Key Handling with a Hardware Security Module
Using a Hardware Security Module allows you to perform several activities for enhancing private key security, such as generating, storing, and referencing keys.
When an HSM solution is implemented, all cryptographic operations related to using a private key for a certificate are performed on the Hardware Security Module.
Keys can be generated on the module, but can also be imported to it. To be available on Web Gateway , they are loaded by the HSM Agent. To enable key loading, the key IDs must be made known to the agent.
Generating private keys often includes the use of passwords or an Operator Card System (OCS) to create additional security. Keys can also be generated, however, without any of these additional options.
To enhance security in key handling, responsibilities can be assigned to different administrators. For example, one administrator might be responsible for generating private keys on a Hardware Security Module,
The Web Gateway administrator then references the keys to configure certificates on the user interface of Web Gateway .
NOTE: The Web Gateway administrator must know the key IDs that are generated, as well as the passwords that might be set for the keys.
Private key operations involving the Hardware Security Module are logged on Web Gateway . Information about these operations is displayed on the dashboard of the user interface.
Connection traces can also be generated for traffic on the connections between the components of a Hardware Security Module solution.