Generate and protect cryptographic keys used for certificates in a Public Key Infrastructure
About Public Key Infrastructure
A Public Key Infrastructure (PKI) governs the issuance of digital certificates to provide identities for users, devices and applications for secure authentication, confidentiality in communication, and the integrity of data generated and exchanged within an environment. Each entity can identify itself as trusted using digital certificates that are issued by the Certification Authority (CA) – an essential part of the PKI.
HSMs as the Root of Trust for PKI
A Hardware Security Module (HSM) is a tamper-resistant hardware device designed for secure cryptographic key generation, management, and storage. In a PKI, the HSM serves as the root of trust, generating the cryptographic key pairs—consisting of a private and public key—needed for digital certificate creation. The private key never leaves the device’s secure boundary, this is crucial, as the security of the entire PKI relies on protecting the private key from exposure or compromise.
Solutions Offered by Utimaco
Utimaco’s General Purpose HSMs provide a secure, scalable foundation for PKI with plug-and-play integration for leading PKI providers. Key Benefits:
- Certified Security – FIPS 140-2 Level 3 certified, with options for eIDAS and classified environments.
- High Performance – From entry-level to high-speed models, supporting up to 40,000 RSA 2K operations / s
- PQC-ready – u.trust General Purpose HSM Se-Series is designed crypto-agile and can be extended with PQC algorithms for a quantum-resistant PKI
