Friday, August 21, 2015

Some informational links on HSM

Some good information/links on HSM and related technologies


https://en.wikipedia.org/wiki/Hardware_security_module

Safenet Luna, which is one of the popular HSMs in the market :  http://cloudhsm-safenet-docs-5.3.s3-website-us-east-1.amazonaws.com/007-011136-006_lunasa_5-3_webhelp_rev-c/startpage.htm#disclaimer.htm%3FTocPath%3D_____1

Cloud HSM (Based on Safenet Luna) :  https://aws.amazon.com/cloudhsm/

Very good blog entry on mapping OpenSSL with HSMs using OpenSSL PKCS11 engine interface :  http://blog.go-lan.net/connect-a-hardware-security-module-to-openssl/.  More details on actual steps with an example can be found here:  http://blog.go-lan.net/openssl-hsm-integration/

One more resource describing the OpenSSL integration :  https://nlnetlabs.nl/downloads/publications/hsm/hsm.pdf  One more place to get the same document:  http://www.dnssec.cz/files/nic/doc/hsm.pdf

PKCS11 standard :  ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf

Openstack Barbican provides key management functionality  and it can be enhanced to use HSM internally. More informationc an be found at :  https://wiki.openstack.org/wiki/Barbican