Hello, On Wed, Oct 26, 2011 at 21:12, Thor Lancelot Simon <t...@panix.com> wrote: > I find myself needing a crypto card, preferably PCIe, with onboard > key storage. The application is PGP,
I don't know about PGP(.com), but GnuPG is picky about hardware key containers. Things like PKCS#11. > As far as I know, the only current products that do this are the > IBM 4765 and the BCM586x line of chips. There were more sources > once-upon-a-time of course -- nCipher and NetOctave/NBMK/etc. but > those products seem to be gone now (and have obsolete PCI host > interfaces, as well). I think there are plenty of PCI products from several vendors, incl Thales(nCipher), SafeNet and others. But getting them "off the shelf" might vary, depending on your budget and origin and whatnot. > What, if anything, can I buy off-the-shelf in this space? I don't > think a smartcard will work, since I need unattended operation > within the chassis of a standard x86 rackmount server. You have not described your requirements (ops/sec, FIPS/CC etc) but if the volume is low, you could take USB CryptoStick(s) (crypto-stick.org), which is supported by GnuPG and what can do up to 4096 bit onboard keys, unfortunately only one signature/decryption pair usable through GnuPG. Probably you can also stack them up and populate with the same key for load sharing. Martin _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
