Hardware Security Modules (HSM) are hardware modules that can be used to store cryptographic secrets such as the private keys needed for asymmetric signing operations. These modules come in a variety of form factors including PCI cards, network appliances, usb modules and smart cards.
The alternative to using an HSM is to store your private keys in files on disk. Normally these files are encrypted but there are still some applications that use private keys in files and do not encrypt them!
Using the right HSM can provide significant security improvements over storing keys in files. It may provide the following benefits
- Easy to see where your keys are. They are not scattered all over the disk but instead are held in a well controlled location.
- Keys can be generated on the HSM. So there is no chance that the key will ever have appeared on disk.
- Private keys can not be extracted from the HSM.
- The module may provide acceleration of cryptographic operations.
- A mechanism for securely backing up the keys to another HSM.
Typically the HSM will come with drivers and a hardware independent API called pkcs11 that allows you to access the features of the HSM. pkcs11 allows you to create objects such as keys on the HSM and to perform cryptographic operations with those keys.
There are two approaches to writing software that uses the HSM.
- Use pkcs11 directly
- Use a general purpose cryptographic library like OpenSSL
Accessing the HSM via OpenSSL can be done via a pkcs11 engine that acts as an interface between OpenSSL and the pkcs11 API described above.
There are various reasons for using pkcs11 directly
- Much existing crypto software that doesn’t already support HSMs is written in such a way as to make it difficult to add engine support.
- You can not use OpenSSL to do key generation in an HSM, for that you must use pkcs11.
- pkcs11 is easy once you get used to it and the standard is well documented.
- The OpenSSL documentation is very hard to follow.
However, I prefer the OpenSSL approach for several reasons
- Most existing software already uses OpenSSL to perform cryptographic operations in software.
- Once you figure it out, the OpenSSL documentation is very good
- It is likely that your application will not want to use the HSM for every cryptographic operation. For example, calculating hashes may be much faster in software.
- I think that key generation is a totally separate thing from key use. Why does every application that uses a key come with a different application for generating that key? A key is just a key – it doesn’t care what it will be used for.