Link Search Menu Expand Document

EzSign Key Store and HSM Support

From version 4.1.3

Note: For previous versions contact support

EzSign supports the following HSMs and Key Stores:

Via the PKCS#11 Interface

The following HSMs are supported via the pkcs#11 interface. You must set the corresponding model property (as indicated below) for the specific HSM

  • EnTrust nCipher nShield range
    • token.pkcs11.model=NCipher
  • Thales Luna range
    • token.pkcs11.model=Luna
  • Utimaco
    • token.pkcs11.model=Utimaco
  • Thales DPoD Cloud HSM
    • token.pkcs11.model=Luna
  • AWS CloudHSM
    • token.pkcs11.model=AWSCloudHSM

Bespoke Interfaces

  • Google KMS

    • Configured via the token.googleKms properties
  • Azure KeyVault

    • Configured via the token.azureKeyVault properties
  • Thales PayShield - Deprecated

    • Configured via the token.hsm9000 properties

Refer to the installation and configuration guide for details on setting up

Thales PayShield Additional Notes

Support for PayShield may be removed in future releases. Contact support for more information

PayShields may require additional licenses to support the RSA system. Specific commands must be enabled on the HSM - including EI and EW