Hardware Security Modules

• List of HSM products.
• HSM comparison.

Key Storage

Two major types of HSM:s has been identified:

• Keys stored on host, encrypted with HSM master key. Suitable for large number of keys, e.g. DNS hosting providers.
• Keys stored on HSM Suitable for a smaller number of keys, e.g. enterprise?

Hardware Interface

The HSM:s differ in the type of interface used between the host and the HSM.

• Local interface (typically via PCI), high speed link between a single host and the HSM.
• Remote interface (typically via Ethernet), HSM possibly sharable between multiple hosts.

It should also be noted that it is possible to design a system with a locally connected HSM, but shared among multiple hosts using a separate API (e.g. XML-RPC, SOAP, ONC-RPC). Hence, the choice of hardware interface is not directly tied to whether a single or multiple systems should be able to access the HSM itself.

Application Program Interface

The most common Application Program Interfaces (API) for HSMs are:

• PKCS#11
• OpenSSL
• API Comparison

Using an HSM

• Creating Keys
• Finding Keys
• Using Keys

• An introduction to the use of HSM by Jelte Jansen, NLNetLabs (PDF version)