What is Securosys Primus HSM?
The Securosys Primus HSM is a high-assurance Hardware Security Module designed to securely generate, manage, and protect cryptographic keys. It performs sensitive operations such as encryption, decryption, digital signing, and authentication. Engineered and manufactured in Switzerland, Primus HSMs comply with the most demanding security and regulatory standards, making them ideal for use in critical infrastructure and regulated environments.
Primus HSMs cover a wide range of performance levels, from entry-level to the highest performance requirements in a network appliance form factor, offering a performance-to-price ratio suitable for businesses of any size — whether in the cloud or on-premise.
Explore the Primus HSM models.
Key Features
Along with a wide range of operations the Primus HSM provides the following key features:
Scalable Performance
Primus HSMs can process anywhere from a few transactions per second (TPS) up to 50,000+ TPS in a single unit. In clustered configurations, they can scale to millions of TPS, with native support for post-quantum cryptographic and hybrid workloads.
Extensive Key Storage
Primus HSM delivers scalable key storage, starting at 10 MB in cloud deployments and expanding up to 30 GB - easily handling millions of cryptographic keys and objects, all inside the HSM to ensure the highest key protection. Optional external storage allows for almost limitless storage of keys while still maintaining high security of keys.
Multi-Tenancy and Partitioning
The Primus CyberVault supports up to 1,000 isolated partitions, each functioning as an independent cryptographic environment with its own keys, policies, user roles, and Decanus Terminal access.
Remote Administration
The Decanus Terminal allows secure, role-based remote management of the HSM on device and/or Partition level. Authorized users can independently manage partitions, perform backups, invalidate keys, and more, all with enforced two-factor authentication (2FA).
Clustering and High Availability
Primus HSMs can operate as a cluster to support high availability, fault tolerance, and load distribution without requiring additional software. This ensures continuous operation for mission-critical applications.
Security Architecture
Primus HSMs follow a robust security model which includes:
- Tamper-resistant design with active tamper detection
- Hardened operating system and firmware
- Secure Transport and Initialization
- Compliance with FIPS 140-3, FIPS 140-2, and Common Criteria standards (EAL4+)
- Access control enforcement with audit capabilities
- API support for seamless application integration
Cryptographic Flexibility
In addition to standard cryptographic algorithms, Primus HSMs support:
- Key derivation protocols, such as SLIP-0010 (compatible with the earlier BIP 32)
- Quantum-resistant algorithms for future-proof deployments
- Custom algorithm integration (available on request)
Supported APIs
The Primus HSM supports a wide selection of Application Program Interfaces (APIs). This allows for a broad selection of use cases such as Public Key Infrastructure (PKI), strong authentication, database encryption, blockchain transactions, and many more.
The below APIs are supported by Primus HSM:
Why Use a Primus HSM?
If your organization manages sensitive information - such as financial data, customer records, or proprietary assets - a Hardware Security Module (HSM) offers enhanced protection over software-based cryptographic solutions. Benefits include:
- Enhanced Security: Key isolation and strict access control with Smart Key Attributes (SKA)
- Regulatory Compliance: Support for standards such as eIDAS, GDPR, and HIPAA
- Key Theft Protection: Prevents unauthorized access, detects tampering, and mitigates breach risks
- Performance Optimization: Dedicated cryptographic processing for high-demand environments
Integrations
Securosys Primus HSM is designed to work with a wide range of applications such as OpenSSL, Amazon Web Services (AWS), Microsoft, Oracle, Fortinet and many more including:
- Digital Signatures: Authenticate and preserve the integrity of digital transactions
- Blockchain: Protect private keys and consensus logic
- Database Encryption: Manage and secure encryption keys at scale
- Code Signing: Ensure software and firmware authenticity
- Cloud Key Management: Retain full control of encryption keys across hybrid and multi-cloud setups
- PKI: Protect and manage root and intermediate certificate authority (CA) keys
- PAM / IAM: Secure storage and processing of authentication credentials, encryption keys, and digital identities to protect access to critical systems and enforce strong identity verification policies.
To see all available integrations, visit the solutions explorer. For new or custom integrations, please contact sales.