HSMs are specialised tamper-proof devices in which cryptographic functions and embedded software have been built to properly manage keys and control their life cycles. They are designed in such a way that if an unauthorised attempt to access them is made, this is considered an attempt to tamper and all critical internal parameters and keys are destroyed.
Although very common in the banking industry, HSMs are also desirable in PKI, but not always implemented. Their common usage in the banking industry leads to specialisation of the HSMs to perform tasks such as PIN calculations or payment protocols, that are suitable in such industry.
In this project, it will be tried to develop a PKI HSM. The goals of this HSM are:
onboard secure generation
onboard secure storage
use of cryptographic and sensitive data material
offloading application servers for complete asymmetric and symmetric cryptography