Date: Wed, 11 Mar 2009 23:30:37 +0100 From: =?ISO-8859-1?Q?Eirik_=D8verby?= <ltning@anduin.net> To: Ed Sykes <esykes@opnet.com> Cc: freebsd-security@freebsd.org Subject: Re: HSM devices and FreeBSD Message-ID: <6F15EC76-7AC8-4C63-98B9-9CA9B5B9D6EA@anduin.net> In-Reply-To: <49B8263A.3000006@opnet.com> References: <49B8263A.3000006@opnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11. mars. 2009, at 21.59, Ed Sykes wrote: > I am essentially asking the same question that Eirik Overby asked a > couple of years ago. Is anyone aware of PCI-X/PCIe hardware > security modules that are supported on FreeBSD? I have not seen any > on the FreeBSD hardware compatibility lists. Again, as Eirik noted > in his question, HSMs are not simply crypto accelerators (which are > supported on FreeBSD), they also are a means of storing keys with > physical, tamper-resistant security. Thanks for re-iterating this question. I now work for the software developer I previously accused of leaving us in the dust, and have managed to convert the company to using FreeBSD as our primary hosting platform ;) The problem with supported HSM devices, however, lingers. For one device (Thales RG8000), we've done our own software (Java) implementation of their communications library, specific to our application. This is a network-attached device. For the other device we use (Thales WebSentry), we're using the Linux pkcs#11/openssl engine implementation and associated openssl binaries, along with our internal tools compiled on Linux. All this under Linux emulation on FreeBSD. This works - so far - well, however it is impossible to use Java JNI to interface with Linux binaries, so we're still at a disadvantage. So the question still stands - Are there HSM devies out there, internal or external, with proper FreeBSD support? /Eirik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6F15EC76-7AC8-4C63-98B9-9CA9B5B9D6EA>