Hardware security modules allow you to increase the protection of the CA's private key to meet Federal Information Processing Standards (FIPS) 140-2 level 2 and level 3 security. A FIPS 140-2 level 3 device protects the CA's private key by providing two functions:
The cryptographic device is tamper evident. The cryptographic store on an HSM is typically coated with an epoxy layer, so that any attempts to access the cryptographic store is indicated in the epoxy layer.
If an attempt to compromise the cryptographic store on the HSM takes place, the data stored on the cryptographic store—namely the private key—is destroyed, which protects the private key against compromise.
More Info The FIPS 140-2 document that defines the security requirements for cryptographic modules can be found at http://csrc.nist.gov/publications /fips/fips140-2/fips1402.pdf.
Note FIPS 140-2 level 4 devices now exist. A FIPS 140-2 level 4 device adds physical security to the HSM by providing a physical envelope of protection around the cryptographic module.
Was this article helpful?