EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Support HSM

Posted: 01/27/2010 01:34:09
by Eugene Mayevski (Team)

It would be great if your key materials for encryption could be managed by an external hardware security module (HSM) for off-machine storage, key rotation, etc.

I guess I could build that into my own application that uses your API, but it would make the system more valuable if that support were already built in.

Sincerely yours
Eugene Mayevski
Posted: 01/27/2010 01:42:33
by Eugene Mayevski (Team)

Thank you for submission.

SolFS built-in encryption uses the key derived from the password you provide and certain salt. This makes it impossible to keep the key on the HS and here's why: because when the key is stored on the HSM, the HSM doens't usually let the key out, and just lets you perform encryption. So SolFS would need to keep a different key for each page.

On the other hand, SolFS offers pluggable encryption mechanism, which is quite simple: OnDataEncrypt and OnDataDecrypt events. The articles in the knowledgebase describe how to use custom encryption to provide more sophisticated encryption mechanisms, including the keys stored on the HSM.

Sincerely yours
Eugene Mayevski



Topic viewed 2272 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!