YubiHSM Integration
Hardware Security Module support ensures your private keys are non-extractable
Hardware-Protected Keys
The YubiHSM 2 is a compact Hardware Security Module that stores your CA's private keys in tamper-resistant hardware. Even if an attacker gains full access to your CA server, they cannot extract the private keys.
Signando CA integrates natively with YubiHSM 2, providing enterprise-grade key protection at a fraction of the cost of traditional HSMs.
For detailed information about the YubiHSM 2, including setup, configuration, and operation, please refer to the official YubiHSM 2 User Guide documentation.
Key Benefits
- ✓ Private keys never leave the HSM
- ✓ Tamper-resistant hardware protection
- ✓ FIPS 140-2 Level 3 compliant
- ✓ Affordable enterprise security
- ✓ Compact USB form factor
Why Hardware Security Matters
Key Extraction Prevention
Software-based keys can be copied. HSM keys are generated inside the hardware and never leave.
Tamper Evidence
Physical attacks on the HSM trigger security mechanisms that destroy the keys.
Compliance Ready
Many security standards require HSM protection for CA private keys.