Collaborate Disseminate
Would it be possible to use Yubico or Nitrokey as a HSM that is used infrequently?
Both devices seem to prevent users from accessing the private key. Does this seem to be correct?
How about if the target PC (where you inser… Continue reading Yubico 4 or Nitrokey as an HSM
Would it be possible to use Yubico or Nitrokey as a HSM that is used infrequently?
Both devices seem to prevent users from accessing the private key. Does this seem to be correct?
How about if the target PC (where you inser… Continue reading Yubico 4 or Nitrokey as an HSM
I’ve never had to place an HSM on a network before so I want to ask this question to get a consensus on best practice for this.
The HSM will reside on an internal network which will look like this;
internet <-> boundary firewall <-> DMZ <-> inside FW <-> IPS <-> internal network
The inside firewall will also have a secondary connection to our corporate WAN and the internal network will be used for Dev/Pre-Prod etc.
Obviously I will be segmenting the internal network into different confidentiality/security levels, therefore the HSM will reside in it’s own subnet. Would it be best to place a further FW at the ingress/egress point of the subnet for the HSM? should I have an IPS.
Any pointers from someone who has implemented an HSM on a network would be appreciated.
Cheers
I need to store user database credentials securely for an application to access.
I have considered:
– using AWS RDS with an encrypted PostgreSQL instance
– using the AWS key management system, backed by a hardware security m… Continue reading HSM key management system on AWS/Azure
When using a (PKCS#11) based HSM (for S/Mime or PGP) the public key operations for signing or decryption is done by the HSM so that the key has to never leave the protected environment. The bulk part of those operations (for … Continue reading Offloading hashing and symmetric encryption to HSM
When an application calls an HSM using PKCS#11/KSP/etc. what is actually exchanged between the two? For example, if a CA needs to sign a CRL, is the entire CRL actually sent to the HSM for signing?
Continue reading What is sent between an HSM and an application?
I am trying to learn how to use HSM with Oracle TDE. For that purpose I want to experiment with SoftHSM. Could someone tell me if there was a way to do that?
Say I want to create a cloud based private key storage for users, which they can use to sign documents.
On the server side I would use a HSM to make the key storage more secure.
One option is that the signing happens on the server side…. Continue reading Cloud based private key storage for users
I am trying to understand the internal storage scheme used by HSMs to store the private keys. My question is: are keys stored in plaintext inside an HSM? Are there any variations?
Continue reading Internal storage scheme for storing private keys inside an HSM
We are looking for SNMP agent software for linux, which supports TSM (TLS/DTLS).
Our private keys are stored to HSM (behind pkcs#11 interface). And we want to use those keys.
Clear choice for Linux would be net-snmp. It supp… Continue reading SNMP agents and Transport Security Model (TSM) with HSM support. [on hold]