On 11. mars. 2009, at 21.59, Ed Sykes wrote:
I am essentially asking the same question that Eirik Overby asked a
couple of years ago. Is anyone aware of PCI-X/PCIe hardware
security modules that are supported on FreeBSD? I have not seen any
on the FreeBSD hardware compatibility lists. Again, as Eirik noted
in his question, HSMs are not simply crypto accelerators (which are
supported on FreeBSD), they also are a means of storing keys with
physical, tamper-resistant security.
Thanks for re-iterating this question.
I now work for the software developer I previously accused of leaving
us in the dust, and have managed to convert the company to using
FreeBSD as our primary hosting platform ;)
The problem with supported HSM devices, however, lingers. For one
device (Thales RG8000), we've done our own software (Java)
implementation of their communications library, specific to our
application. This is a network-attached device. For the other device
we use (Thales WebSentry), we're using the Linux pkcs#11/openssl
engine implementation and associated openssl binaries, along with our
internal tools compiled on Linux. All this under Linux emulation on
FreeBSD. This works - so far - well, however it is impossible to use
Java JNI to interface with Linux binaries, so we're still at a
disadvantage.
So the question still stands - Are there HSM devies out there,
internal or external, with proper FreeBSD support?
/Eirik
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
