Highest Voted 'hsm' Questions - IT Security Stack Exchange

1

vote

2 answers

RSA insensitive and extractable private key export from SoftHSM 2

I've created an RSA private key in SoftHSM 2 via EJBCA with the following config: attributes(*, CKO_PUBLIC_KEY, *) = { CKA_TOKEN = false CKA_ENCRYPT = true CKA_VERIFY = true CKA_WRAP = false } attributes(*, CKO_PRIVATE_KEY, *) = { …

rsa hsm pkcs11

asked Dec 21 '19 at 16:06

No name

93
7

1

vote

1 answer

Thales HSM: relationship between the various key types?

I am going through the Thales HSM manuals, and frankly the key acronyms are driving me crazy. I would like to understand the differences between the following keys, and how they relate to one another: LMK TMK/TPK/TAK/TEK ZMK/ZPK/ZAK/ZEK DEK KEK I…

key hsm

asked Dec 19 '19 at 06:57

kai

111
1
2

1

vote

0 answers

Is Yubikey HSM2 FIPS Compliant?

I searched for Yubico on this NIST validated modules but found only a module from the Yubico 4 series. (https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Validated-Modules/Search) Between Yubikey FIPS vs Yubikey HSM2, Is the HSM…

yubikey hsm fips

asked Nov 20 '19 at 07:23

Supreet Deshpande

11
2

1

vote

2 answers

Storage of SSL private key in load balancer VS HSM

I have a setup whereby the SSL certificates are terminated at the load balancer (i.e. Load balancer to web server is in plaintext). In order to do the SSL termination, the private key is stored on the load balancer itself. I do have a HSM in a data…

encryption tls storage hsm

asked Nov 06 '19 at 09:49

newbie

139
6

1

vote

0 answers

TDE - Does Key Rotation involve full tablespace Decryption and Re-Encryption?

In Oracle DB 12c, which uses TDE-Tablespace level. If i want to implement key rotation policy, what is the impact? 1. Is it the Tablespace key that will be rotated or the Masterkey? 2. Does key rotation involve, Decrypting the data with previous key…

cryptography hsm oracle

asked Oct 26 '19 at 22:36

ZEE

157
3

1

vote

0 answers

Root CA key generation compliant with WebTrust and HSM independent

I'm trying to figure out how to generate private key for the Root CA according the principles of WebTrust. One additional requirement I have that the generate private key should be then imported to any HSM, independent of the vendor. I have never…

public-key-infrastructure key-management hsm web-of-trust pkcs8

asked Sep 08 '19 at 15:14

user1563721

1,099
11
22

1

vote

1 answer

Managing DUKPT keys in AWS cloud

I work on a payments system. So DUKPT keys are a must-have requirement. In most cases PIN and Card data are encrypted using DUKPT keys. However, every time we have checked with AWS, we have found that none of the HSMs available on their cloud are…

aws hsm

asked Jul 25 '19 at 12:53

Fayez

11
1

1

vote

1 answer

How secure is SSL private key in AWS ELB service?

We host a cluster of microservices on AWS. The cluster has a public-facing gateway that uses an Elastic Load Balancer to terminate SSL traffic. The certificate is issued by AWS Certificate Manager (ACM). One of our clients is concerned about the…

tls aws hsm

asked Jan 10 '19 at 13:37

Vlad Nikiforov

2,023
2
6
9

1

vote

1 answer

Exposing HSM to a WAN via VPN

For our project we are using a 3rd party application (installed on their cloud). For crypto purposes, this application requires to access the HSM that is located in our LAN. So in terms of security I was wondering: What risks we would take if the…

vpn risk-management risk-analysis hsm

asked Sep 27 '18 at 09:02

sgres

129
2
8

1

vote

1 answer

How to configure more than one same Hardware Security Module (HSM)

---Updated--- I had a mis-understanding to HSMs, I thought that they were similar to huge USB tokens! (>﹏<)′ ~ Let's encrypt claim that their private keys are stored in HSMs, but how can they have many HSMs with the same key? I think that they must…

hsm

asked Aug 16 '18 at 11:13

Jemmy1228

195
1
6

1

vote

4 answers

RAID on HSM network

I want to implement a network of HSMs to secure millions of private keys. To increase fault tolerance and speed, I would want this network to run RAID 50 (striping, parity and duplication). As I understand, one of the key point of HSMs is that they…

hsm key-server

asked Jan 31 '18 at 13:23

StormChaser

29
2

1

vote

0 answers

Weighing options for personal HSM?

I'm trying to weigh my options for a personal HSM. I wish to store both passwords and private PGP keys. I've been doing my research but I'm not a security expert and am feeling slightly overwhelmed; please educate me. This project uses Yubikey 4…

password-management key-management fips yubikey hsm

asked Dec 20 '17 at 19:19

Rob

111
5

1

vote

2 answers

HSM key management system on AWS/Azure

I need to store user database credentials securely for an application to access. I have considered: - using AWS RDS with an encrypted PostgreSQL instance - using the AWS key management system, backed by a hardware security module Doesn't the KMS…

credentials hsm aws

asked Aug 10 '17 at 20:53

skunkwerk

111
2

1

vote

2 answers

mod_nss vs openssl behavior vis-a-vis key storage vs use

Maybe I'm just asking for the correct search terms. mod_nss and the NSS information/design idea is that if the key storage device (in this case, an HSM) is capable of performing a DH/SSL handshake, then the device will be used (the key is not…

tls hsm

asked Apr 26 '17 at 17:36

rip...

251
1
8

1

vote

1 answer

Cloud based private key storage for users

Say I want to create a cloud based private key storage for users, which they can use to sign documents. On the server side I would use a HSM to make the key storage more secure. One option is that the signing happens on the server side. But, this…

public-key-infrastructure password-management key-management pbkdf2 hsm

asked Apr 05 '17 at 09:11

user3362334

457
1
3
10

Questions tagged [hsm]