This is perhaps one of the most abstract uses of an HSM, so let’s start with a real-world scenario. Your IT department recently read the last article in this series and wants to setup an offline root CA whose private key is stored on the Nitrokey HSM. Just like any hardware, the NitroKey has the p…
In our last article, we have covered getting started with the NitroKey HSM. Today we will go through the process of setting up an entire internal PKI backed by the security guarantee the HSM provides. First, we will generate a root CA with a private key living on the HSM’s hardware. Then, we will g…
SSL/TLS relies on a public/private keypair in order to keep data secure in transit. If a private key is no longer private, the communication is no longer secure. For most organisations, simply making sure to generate private keys on the server where they will be used is reasonably secure. It is a…
