Hardware Security Modules (HSMs) are the industry standard for securing sensitive data and cryptographic keys in enterprise environments. Hex Safe uses Securosys Primus X200 HSM. which offers tamper-evident and intrusion-resistant protection and management of cryptographic keys. Your private keys are encrypted by the HSM, eliminating the risk of exposure.
Leveraging the HSM, Hex Trust operates under a fully trusted model that supports both Safe Plus and Safe Vaults.
The benefits of using HSM include:
- True Random Key/Seed Generation: NIST SP 800-90 a and b* compliant
- Transaction Signing Speed: The HSM holds a single wrapped key to sign transactions, allowing for faster signing compared to other methods.
- Security: The HSM is situated in an air-gapped network accessible only via data diodes, ensuring tamper resistance, tamper evidence, and tamper proofing.
- Fault tolerance and Risk Mitigation: Backup HSMs are always in place to ensure service continuity. Moreover, the HSM master keys are stored on secure Smart Cards, distributed across multiple physical vault locations, and protected by a PIN. This setup prevents single individuals from accessing the vaults.
*NIST SP 800-90a is a document by NIST that outlines their "Recommendation for Random Number Generation Using Deterministic Random Bit Generators"
NIST SP 800-90b is a document by NIST that provides "Recommendation for the Entropy Sources Used for Random Bit Generation"