Why use an HSM? Operating with and without a Hardware Security Module
Short Answer
Signando CA works technically fine without an HSM. The crucial difference: With a Hardware Security Module like YubiHSM, the private CA key becomes non-extractable – even with complete server compromise, it remains protected. Without HSM, the key is only as secure as the server it resides on.
What do I lose without HSM?
Security
| Aspect | With HSM | Without HSM |
|---|---|---|
| Key Storage | In HSM, non-exportable | In filesystem or memory, extractable |
| Server Compromise | Attacker can use key but not copy it | Attacker can copy key and misuse permanently |
| Physical Tampering | Tamper detection erases key | No protection |
Recommendation
| Use Case | Recommendation |
|---|---|
| Development / Test | Software keystore sufficient |
| Internal Production CA | YubiHSM recommended |
| External Certificates / Customer Use | YubiHSM required |
| Regulated Environment | YubiHSM or higher required |