eHSM Specifications

Last updated November 24, 2020

Operating System Support

Operating System	Version	Architecture
Windows	Windows 8 and later, Windows Server 2012 and later	64bit, 32bit
Mac OS	10.7 (Lion) to 10.15 (Catalina)	64bit
Linux	Ubuntu 18.04 LTS and later	amd64

Cryptographic interfaces

PKCS#11 (Windows, Linux, MacOS). For a full list of PKCS#11 mechanisms supported, see the developer documentation.
Microsoft CNG Key Storage Provider
Java Cryptography Architecture (JCA) and the Java Cryptography Extension (JCE) using the SunPKCS11 Provider.
FIDO U2F/CTAP1 and FIDO2/CTAP2.

Cryptographic capabilities

Algorithms since firmware V1.1 - the eHSM device is firmware upgradeable and more algorithms can be added. See the developer documentation for detailed specifications or contact support.

Available algorithms depends on whether FIPS mode is enabled or not.

Hash Algorithms: MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-160
Symmetric Algorithms: HMAC using supported hash algorithms, AES (128,192,256), TripleDES and DES
Symmetric Cipher Modes: ECB, CBC with PKCS 7 padding or no padding
Asymmetric Algorithms: RSA (1024-4096), ECC (192-521)
ECC Curves supported: secp192r1, secp224r1, secp256r1, secp384r1, secp521r1 secp192k1, secp224k1, secp256k1 (the Bitcoin curve), Brainpool 256,284,512, Curve25519, Curve448
ECDH and BIP32 CKD Key derivation
Signing and Verification: ECDSA, RSA (X509, PKCS 1.5, PKCS 2.1 with OAEP)
Key Wrapping: CKM_AES_KEY_WRAP with and without padding (RFC3394), CKM_DES3_CBC (although not recommended)
Hardware True Random Number Generator (TRNG)

Storage

Non-volatile Storage: 256 token objects, 128KB total size. Volatile session storage: 16 objects per session. 3 concurrent sessions.
PKCS#11 object types: All defined object types supported.

Management

Device management: ellipticSecure Device manager and standard PKCS#11 tools supported (p11tool etc.)

Hardware

USB type A connector
USB 2.0 Full Speed HID device
RoHS compliant
Weight: 7 grams
Dimensions: 45mm x 19mm x 10mm