Nitrokey releases NetHSM, a fully open-source hardware security module

German company Nitrokey has released NetHSM 1.0, an open-source hardware security module (HSM).

Nitrokey NetHSM

Nitrokey NetHSM 1.0 features

The module can be used for storing and managing a variety of cryptographic keys (e.g., keys to enable HTTPS, DNSSEC, secure blockchain transactions, etc.) in a secure manner.

“Your private keys are kept secure inside the NetHSM, in case of server hacks and the physical compromise of your data center. NetHSM allows you to easily fulfill security compliance requirements,” the company says.

NetHSM’s security architecture includes:

  • A unikernel (MirageOS) with not unneccessary code
  • A formally verified microkernel (Muen), to avoid run-time errors and potentially harmful functions
  • Strict separation between functional areas (i.e., device drivers, application logic, network interface)
  • Software written in a memory-safe and type-safe programming language (OCaml)
  • Formally verified ECC implementation

The NetHSM software can be used on the NetHSM hardware or as a Docker container.

“The modern REST interface and tools are easy to use, just as you would expect from current cloud software,” Nitrokey noted.

“NetHSM can be easily managed via its command-line software. Client systems can easily integrate the REST API using the SDKs available in 35 programming languages, or use the PKCS#11 module. For a quick start you can access our NetHSM test server or run NetH­SM as a container.”

Its open-source architecture offers several advantages, the company notes: the module can be customized and its security can be evaluated by independent parties.

NetHSM contains a trusted platform module (TPM) that is protected against physical tampering.

Nitrokey’s long-term commitment to NetHSM development

“Although the project was funded by the EU, we financed most of it ourselves, which represents a significant investment for us. The success proves that even such a complex project is achievable for a financially independent company with a professional and motivated team,” Nitrokey said in the announcement.

The company has been working eight years on developing this solution; select customers have been using it and providing helpful feedback for the last couple of years.

NetHSM tools, drivers, and documentation are publicly available.

Nitrokey has also provided a roadmap for features they plan to implement in the future.

Don't miss