.png){kind=logo}
Supported Hardware Security Modules (HSMs)
The following table lists HSM support for each SignServer deployment option. Integration methods include PKCS #11 standard and REST APIs. SignServer additionally supports software-based keys for lower security requirements or development.
PQC : Indicates PQC algorithm support.
HSM Type | Software stack | Cloud | Software Appliance | Hardware Appliance | Container Set |
Network HSMs integrated with REST APIs | |||||
Azure Key Vault / MS Managed HSM | ✔️ | ✔️ | | | ✔️ |
Fortanix Data Security Manager (DSM) PQC | ✔️ | | | ✔️ | |
Securosys Primus HSM and CloudHSM Service | ✔️ | ||||
Network HSMs integrated with PKCS#11 | |||||
AWS CloudHSM | ✔️ | ✔️ | | | |
Bull TrustWay Proteccio | ✔️ | ✔️ | | ||
CloudHSM Service | ✔️ | ||||
Entrust nShield Connect/5c PQC | ✔️ | ✔️ | | ||
Securosys Primus | ✔️ | ||||
SoftHSMv2 | ✔️ | ✔️ | |||
Thales DPoD | ✔️ | ✔️ | | ||
Thales Luna 7 PQC | ✔️ | ✔️ | ✔️ | ||
Thales USB HSM | ✔️ | ||||
Thales TCT | ✔️ | ✔️ | | ||
Utimaco CryptoServer | ✔️ | ✔️ | ✔️ | ||
Utimaco u.trust Anchor PQC | ✔️ | ✔️ | | ||
Internal Hardware Appliance PCIe HSMs integrated with PKCS#11 | |||||
Thales Luna PCIe | ✔️ | ✔️ | |||
Utimaco PCIe | ✔️ | ✔️ | |||