Skip to main content

Use Cases

Smart Key Attributes bring fine-grained authorization and usage rules to private keys stored on Securosys HSMs. This page gives a few real-world examples where having such fine-grained access control is beneficial.

Crypto Currencies

Since money is involved, crypto currencies have high security requirements. SKA is a perfect tool for building authorization schemes such that multiple approvers need to approve a transaction, or to enforce a timelock (that a transaction is only signed after a waiting period has passed).

For example, see the Fireblocks guide. Additionally, you can use VaultCode to build automated approval rules.

Electronic Signatures

The EU's eIDAS regulation introduces Qualified Electronic Signatures (QES) and Qualified Electronic Seals as the digital equivalent of hand-written paper signatures. To enforce signer authentication in a remote signing environment, eIDAS requires a Signature Activation Module (SAM). SKA is certified to act as the SAM, thus enabling the use of Primus HSM as a QSCD.

For more details, see the eIDAS and SAM documentation.

Code Signing

Signing software releases and firmware updates is essential for maintaining integrity and trust in the face of supply chain attacks. With SKA, you can enforce that quorums of people need to come together to sign a code artifact. For example, (2 of 5 developers) AND (1 of 3 release managers).

For example, see the Docker signing guide.

Secrets Management

Secrets Management systems such as HashiCorp Vault can also make use of SKA keys. For example, an SKA key can be used to seal/unseal (lock/unlock) the vault.

PKI

In a PKI system, the private key of the root CA is critical. By protecting the key with an SKA policy, you can ensure that the root CA can only sign when enough approvers confirm the operation.

Other

Generally, any system that requires multiple people to approve an operation before it is executed can benefit from SKA. SKA works with every private key operation, such as signing, decrypting, and unwrapping.

Note: SKA is currently only supported with asymmetric keys (RSA, EC). Symmetric keys (AES) are not yet supported.

Comparison to other Solutions

Compared to multi-signatures (multisig), which is traditionally used in crypto currencies, SKA has the following advantages:

  • Algorithm-independence. SKA can work with any asymmetric scheme.
  • Single-signature means lower transaction fees and more privacy.
  • More complex approval rules, for example (2 of 5 finance officers) OR (1 of 3 executives).

Compared to Multi-Party Computation (MPC), SKA has the following advantages:

  • Larger groups and quorums without compromising performance.
  • Ability to use timelocks and timeouts.
  • Simpler implementation/integration.
Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?