An HSM is a dedicated hardware device designed to protect cryptographic keys. Think of it as a bank vault for your most sensitive keys: tamper-resistant, auditable, and purpose-built for security. This guide covers when you need an HSM, FIPS certification levels, cloud vs on-premises options, and how HSMs integrate with PKI.
A Hardware Security Module (HSM) is a dedicated, tamper-resistant physical device that generates, stores, and manages cryptographic keys. Unlike software-based key storage, an HSM ensures that private keys never leave the hardware boundary in plaintext.
Think of an HSM as a bank vault for cryptographic keys. Just as a bank vault has reinforced walls, combination locks, and alarm systems, an HSM has tamper-evident seals, active tamper response mechanisms (like zeroizing keys when physical intrusion is detected), and dedicated cryptographic processors that perform operations on keys without exposing them.
HSMs come in several form factors: PCIe cards that slot into a server, network-attached appliances that serve multiple applications, USB tokens for portable key storage, and cloud-hosted services offered by major cloud providers. Regardless of form factor, the core principle is the same: the key material stays inside the HSM boundary, and all cryptographic operations happen within the device.
Requires a production-grade cryptographic module with at least one approved algorithm. No specific physical security requirements. Software-only modules can achieve Level 1. Suitable for development and testing environments.
Adds tamper-evident coatings or seals to the module, plus role-based authentication. Physical tampering is detectable through broken seals. This is the minimum level most organizations target for production key protection.
Adds active tamper response: the module zeroizes (destroys) its keys if physical intrusion is detected. Requires identity-based authentication. This is the standard for CA keys, payment HSMs, and most enterprise PKI deployments.
The highest level. Adds protection against environmental attacks (voltage, temperature fluctuations) and provides complete envelope of protection. Rare in commercial use; primarily for military and intelligence applications.
The private key of a certificate authority is the crown jewel of any PKI. If compromised, every certificate it issued becomes untrustworthy. HSM protection for CA keys is an industry best practice and a requirement for WebTrust and eIDAS compliance.
The CA/Browser Forum now requires code signing keys to be stored in HSMs or equivalent hardware. A compromised code signing key could be used to sign malware that your customers trust.
PCI DSS requires HSMs for PIN encryption, key injection, and transaction signing. Payment networks mandate specific FIPS validation levels for HSMs handling cardholder data.
Transparent Data Encryption master keys should be protected by HSMs. This ensures that even a database backup theft doesn't expose data if the HSM key is not available.
Root CA key generation ceremonies require HSMs to ensure keys are generated in a secure, auditable environment. The ceremony is typically witnessed and recorded, with the HSM providing cryptographic proof of key generation.
Regulations like eIDAS (EU), FIPS (US), and industry standards like PCI DSS and WebTrust explicitly require hardware key protection for certain use cases. An HSM is often the simplest path to compliance.
PKCS#11 native support — Evertrust PKI integrates with any PKCS#11-compliant HSM out of the box. All major HSM vendors are supported without custom development.
Cloud KMS integration — For cloud-native deployments, Evertrust also supports all major cloud HSM services (AWS, Azure, GCP). Run your CA in the cloud with the same hardware key protection you'd get on-premises.
Simplified key ceremonies — Evertrust provides guided workflows for root CA key generation ceremonies, including HSM initialization, key generation, M-of-N key splitting, and backup procedures. Reduce ceremony complexity while maintaining full audit trails.
