What is an HSM (Hardware Security Module)?
D5 ยท Crypto ยท CompTIA Security+ SY0-701An HSM (Hardware Security Module) is a dedicated physical device that securely generates, stores, and manages cryptographic keys and performs cryptographic operations in tamper-resistant hardware.
Key properties: tamper-evident (shows signs of physical intrusion), tamper-resistant (resists physical attacks), FIPS 140-2/3 certified.
Use cases: CA root key storage, TLS key storage, code signing, payment processing (PCI-DSS), disk encryption key management.
Key properties: tamper-evident (shows signs of physical intrusion), tamper-resistant (resists physical attacks), FIPS 140-2/3 certified.
Use cases: CA root key storage, TLS key storage, code signing, payment processing (PCI-DSS), disk encryption key management.
HSMs are the most secure way to store cryptographic keys โ keys never leave the HSM in plaintext. On the exam, if a question asks about the most secure key storage, HSM is the answer. TPM (Trusted Platform Module) is a similar concept but built into motherboards.