I was having a conversation with a security industry CTO about KMIP when the topic of HSMs and key managers came up. So naturally I asked him how he would describe the main difference between them. He gave a pretty interesting one word answer, which I will get to, but first some background.
According to Wikipedia the “Key Management Interoperability Protocol (KMIP) is a communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server… KMIP also defines messages that can be used to perform cryptographic operation on a server such as encrypt and decrypt”. The KMIP protocol has standardized operations to create, get, store, etc. keys. KMIP has quickly become the standard protocol used by generic (vs. application aware key managers and encryption clients that need keys. In theory KMIP enables key management in a cryptosystem comprising of encryption clients from multiple vendors that are interoperable with a given KMIP key manager or HSM.
“Key management is the management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.”
Now a “hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing.” HSMs are typically certified to internationally-recognized standards such as Common Criteria or FIPS 140 to provide users with independent assurance that the design and implementation of the product and cryptographic algorithms are sound. The certifications often include FIPS 140 certification at levels 3 or 4 to provide tamper evidence or tamper resistance. HSMs could, theoretically, also have a KMIP interface too just like key managers.
So from all that, I take it that HSMs and key managers can both be important elements of key management. Certainly a HSM is a physical (i.e. hardware) device while a key manager can by implemented in software but that may not be the only difference.
Which takes me back to my original question: “What is the main difference between an HSM and a key manager?” The answer the CTO gave me when we spoke was: “Marketing”. However, when we look deeper into this one word statement we see that the one deadly sin for an HSM is to give the key up to an unauthorized party. While the deadly sin for a key manager is to lose the key or not have it available when it is needed. In other words confidentiality is the prime concern of an HSM while integrity and availability is the prime concern of a key manager. They may have many attributes and capabilities in common but the emphasis on these capabilities depends on whether it is being marketed as a HSM or a key manager.
Personally I think the differences between these two go further than just marketing. In the table below I allocate capabilities and attributes to either Key Manager or HSM in an attempt to distinguish between the two even while acknowledging that there could be a lot of overlap. Is this enough to make a case for wider differences than a one word simple answer? Judge for yourself…
|Capabilities & Attributes||Key Manager||HSM|
|Performance (Keys / s)||X|
|FIPS 140 Level 1,2||X|
|FIPS 140 Level 3,4 (Tamper evident or resistant)||X|
|Emphasis on confidentiality||X|
|Emphasis on integrity||X|
|Emphasis on availability||X|
|Key Life cycle management||X|