01:11:02
Hardware security modules (HSMs) are tamper proof devices that meant to secure the most valuable secrets of an enterprise. They typically contain a master secret (master key) from which other secrets can be derived. This master secret cannot be extracted from the HSM. The Crypto Express Adapters can be configured in three different modes two of which (CCA and EP11) are HSM modes. Using Crypto Express in either CCA or EP11 modes allows you to perform secure key cryptographic operations without ever exposing plain text key material in the system memory. We show how to set up Linux on Z to use either CCA or EP11 secure key cryptography, describe the components involved in a secure key solution to either manage the crypto adapter or to perform cryptographic operations. Last but not least, we provide an outlook for using protected key cryptography in Linux.