EzSign Key Store and HSM Support
From version 4.1.3
Note: For previous versions contact support
EzSign supports the following HSMs and Key Stores:
Via the PKCS#11 Interface
The following HSMs are supported via the pkcs#11 interface. You must set the corresponding model
property (as indicated below) for the specific HSM
- EnTrust nCipher nShield range
token.pkcs11.model=NCipher
- Thales Luna range
token.pkcs11.model=Luna
- Utimaco
token.pkcs11.model=Utimaco
- Thales DPoD Cloud HSM
token.pkcs11.model=Luna
- AWS CloudHSM
token.pkcs11.model=AWSCloudHSM
Bespoke Interfaces
-
Google KMS
- Configured via the
token.googleKms
properties
- Configured via the
-
Azure KeyVault
- Configured via the
token.azureKeyVault
properties
- Configured via the
-
Thales PayShield - Deprecated
- Configured via the
token.hsm9000
properties
- Configured via the
Refer to the installation and configuration guide for details on setting up
Thales PayShield Additional Notes
Support for PayShield may be removed in future releases. Contact support for more information
PayShields may require additional licenses to support the RSA system. Specific commands must be enabled on the HSM - including EI
and EW