Securosys Primus HSM and CloudHSM Service
Securosys Primus HSM or CloudHSM (HSM as a service) are based on hardware security modules, developed by Securosys, designed to perform sensitive cryptographic tasks and to securely manage cryptographic keys and data.
Integration
The Primus HSM or CloudHSM service can be used as a hardware security module for an EJBCA installation, using either the (old) SunP11 (PKCS#11 Crypto Token) or P11NG (PKCS#11 NG Crypto Token). The HSM works with all standard algorithms (2021) - RSA, ECDSA and Ed25519 (P11NG only).
For step-by-step instructions on how to integrate EJBCA and Primus HSM and CloudHSM, refer to Securosys online documentation.
Note that as of EJBCA Enterprise 7.8.1, default properties are included in the EJBCA configuration files to ease the configuration and automatically find the Primus HSM driver installed on the system. Following the integration guide, it is therefore not needed to update the conf/web.properties
file in section 3.3.1 (EJBCA Property File) if libprimusP11.so
is located in /usr/local/primus/lib
or /opt/primus/lib.