Custom HSM#
HSM provide the required secure environment that is needed to generate and protect the cryptographic keys used to protect and authenticate sensitive data.
We will use a simple Flask REST API service representing the remote HSM machine.
Looking into hsm
directory, we can see following files:
hsm/sahsm.py
is an example of a remote signing service.hsm/hsm_k0_cert0_2048.pem
test private key used for signing the data.hsm/hsm_k1_cert0_2048.pem
test private key used for signing the data.
1. Setup#
In order to start the HSM service, run following code:
import sys
# Install a the required dependencies into the current Jupyter kernel
!{sys.executable} -m pip install flask requests
# Start remote signing service
from hsm.sahsm import APP
APP.run()
# This will keep running
Looking in indexes: https://pypi.org/simple, https://nl2-nxrm.sw.nxp.com/repository/spsdk_pypi/simple/
* Serving Flask app 'hsm.sahsm'
* Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on http://127.0.0.1:5000
Press CTRL+C to quit