Comment 0 for bug 1615211

The HSM’s that the Barbican team are aware of are:

- Dogtag (fedora project): http://pki.fedoraproject.org/wiki/PKI_Main_Page
- Safenet by Gemalto https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/safenet-network-hsm/
- nSheild by Thales (via a KMIP interface?)

And that’s pretty much it. The Safenet is the device that all the PKCS#11 work has been done by.

Dogtag is an app that can run on a machine, and so it’s really an HSM; however, they do say it’s been hardened.
Safenet and nSheild are both HSMs; there are USB, PCIe and Network versions of their products.

Barbican also has recently gained KMIP support — this is a network protocol that provides most of the features of PKCS#11 (which is a library specification).

Resource links:

- https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/usb-hsm/
- http://pki.fedoraproject.org/wiki/PKI_Main_Page
- https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol
- https://github.com/OpenKMIP/PyKMIP — KMIP server (for testing)
- https://www.thales-esecurity.com/products-and-services/products-and-services/hardware-security-modules/general-purpose-hsms/nshield-connect