Key Storage in Hardware

Let’s learn how to store keys in hardware and manage the potential loss or unavailability of keys.

The safest medium in which to store a cryptographic key is hardware. There are, of course, different types of hardware devices with varying levels of security.

Hardware security modules

The most secure hardware storage media for cryptographic keys are hardware security modules (HSMs). These dedicated hardware devices provide key management functions and are sometimes known as tamper-resistant devices. Many HSMs can also perform bulk cryptographic operations, often at high speed. An HSM can be peripheral or incorporated into a more general-purpose device such as a point-of-sale terminal.

While we have chosen to introduce HSMs as mechanisms for the secure storage of cryptographic keys, it is important to appreciate that HSMs are often used to enforce other phases of the key lifecycle.

Get hands-on with 1200+ tech skills courses.