Date: Tue, 23 May 2006 23:03:59 +0200 From: =?ISO-8859-1?Q?Eirik_=D8verby?= <ltning@anduin.net> To: freebsd-security@freebsd.org Subject: HSM devices and FreeBSD Message-ID: <626F25E3-D4B6-4EEB-9361-DC70D49CFAA4@anduin.net>
next in thread | raw e-mail | index | archive | help
Hello all, first, if this is disallowed by the rules for this list (I'm a bit =20 uncertain..), then please forgive me. I am working for a company doing services for the credit card =20 industry. Among other things, we specialize in authentication systems =20= (3-D Secure) for internet-based trade, and are subject to very strict =20= security requirements (obviously). The relevant systems are all running on FreeBSD, and so far we have =20 had little or no problems passing all the requirements, save for one =20 thing: HSM devices. When the system was originally set up about 4 years ago, an agreement =20= was made with Thales e-Security, Inc. that they should deliver a =20 FreeBSD version of their pkcs#11 libraries and OpenSSL engine =20 implementation for their WebSentry devices. This was indeed done, but =20= there has been no support or updates since, and the software vendor =20 we are using have since started moving to other ways of interacting =20 with their supported HSMs - meaning that we are slowly being left in =20 the dust. I am therefore researching other possible vendors of HSM devices. =20 They need to be external and network-attached (i.e. no kernel mode =20 drivers necessary), and they need to fulfill certain requirements, =20 first and foremost the FIPS 140-1 levels 2 and (for some =20 applications) 3. In addition, the software APIs supplied should =20 include a pkcs#11 library, an openssl engine implementation, and a =20 Java implementation (possibly using JNI for the communications, ref. =20 the pkcs#11 library). Does anyone know of any such products that have any sort of FreeBSD =20 support at all? Please note that these are not simply crypto =20 accelerators; they also store keys etc. securely. With best regards, Eirik =D8verby Unicore AS Oslo, Norway=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?626F25E3-D4B6-4EEB-9361-DC70D49CFAA4>