Which linux x86 hardware keystore?
- by byeo
I'm terminating SSL/TLS in my DMZ and I have to assume that machine will be hacked.
At which point my certificates are compromised.
Previously I've used nCipher hardware keystore/accelerator to solve this issue. These cards won't reveal the private key even to root. The card performs the encryption and decryption onboard and is hardened against physical attack. The only way to get at the keys is by attaching a smart card reader to the card itself.
I'm having trouble finding information about something to recreate this approach.
Is this the domain of specialist switches and firewalls these days?
This old page references some of the old hardware:
http://www.kegel.com/ssl/hw.html#cards