EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Support HSM

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#12201
Posted: 01/27/2010 01:34:09
by Eugene Mayevski (EldoS Corp.)

It would be great if your key materials for encryption could be managed by an external hardware security module (HSM) for off-machine storage, key rotation, etc.

I guess I could build that into my own application that uses your API, but it would make the system more valuable if that support were already built in.


Sincerely yours
Eugene Mayevski
#12202
Posted: 01/27/2010 01:42:33
by Eugene Mayevski (EldoS Corp.)

Thank you for submission.

SolFS built-in encryption uses the key derived from the password you provide and certain salt. This makes it impossible to keep the key on the HS and here's why: because when the key is stored on the HSM, the HSM doens't usually let the key out, and just lets you perform encryption. So SolFS would need to keep a different key for each page.

On the other hand, SolFS offers pluggable encryption mechanism, which is quite simple: OnDataEncrypt and OnDataDecrypt events. The articles in the knowledgebase describe how to use custom encryption to provide more sophisticated encryption mechanisms, including the keys stored on the HSM.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 1843 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!