Integration with Utimaco SecurityServer

Learn about integrating Enclaive vHSM with Utimaco Security Server and how their combined capabilities strengthen cryptographic security, key management, and data protection.

enclaive Virtual HSM

Hardware Security Modules (HSMs) are specialized physical devices designed to protect cryptographic keys and sensitive data. Unlike software-based solutions, HSMs provide enhanced security through tamper-resistant and physically protected hardware.

However, traditional HSMs are limited in their ability to scale flexibly based on demand. In cloud environments, where scalability is essential, adding more physical HSMs may not align with the agility required by modern applications.

enclaive Virtual HSM (vHSM) bridges the gap between hardware security and software flexibility. It delivers the same high level of trust and security as traditional HSMs while leveraging the agility of enclaive. The trust foundation is anchored in hardware, using Utimaco u.trust Anchor GP HSM or HSM as a Service (HSMaaS) as a secure base. Additionally, Enclaive’s confidential boot and attestation technology ensures integrity and security at every stage.

Utimaco u.trust Anchor

The u.trust Anchor is a next-generation Hardware Security Module (HSM) developed by Utimaco IS GmbH. It is a physically protected, specialized computing unit designed to support true multi-tenancy, enabling secure execution of sensitive cryptographic operations. The HSM ensures the safe management and storage of cryptographic keys and data, making it a universal and independent security component for diverse computing environments.

The Utimaco u.trust Anchor GP HSM plays a crucial role in enclaive vHSM, providing randomness generation and secure secret unsealing, ensuring a strong foundation of trust and security.

Software Requirements

HSM Utility

PKCS#11 Tool Version 2 (p11tool2)

HSM Interfaces

SecurityServer PKCS#11 Provider

Docker Runtime

Docker runtime engine 24.0.5, API version 1.43

Hardware Requirements

Utimaco LAN HSM

u.trust Anchor Se*k and CSAR LAN with firmware 4.70.0.0 or higher

Utimaco PCIe HSM

u.trust Anchor Se*k and CSAR Series PCIe with firmware 4.70.0.0 or higher

Utimaco HSMaaS

General Purpose HSM as a Service

AMD EPYC 3rd gen or newer

AMD EPYC 3rd gen or newer

Intel Xeon 4th gen or newer

Intel TDX module version 1.5.06 or higher

Last updated

Was this helpful?