Securosys Primus HSM or CloudsHSM (HSM as a service) are based on hardware security modules, developed by Securosys, designed to perform sensitive cryptographic tasks and to securely manage cryptographic keys and data. For more information, refer to the Securosys website.

Integration

The Primus HSM or CloudsHSM service can be used as a hardware security module for an EJBCA installation, using either the (old) SunP11 (PKCS#11 Crypto Token) or P11NG (PKCS#11 NG Crypto Token). The HSM works with all standard algorithms (2021) - RSA, ECDSA and Ed25519 (P11NG only).

For step-by-step instructions on how to integrate EJBCA and Primus HSM and CloudsHSM, refer to the Integration Guide available for download from the Securosys website.

Note that as of EJBCA Enterprise 7.8.1, default properties are included in the EJBCA configuration files to ease the configuration and automatically find the Primus HSM driver installed on the system. Following the integration guide, it is therefore not needed to update the conf/web.properties file in section 3.3.1 (EJBCA Property File) if libprimusP11.so is located in /usr/local/primus/lib or /opt/primus/lib.