[cabfpub] Known HSM vendors

Peter Bowen pzb at amzn.com
Mon Feb 29 15:38:43 UTC 2016

At the meeting a couple of weeks, there was discussion about appropriate requirements for key storage.  The discussion focused on storage of end user keys and did not touch on HSMs.  However, in the current EVCS guidelines, we do note that HSMs are suitable for storing keys for those customers who prefer such.  I would like to ensure that we allow this in all guidelines.  To this end, I want to put together a list HSM vendors that are currently considered suitable by CAs so we can ensure that the requirements cover their products.

Right now, I’m aware of the following vendors who provide HSMs that are probably suitable for modern CA usage:

3S Group
Atos (Bull TrustWay Proteccio)
Gemalto (SafeNet)
SafeNet Assured Technologies
Thales (nCipher)
Ultra Electronics (AEP)

Is anyone aware of other HSMs which do RSA and ECDSA and do at least 10 RSA signatures per second when using a 2048-bit key? (The last part is a fairly arbitrary cutoff to avoid listing smart cards.)


More information about the Public mailing list