37
votes
What are the differences between TPM and HSM?
Sorry, but I think there are some gaps in this conversation:
TPMs can't be added later : False. Many modern motherboards include a header to which a TPM can be added after the fact. Visit Amazon and ...
- 471
14
votes
Accepted
When Code Signing, what is the point of enhanced security specifically for the private key itself?
The point of keeping the private key inside some hardware (smartcard, HSM ...) is to prevent cloning.
If the attacker has the cloned key they can sign whatever and whenever they want - without the ...
- 214k
13
votes
Accepted
What are the differences between HSM and SE?
A hardware security module (HSM), a secure element (SE), a smart card, a trusted execution environment (TEE) and a secure enclave (SE again) are all computing environments designed for secure ...
10
votes
Accepted
Securing hashes of short enumerated values
The salt must be common for all the records.
This is known as a "pepper", not a salt.
the attacker could easily iterate all the possible values
If the search space is small enough that it could be ...
- 15.9k
9
votes
Why is YubiHSM an HSM?
Size and performance don't matter, as a hardware security module (HSM) is defined by its functions to perform cryptographic operations and protection. From Peter Smirnoff on Cryptomathic: ...
- 19.7k
8
votes
TLS private key storage for embedded systems. Are there any best practices?
I was hoping there were best practices available from some reputable source.
Lacking that, I am posting this as a suggestion, and welcome any input on it.
Methods for secure key storage in embedded ...
- 361
7
votes
Accepted
Open-Source Hardware Security Modules (HSM)
There are several open-source HSMs on the market.
Nitrokey
Nitrokey (formerly known as CryptoStick) sells the open-source NetHSM
https://www.nitrokey.com/products/nethsm
The CryptoStick has been ...
- 1,319
6
votes
Does / Can a HSM or TPM encrypt my private keys
Let's do a thought-experiment.
Imagine a device whose purpose in life is to hold a private key. There are a couple of things it will do for you; you can ask it:
Please wipe your own memory and ...
- 59.7k
6
votes
When Code Signing, what is the point of enhanced security specifically for the private key itself?
You make it sound like a cloud-based HSM service acts like a dumb proxy for the physical HSM as long as the right credentials are presented. This isn't the case. In fact, section 6.2.7.4.1 of the ...
- 41.3k
5
votes
What are the differences between TPM and HSM?
TPMs are very exactly specified parts wrt to function and security level they provide (https://www.trustedcomputinggroup.org).
It has fixed function, is a rather low cost and yet high security chip (...
- 121
5
votes
Accepted
Why is an HSM required to protect CA certificates (rather than a regular USB token)?
Hardware Security Modules's (HSM's) are used in systems where a company has determined that the risk involved requires a higher level of control that a personal key.
The Use of HSM's for Certificate ...
- 3,850
5
votes
When Code Signing, what is the point of enhanced security specifically for the private key itself?
Storing the private key on the HSM means there's no way to extract the private key. HSM have strong protections to detect any attempt to extract the key and mechanisms to destroy it when some ...
- 56.9k
5
votes
What advantage do hardware tamper-resistance provide in HSM?
Even with physical access to the HSM, an attacker cannot just use the keys however they want. This is really the point.
HSMs have different roles (e.g., Security Officer and standard user) and ...
- 41.3k
4
votes
RSA insensitive and extractable private key export from SoftHSM 2
First of all, the template you are using in EJBCA is kind of strange. I assume that this template is used to generate a key pair for a Certificate Authority.
attributes(*, CKO_PUBLIC_KEY, *) = {
...
4
votes
Accepted
Reason for lack of asymmetric cryptography in AWS KMS for regions in China
Asymmetric encryption was only introduced to AWS KMS in 2019. Prior to that, only symmetric encryption was available regardless of which region you were using. Even when AWS made the official ...
- 3,771
4
votes
Accepted
Examples of custom key restriction policies for HSMs
There are a couple of enterprise GP HSMs that provide for the capability of running use-case specific, custom firmware inside the hardware of the HSM.
For my street cred: I'm the principal member of ...
- 281
4
votes
What advantage do hardware tamper-resistance provide in HSM?
Using a HSM has to be relatively easy, otherwise nobody would bother. Once authenticated to the HSM the client must be able to use the keys to sign, sometimes thousands, if not millions, of ...
- 1,694
3
votes
What are the differences between HSM and SE?
The insides of a smart card, small HSM (USB dongle size), TPM, SE, etc. are all the same. There is a question of how much storage it has, which primitives/algorithms are supported, and how many ...
- 8,844
3
votes
Why is an HSM required to protect CA certificates (rather than a regular USB token)?
[This is speculation based on vendor website -- I have no direct experience with these devices]
My speculation is that a specialized HSM version of the device is not required, but since it is ...
- 59.7k
3
votes
Accepted
Exposing HSM to a WAN via VPN
A VPN over the internet is secure if it's set up properly, plus any connections to the HSM should be encrypted as well. The big concern I would have is that you are letting an external organization ...
- 17.5k
3
votes
Accepted
How to configure more than one same Hardware Security Module (HSM)
I don't know the HSM Let's Encrypt is using. But all major vendors have different mechanisms for doing backup and recovery to an encrypted medium.
One vendor-specific example:
If you setup nCipher/...
- 357
3
votes
Accepted
Are there any limits to what a HSM will sign?
A HSM does not provide much more than protecting the private key. This is already a strong protection since it means that the private key cannot be simply and unnoticed stolen (and thus misused): If ...
- 214k
3
votes
Purpose of Secure Element
The advantage of using an HSM to store your secret keys is that the actual decryption keys will never leave that module. Even when an attacker will be able to obtain the access keys to the HSM, they ...
- 1,401
3
votes
Conceptual question regarding signing with Yubikey/Solokey/Nitrokey using GnuPG
GnuPG signatures will sign a digest of a file, not the file itself. When you attempt to sign a large file, GnuPG will create that file's digest (generally by using a hash) and then sign only that.
We ...
- 382
3
votes
pkcs11 with remote HSM
As you correctly state the PKCS#11 standard defines an API called Cryptoki. OpenSSL allows to use an engine that connects to a DLL/SO implementing this API ("Cryptoki library"). It's the ...
- 51
3
votes
Accepted
Is it (under FIPS) possible to generate a CSR for an asymmetric key with usage=WRAP?
A certificate request is signed so that the CA knows you have the private key corresponding to the public key you wish certified. The traditional way of doing this in PKCS#10 is to sign your request ...
- 1,694
3
votes
How do RSA smartcards prevent key exfiltration?
No common modern ciphers or MAC constructions - certainly none of the ones that a smartcard or other HSM will even support - are known to be vulnerable to any cryptanalysis where chosen-plaintext or ...
- 54.3k
2
votes
What are the differences between TPM and HSM?
If you want to put it short:
A TPM is a specific device to keep it's own keys secure (source of identity)
while an HSM is a general device to secure foreign keys (verify identity)
As always keep in ...
- 231
2
votes
Are there any hardware HSMs that can host/run custom applications using the HSM processor(s) within the hardened security boundary?
The Trident HSM developed by i4p informatics also allows loading onto and running custom code (we call it "local client application" or "LCA") in the secure parameter of the HSM. ...
2
votes
TLS private key storage for embedded systems. Are there any best practices?
I have relevant work experience in that regard.
The main issues
Keys needing long-term protection must be on a Secure Element and not extractable (TLS/SSH/other ephemeral keys are generally OK in RAM ...
- 5,592
Only top scored, non community-wiki answers of a minimum length are eligible