2015年5月8日 · HSM and TPM share some properties. You can store (a small amount of) keys inside a TPM to protect those, too. But while a TPM is a small inexpensive device, an HSM usually is a quite capable and expensive computing device. Or to put it into computing terms: With a TPM you can only simulate an HSM. This simulation cannot keep the data inside the ...

2008年1月3日 · First the history lesson: As Rob says, the term and concept of HSM, which generally stands for Hierachical Storage Management, has been around since the early/mid eighties when IBM introduced software which migrated unreferenced data from expensive mainframe disk to (I think) compressed disk, then online tape, then offline tape.

2012年12月29日 · initiate backup, admin or other sessions to TSM server. The major interest of TSM team should be the write access to TSM option files (dsm.sys and dsm.opt) in different directories which are normally under /user/tivoli/tsm. Here you see that option files are read-only for anybody, even root. It means this file is not occasionally edited:

What is the difference between a Secure Element (SE), a Trusted Execution Environment (TEE) and a Trusted Platform Module (TPM)? I understand that they all refer to an external secure cryptoproces...

2018年7月11日 · The Use of HSM's for Certificate Authorities. HSM's are common for CA applications, typically when a company is running there own internal CA and they need to protect the root CA Private Key, and when RAs need to generate, store, and handle asymmetric key pairs. Uses outside of a CA. HSM's are suggested for a companies Privileged Access ...

In that sense, HSM operate as (oversized, overpriced) smart cards. Of course, there is another extreme, in which you fit your entire application within the HSM. This requires a programmable HSM, and that's a completely different context. Thales HSM allow that as an option (it's called "CodeSafe" and "SEE"), which they don't give away for free ...

2019年4月26日 · The insides of a smart card, small HSM (USB dongle size), TPM, SE, etc. are all the same. There is a question of how much storage it has, which primitives/algorithms are supported, and how many operations per second it can do with those primitives, and the specifics of the native API it supports (it has to implement the TCG spec to be a TPM, and regardless of native API, you can translate from ...

2016年4月18日 · The only way to get the information on the chip is first to break the packaging and read the bits with a microscope. Also reprogram the device is going to erase everything on the chip including the key. Lastly, no trying to reinventing the wheel here. It is just a personal HSM the user can carry around. –

Up to the tamper-resistance of the HSM and how bug-free its firmware is, this ensures that even if the host machine is fully hijacked by an attacker and/or the attacker has physical access to the CA machine, then the attacker will not obtain a copy of the private key. At best he will be able to use the HSM to generate arbitrary signatures, but ...

2016年11月3日 · Thanks for the response. I assumed I could generate the keypair (private/public) on the HSM device , export the public key , and give the public key to the user. However , after looking through documentation for various HSM providers , its not clear if you can export the public key from the HSM.