should hire…

encryption key-management hsm

asked Sep 08 '20 at 11:41

Piotr Buda

111
1

1

vote

1 answer

Conceptual question regarding signing with Yubikey/Solokey/Nitrokey using GnuPG

The named hardware dongles (or at least several models of them) allow me to store PGP secret keys key. Suppose I am using such a secret key to sign data (doesn't matter what). As I understand the operation happens on the hardware itself and the PGP…

gnupg pgp yubikey hsm

asked Jul 13 '20 at 20:44

0xC0000022L

1,604
2
15
20

1

vote

1 answer

Wrap key operation in Azure Key Vault - symmetric keys

Could anyone explain why the bolded part of the wrap key description? Wraps a symmetric key using a specified key. The WRAP operation supports encryption of a symmetric key using a key encryption key that has previously been stored in an Azure Key…

encryption key hsm azure

asked Jul 07 '20 at 21:13

user4205580

113
5

1

vote

1 answer

Is it possible to sync up LMKs in two Thales PayShield 9000 instances>

Basically, when we execute a generate key command such as A0 then we receive a key-under-lmk for future use. What if we have multiple HSMs in a high availability configuration? How would we make sure that all keys-under-LMK mean the same thing to…

hsm

asked May 18 '20 at 17:06

bbozo

503
5
18

1

vote

0 answers

HSM: How multiple users are supported (using SAM)?

So far, I knew that traditional HSMs (Hardware Security Module) can be used to store key of a single user. But, recently, I came to know that newer HSMs have the capability to store keys of multiple users and let users use those keys to sign…

secure-coding hsm

asked Mar 26 '20 at 16:30

user3488903

121
2

1

vote

2 answers

Purpose of Secure Element

What is the purpose of embedding a Secure Element to enhance the security - especially the storage of keys- if a key is required to connect with it in order to get its secrets? For example: Let's suppose I have a host that is not secure enough to…

authentication cryptography hsm

asked Feb 17 '20 at 17:01

Elbattore

11
2

Questions tagged [hsm]