After 8 Years of Development: NetHSM 1.0 is Available! The First Open Source Hardware Security Module

After 8 years of development, we are excited to release NetHSM, the first fully open source Hardware Security Module (HSM). The professional 19" device securely stores and manages cryptographic keys and can be used e.g. for TLS keys of web servers, for DNSSEC, PKI, CA and blockchains. NetHSM is easy to integrate and operate using a modern REST interface and modern software tools (e.g. PKCS#11, CLI). The open source code enables customizability, vendor independence and backdoor checking. The hardware is produced in Germany and the EU.

Although the project was funded by the EU, we financed most of it ourselves, which represents a significant investment for us. The success proves that even such a complex project is achievable for a financially independent company with a professional and motivated team. As we naturally refrained from an earlier release at the expense of quality and security, the development took almost 8 years. In addition, NetHSM has already been in use for two years with the first customers, which has provided us valuable practical feedback.

The NetHSM is based on leading edge technology and an innovative security architecture:

  • Small attack vector thanks to the unikernel concept with a total system size of ~30 MB
  • Formally verified microkernel for maximum security
  • Strong separation of the different functional areas (e.g. Ethernet device drivers, application logic)
  • Memory-safe and type-safe programming language to completely rule out dangerous memory errors
  • Formally verified ECC implementation

Thanks go to Robur and Tarides for contributing their expertise on OCaml and MirageOS and making NetHSM a powerful and reliable product.

The NetHSM v1.0 is available immediately and can be ordered directly from us.

More Information



great news and well done !!!
Congratulations :-) Also: thanks so much for publishing a container version, I learned a lot from it!

Add new comment

Fill in the blank.