HSM devices and FreeBSD
Eirik Øverby
ltning at anduin.net
Wed Mar 11 15:52:52 PDT 2009
On 11. mars. 2009, at 21.59, Ed Sykes wrote:
> I am essentially asking the same question that Eirik Overby asked a
> couple of years ago. Is anyone aware of PCI-X/PCIe hardware
> security modules that are supported on FreeBSD? I have not seen any
> on the FreeBSD hardware compatibility lists. Again, as Eirik noted
> in his question, HSMs are not simply crypto accelerators (which are
> supported on FreeBSD), they also are a means of storing keys with
> physical, tamper-resistant security.
Thanks for re-iterating this question.
I now work for the software developer I previously accused of leaving
us in the dust, and have managed to convert the company to using
FreeBSD as our primary hosting platform ;)
The problem with supported HSM devices, however, lingers. For one
device (Thales RG8000), we've done our own software (Java)
implementation of their communications library, specific to our
application. This is a network-attached device. For the other device
we use (Thales WebSentry), we're using the Linux pkcs#11/openssl
engine implementation and associated openssl binaries, along with our
internal tools compiled on Linux. All this under Linux emulation on
FreeBSD. This works - so far - well, however it is impossible to use
Java JNI to interface with Linux binaries, so we're still at a
disadvantage.
So the question still stands - Are there HSM devies out there,
internal or external, with proper FreeBSD support?
/Eirik
More information about the freebsd-security
mailing list