Custom HSM

Contents

Custom HSM#

HSM provide the required secure environment that is needed to generate and protect the cryptographic keys used to protect and authenticate sensitive data.

We will use a simple Flask REST API service representing the remote HSM machine.

Looking into hsm directory, we can see following files:

  • hsm/sahsm.py is an example of a remote signing service.

  • hsm/hsm_k0_cert0_2048.pem test private key used for signing the data.

  • hsm/hsm_k1_cert0_2048.pem test private key used for signing the data.

1. Setup#

In order to start the HSM service, run following code:

import sys

# Install a the required dependencies into the current Jupyter kernel
!{sys.executable} -m pip install flask requests

# Start remote signing service
from hsm.sahsm import APP

APP.run()
# This will keep running
Looking in indexes: https://pypi.org/simple, https://nl2-nxrm.sw.nxp.com/repository/spsdk_pypi/simple/
 * Serving Flask app 'hsm.sahsm'
 * Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on http://127.0.0.1:5000
Press CTRL+C to quit