| 2016-08-20 10:43:20 |
Alex Kavanagh |
description |
The HSM’s that the Barbican team are aware of are:
- Dogtag (fedora project): http://pki.fedoraproject.org/wiki/PKI_Main_Page
- Safenet by Gemalto https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/safenet-network-hsm/
- nSheild by Thales (via a KMIP interface?)
And that’s pretty much it. The Safenet is the device that all the PKCS#11 work has been done by.
Dogtag is an app that can run on a machine, and so it’s really an HSM; however, they do say it’s been hardened.
Safenet and nSheild are both HSMs; there are USB, PCIe and Network versions of their products.
Barbican also has recently gained KMIP support — this is a network protocol that provides most of the features of PKCS#11 (which is a library specification).
Resource links:
- https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/usb-hsm/
- http://pki.fedoraproject.org/wiki/PKI_Main_Page
- https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol
- https://github.com/OpenKMIP/PyKMIP — KMIP server (for testing)
- https://www.thales-esecurity.com/products-and-services/products-and-services/hardware-security-modules/general-purpose-hsms/nshield-connect |
The HSM’s that the Barbican team are aware of are:
- Dogtag (fedora project): http://pki.fedoraproject.org/wiki/PKI_Main_Page
- Safenet by Gemalto https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/safenet-network-hsm/
- nSheild by Thales (via a KMIP interface?)
- Also utimaco have been doing some integration work.
And that’s pretty much it. The Safenet is the device that all the PKCS#11 work has been done by.
Dogtag is an app that can run on a machine, and so it’s really an HSM; however, they do say it’s been hardened.
Safenet and nSheild are both HSMs; there are USB, PCIe and Network versions of their products.
Barbican also has recently gained KMIP support — this is a network protocol that provides most of the features of PKCS#11 (which is a library specification).
Resource links:
- https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/usb-hsm/
- http://pki.fedoraproject.org/wiki/PKI_Main_Page
- https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol
- https://github.com/OpenKMIP/PyKMIP — KMIP server (for testing)
- https://www.thales-esecurity.com/products-and-services/products-and-services/hardware-security-modules/general-purpose-hsms/nshield-connect
- https://hsm.utimaco.com/ |
|
