## page was renamed from HsmRequirements
The following is a loose list of requirements for the evaluation of HSM for being used for CAcert

||Non-FIPS certification||ICP-Brasil, independent security audits||
||Common Criteria certification||optional||
||FIPS level 3 equivalent ||
||http://www.adobe.com/misc/pdfs/Adobe_CDS_CPv011604clean.pdf compliant ||Non-FIPS mode available || Detailled documentation on the differences between FIPS and Non-FIPS mode ||
||supported by OpenSSL||out-of-the-box?||
||supported by GnuPG||out-of-the-box?||
||supported by CryptLib||||
||supported by EJBCA||
||Standalone, not as PCI card||
||Performance: Minimum 1 Sig/Second||
||Training courses for Operators and Developers||
||SDK available for custom software in the HSM||
||Crypto-Key splitting across multiple HSMs||
||Threshold crypto across multiple HSMs||
||Which application layer do they offer? PKCS#11 style RSA key/signature/decryption? Or application layer X.509 CA inside the HSM?||Does it just store the key, or can we run the CA inside the HSM?||
||HSM-clustering||
||Requirements for HSM-clustering||Maximum latency for each link. Does the cluster have to have a maximum size of 30 kilometers?||
||Which algorithms are supported?||
||If ECC is supported, can we turn it off, to guarantee that it can´t be used?||
||GOST support||
||Which padding algorithms are supported?||
||What are the temperature, humidity and barometric pressure requirements?||
||Does it use Chinese Remainder theorem optimisation for RSA?||
||Can it also work on RSA without the Chinese Remainder optimisation?||


== HSM pages ==

 * [[Pkcs11TaskForce]]
 * [[Possum]]

== Interesting lInks ==

 * [[https://cryptech.is/wiki|CryptTech's Open HSM]].