Skip to main content

Prerequisites

HSM Integration guide

Reminder

This symbol contains helpful or important information for setting up Securosys Docker Signing Plugin

Take care

This symbol means to be careful and obey all instructions. You might do something that could result in data loss

Feature or action requires role activation using

  • Genesis Card
  • Security Officer (SO) Cards 2 of n

Transaction Security Broker (TSB)

Ensure that Transaction Security Broker (TSB) is installed, configured and updated to:

  • TSB Software v.1.18.0 or higher.

Transaction Security Broker (TSB) is available both as on-premises or as-a-service with CloudHSM. For more information on how to configure and install TSB on-premises, follow this guide.

You can download the Transaction Security Broker (TSB) from the Securosys Support Portal. (login required).

HSM Configuration

If you have configured the TSB with on-premises Primus HSM security architecture, ensure that the Primus HSM is updated to the following firmware:

  • Primus HSM Firmware v2.8.21, v2.11 or higher. You can download the Securosys Primus HSM firmware from the Securosys Support Portal (login required).
CAUTION

If you have not yet completed the initial setup wizard for the device, please refer to Chapter 3 of the Primus HSM User Guide for detailed instructions on setting up the HSM. Ensure that the settings align with the Transaction Security Broker (TSB) requirements as specified here.

Securosys Licences

Depending on your security architecture, you will require the following licenses:

Primus HSM:

With Multi-Authorization Workflow:

  • Transaction Security Broker (TSB) Server Software License
  • Primus HSM with:
    • Attestation License
    • Smart Key Attribute (SKA) License

Without Multi-Authorization Workflow:

  • Transaction Security Broker (TSB) Server Software License
  • Primus HSM with:
  • Attestation License

Docker installation

Before proceeding, ensure that Docker is installed and running on your system.

Warning

In this guide, we will use the Linux Ubuntu 22 (amd 64), for other operating systems and Linux distributions, please refer to the referenced guides.

If Docker is not yet installed, please follow the Linux Ubuntu installation guide.

For other operating system docker installations, please see this guide.

Support Contacts

If you encounter a problem while installing/configuring the provider or integrating the HSM with the Securosys Docker Signing Notation plugin, make sure that you have read the referenced documentation. If you cannot resolve the issue, please contact Securosys Customer Support.

For more specific requests regarding Securosys Docker Signing Notation plugin, please use the Securosys Support Portal.

Abbreviations

AcronymDefinition
APIApplication Programming Interface
CACertificate Authority
CISOChief Information Security Officer
CLICommand Line Interface
CloudHSMHSM as a service, operated by Securosys. View more
ECCElliptic-Curve Cryptography
FIPS 140-2Federal Information Processing Standard 140-2
FWFirmware
HAHigh Availability
HSMHardware Security Module (physical or as a service)
mTLSMutual Transport Layer Security
RSARivest-Shamir-Adleman asymmetric encryption algorithm
SBXCloudHSM HSM as a Service SBX (Sandbox) offering, pre-production/test environment. View more
TSBTransaction Security Broker (TSB), middleware to Primus HSM / CloudHSM providing REST API and multi-authorization (approval) workflow engine. TSB can be operated as workflow engine or solely as REST API, depending on Primus HSM or CloudHSM license / subscription
ECOCloudHSM HSM as a Service ECO (Economy) offering, production environment. View more

Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?