Hardware security module (HSM)
A hardware security module (HSM
Traditionally, HSMs are used in applications where encryption must provide a level of protection at which the cost and complexity of a successful attack limit potential perpetrators to a small number of highly skilled individuals.
HSM in Key Management Service
HSMs that are used in Yandex Cloud are special-purpose protected physical servers supplied by CRYPTO-PRO LLC, a manufacturer of information encryption tools.
This hardware implements a set of solutions to protect a cryptographic asset throughout its life cycle, such as:
- Trusted operating system.
- Tamper-proof housing.
- Protection from power supply voltage and ambient temperature fluctuations.
- Robust random number generators.
- Protection against human error (minimized chance of hardware misconfiguration).
- Trusted operating system bootup.
HSM operating procedure
In Key Management Service, you can create a symmetric encryption key whose every cryptographic operation will be handled only inside the HSM. The HSM will also generate the key itself. In this situation, the user's key resides in the Key Management Service service database only in encrypted form. The HSM uses its master key, which never leaves the HSM, to encrypt the user key.
For all cryptographic operations, the symmetric key will be transmitted to the HSM. The HSM handles all cryptographic operations with the user key only internally and only returns the results of such operations to Key Management Service.
A cryptographic operation using the HSM includes the following steps:
- The Key Management Service database supplies a user key in encrypted form.
- The encrypted key is forwarded to the HSM along with the user data.
- The HSM decrypts the user key using the HSM master key.
- The HSM performs a cryptographic operation with the user data using the decrypted key.
- The HSM destroys the decrypted user key.
- The data goes back to the user.
Enabling the HSM for a key
To use the HSM, select AES-256 HSM
as the algorithm type when creating a symmetric key. The HSM will handle all operations with this key internally, and no additional actions are required.