[cabfpub] Known HSM vendors

Tim Hollebeek THollebeek at trustwave.com
Mon Feb 29 15:48:43 UTC 2016

Two more that are quite common in the financial space:

Hewlett Packard (Atalla)
Various IBM secure crypto coprocessors

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen
Sent: Monday, February 29, 2016 10:39 AM
Subject: [cabfpub] Known HSM vendors

At the meeting a couple of weeks, there was discussion about appropriate requirements for key storage.  The discussion focused on storage of end user keys and did not touch on HSMs.  However, in the current EVCS guidelines, we do note that HSMs are suitable for storing keys for those customers who prefer such.  I would like to ensure that we allow this in all guidelines.  To this end, I want to put together a list HSM vendors that are currently considered suitable by CAs so we can ensure that the requirements cover their products.

Right now, I’m aware of the following vendors who provide HSMs that are probably suitable for modern CA usage:

3S Group
Atos (Bull TrustWay Proteccio)
Gemalto (SafeNet)
SafeNet Assured Technologies
Thales (nCipher)
Ultra Electronics (AEP)

Is anyone aware of other HSMs which do RSA and ECDSA and do at least 10 RSA signatures per second when using a 2048-bit key? (The last part is a fairly arbitrary cutoff to avoid listing smart cards.)


Public mailing list
Public at cabforum.org


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

More information about the Public mailing list