how it works
Hardware Security Module
Like any system that uses private keys, secure storage of sensitive key material is essential. The CipherMail Gateway stores all settings, including keys and certificates, in a database.
To prevent private keys from ever being copied, even with full physical access to the server, you can use a Hardware Security Module (HSM). An HSM is a tamper‑resistant device that generates private keys on the device and keeps them stored in protected hardware. It also provides additional security features such as a built‑in secure random number generator.
For environments requiring FIPS 140 Level 2 or higher, an HSM is necessary because these standards mandate physical security controls.
HSM support
HSMs from the following vendors are supported:
- nCipher
- Thales (formerly Safenet)
- Utimaco
- Securosys
S/MIME and PGP support
S/MIME private keys and PGP secret keys can be HSM protected.
DKIM
The DKIM module can use the HSM for secure DKIM signing.
EDI@Energy support
EDI@Energy required algorithms are supported