Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The HSM (Hardware Security Module) provides storage of crypotographic keys. Whenever data needs to be signed by one of its keys, that data is transferred to the HSM, signed, and the signature transferred back. This way the private key material never needs to leave the device. OpenDNSSEC communicates with the HSM via PKCS11 PKCS#11 and should be compatible with any device implementing that interface. The OpenDNSSEC project provides SoftHSM which is an entirely software implementation of a HSM via the same interface. If set up correct a real HSM will provide better security and performance. If neither is critical SoftHSM is a good alternative.