Hi there Martin, thanks, this helps a lot.
>> If you have a security sensitive environment you should consider using a HSM >> and not waste your time with software keys and esoteric reasoning about >> cleartext passphrases This is in my project, "PKI++". for both Microsoft and OpenSSL based PKI solutions, I had intended to back the key storage provider with an HSM of sorts. I'm just not there yet in my project for either HSM backed solution to be implemented, also missing an HSM to store the keys. For ADCS, I've already looked into and understand implementing the CSP backed by an HSM's so I understand the principal. With OpenXPKI and what I've come to understand about it, the same is possible with KeyNanny as the "bridge" between the Application and the keys. that being said, there can someone suggest a general HSM that has the connectors / providers required to be used by both OpenXPKI and ADCS, can allow for multiple partitions/master keys, that is network connected? I have limited HSM experience, limited to HSMs of Thales and Gemalto payment HSMs. I need one that follows the same standards as Thales, but isn't Thales expensive. I'd like to keep both on one HSM in different partitions. My HSM use cases already call for 3 separate partitions. _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
