Possible use of the CaviumKeyStore in client-side TLS

aws-samples / aws-cloudhsm-jce-examples

Sample applications demonstrating how to use the CloudHSM JCE

MIT No Attribution

37 stars 57 forks source link

Possible use of the CaviumKeyStore in client-side TLS #19

Open commjoen opened 5 years ago

commjoen commented 5 years ago

In order to keep the client-side TLS private key in the Cavium keystore, we made a wrapperkeystore at which we keep the certificate, so that we can actually use it to do client-side TLS. Are there actual issues with picking up client-side TLS authentication by the cavium hsm?

apipersenia commented 5 years ago

I would be interested in learning about that implementation!

rday commented 5 years ago

I've seen some implementations which allow the private key to stay in the HSM and the certificate to stay local. In general, there are no issues here. Of course, I haven't seen your particular implementation. Has it been performing well? Did you hit any problems along the way? Are you using a particular TLS library?