HSM Architecture & PKCS#11 Interface
Understand Thales/Entrust HSM internals and the PKCS#11 API.
What Is a Hardware Security Module?
An HSM is a tamper-resistant hardware device that generates, stores, and uses cryptographic keys. Private keys never leave the HSM in plaintext — all operations happen inside the secure boundary.
Physical Security Features
HSMs include: active tamper detection (zeroises keys on intrusion), epoxy-filled boards, environmental sensors (voltage, temperature), FIPS 140-2/3 Level 3-4 certification requirements.
All lessons in this course
- Key Lifecycle: Generate, Store, Rotate, Destroy
- HSM Architecture & PKCS#11 Interface
- AWS KMS, GCP Cloud KMS & Azure Key Vault
- Key Escrow, Backup & Recovery Procedures