HSM Integration Guide: Introduction ¶
This guide explains how to integrate the CipherMail Email Encryption Gateway with a Hardware Security Module.
Like any application which uses private keys, there is always the issue on how to securely store sensitive private key material. The CipherMail gateway stores all settings, including keys and certificates, in a database. The benefits of storing all data in a database is that it makes it easy to create backups, provide full clustering and fail-over etc.
Even though all sensitive data, like for example private keys, is encrypted with a configurable password, anyone with access to the database contents and the system password might be able to get access to the private keys. This is not specifically a problem of the CipherMail gateway. Any application that uses private keys, and which does not use specialized hardware to securely store the private key material, has the same problem. It is therefore important that access to the database is only allowed to authorized personnel and that system backups of the gateway are encrypted with a strong password.
To make sure that private keys can never be copied, even with full physical access, a Hardware Security Module (HSM) can be used. An HSM is basically a big smart card. It generates private keys directly on the device and stores the private keys on tamper proof hardware. An HSM also provides additional security functionality like for example a built-in secure random generator. For FIPS 140 level 2 and up, an HSM is required because FIPS 140-2 requires physical security mechanisms.
HSMs from the following vendors are supported:
A functional CipherMail Enterprise Email Encryption Gateway.
CipherMail HSM module.
Shell access to the CipherMail gateway.
A functional HSM.