NetHSM Software 2.0: New Namespaces, 900% Speed Gain

We are proud to release a major software update for the NetHSM. It delivers significant speed improvements of up to 900% and a new function "Namespaces" to manage logically separated areas (partitions), e.g. for individual departments or projects.

Namespaces

Classic HSMs often offer so-called partitions to separate the memory area into statically separated areas. With the NetHSM software 2.0 we are introducing a similar but more powerful function, so-called namespaces. This allows administrators, users and keys to be divided into logically separate areas. The advantages over classic partitions are:

  • The storage area is not statically assigned but is dynamically available to all namespaces.
  • Once a namespace has been configured, full control is transferred to a namespace administrator. From then on, even the main administrator of the NetHSM can no longer access any of the namespace keys or create any users or administrators in the namespace or reset their access data. The namespace keys are thus effectively protected from the main administrator.
  • In addition, this optional namespace function integrates elegantly into the existing interface (REST API) and therefore remains backwards compatible.
  • Unlike some competitors who charge per number of partitions, NetHSM customers do not have to plan for any additional costs or license fees for namespaces. These can be used without restriction.

Speed Improvements

Significantly improved speed of key operations and signatures of up to 620%, key generation of up to 900%, random number generation of 490% and backups of 1160%. This means that NetHSM delivers high speed even for demanding loads:

  • NIST P-256: ~2140 signatures/s, ~500 key generations/s
  • NIST P-384: ~1510 signatures/s, ~500 key generations/s
  • NIST P-521: ~930 signatures/s, ~490 key generations/s
  • RSA-2048: ~1070 signatures or decryptions/s, ~40 key generations/s
  • RSA-4096: ~220 signatures or decryptions/s, ~4 key generations/s
  • Ed25519: ~2410 signatures or decryptions/s, ~480 key generations/s
  • Random number generator (RNG): ~2.6 MByte/s

Bug Fixes

We have also fixed two errors during backup and restore that caused the system to crash and prevented authentication.

 

The NetHSM software 2.0 has been made available free of charge to all NetHSM Support subscribers and is now being delivered on all NetHSM devices. A free software container is available for testing and development.

NetHSM is the only open source HSM (Hardware Security Module) on the market. This release illustrates the advantages of the open source architecture, which allows new functions and significant optimizations for existing hardware to be delivered as software updates. In addition, open source code is the only way to check that there are no backdoors.

More Information

1.8.2024

Add new comment

Fill in the blank.