What If Even Your Linux Admin May Not Know Your Secrets?
Project and Program:
Linux & VM,
Linux
Tags:
Proceedings,
SHARE Sacramento 2018,
2018
Hardware security modules (HSMs) are tamper proof devices that meant to secure the most valuable secrets of an enterprise. They typically contain a master secret (master key) from which other secrets can be derived. This master secret cannot be extracted from the HSM. The Crypto Express Adapters can be configured in three different modes two of which (CCA and EP11) are HSM modes. Using Crypto Express in either CCA or EP11 modes allows it to perform secure key cryptographic operations without ever exposing plain text key material in the system memory. We show how to set up Linux on IBM Z to use either CCA or EP11 secure key cryptography, describe the components involved in a secure key solution to either manage the crypto adapter or to perform cryptographic operations. Last but not least, we give an outlook to using protected key cryptography in Linux.-Reinhard Buendgen-IBM Corporation
Back to Proceedings File Library