2

I need some hardware device (not as big as a Thales or Atalla HSM), something like a smart card (with USB preferably) to encrypt and decrypt small texts (around 64 bytes). I didn't find much in a google search, only one called YubiHSM ($500) which performs AES encryption / decryption, any other devices (hopefully cheaper)?

PKCS#11 is desired, but I'd like to see different options. Also, I need the device to generate and store a few keys (right now I just need to generate and store one master key). The application that would interact with this device runs on Linux.

myrmix
  • 121
  • 2
  • please clarify more clearly what you expect this smart card / HSM to do (AES? 3DES? RSA? ECDH?). Please also clarify the required APIs (PKCS#11? Java API? Microsoft CSP?). – SEJPM Jan 26 '17 at 17:11

1 Answers1

1

I think what you're looking for is:

The Feitian ePass2003

(or some other token from their ePass line)

  • It costs less than a YubiHSM - Feitian sells them at 70USD for five pieces + customs, taxes and shipping
  • It supports RSA, AES and 3DES with card-stored keys
  • It supports the Windows CSP and has a PKCS#11 library
  • It claims support for Linux, Windows and OS X
  • It's a USB form-factor, about as large as your average USB-stick
  • As a bonus it has a FIPS 140-2 Lvl 3 certification and is the only token that you can freely purchase with this level of assurance
Community
  • 1
SEJPM
  • 1,418
  • 11
  • 18