New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Hardware Security Module (HSM) Meaning

Oct 24, 2023 | Updated Oct 24, 2023
A Hardware Security Module (HSM) is a hardware unit that safeguards and manages cryptographic keys.

What is a Hardware Security Module (HSM)?

A Hardware Security Module (HSM) is a physical computing device that stores and secures secret keys. HSM devices are often used to prevent unauthorized access to sensitive information such as users’ identities, transactions, and application servers. HSMs typically perform encryption, decryption, authentication, key management, and digital signing.

HSM are:

  • Tamper-resistant: Hardware Security Modules are difficult to modify or alter without making the device inoperable.
  • Tamper-evident: Attempts to log in or tamper with HSMs leave behind visible signs or send an alert notification.
  • Tamper-responsive: HSMs may respond to tampering by deleting the secret keys stored in the device. This prevents a malicious actor from accessing a user’s sensitive information.

How are they relevant to digital assets?

Your private keys are stored in your wallet and control access to your cryptocurrency funds (which are always stored on the blockchain). HSM devices are ideal for crypto wallets since they ensure that private keys never leave the device. The private keys are typically used to sign transactions. And since the private keys live inside the HSM device, the HSM becomes the sign for the transactions. Therefore, backing up private keys and recovery phrases in HSM-based solutions makes them virtually impossible to compromise. 

There are several types of HSMs – the static HSM and the nomad type. The static type comes as an external device or card that can be plugged to a network server. The nomad HSMs are basically the Secure Element, used in SIM cards, passports, banking cards and in some hardware wallets.

HSM Use Cases

HSMs are used in crypto wallets to store and manage users’ private keys and recovery phrases. It is also utilized in debit card PINs and Public Key Infrastructure (PKI) environments, among others.

  • Debit Card Pins for ATMs: Payment and transaction HSMs are designed to secure a user’s payment card information and personal details during transaction processing. Hence, when a user conducts a transaction, the banks verify their PIN using HSM devices without revealing the PIN itself. To some extent, your banking card itself is a HSM.
  • PKI  environments: Hardware Security Modules are primarily used to randomly generate, hold and manage public keys and private keys, and ensure that sensitive data is highly protected. For instance, HSM may be used to sign certificates, ensuring that malicious actors cannot authenticate themselves without the private key even if they get ahold of the certificate.

Hardware Security Modules bring an extra layer of security to sensitive information and application servers. In addition, it introduces a high degree of reliability, trust, and verifiability in hardware wallets.

Sybil Attack

A Sybil attack is a security threat on a peer-to-peer network where a malicious actor attempts to sabotage the network’s reputation by creating multiple fake identities.

Full definition

Wrapped Bitcoin

Wrapped Bitcoin is a tokenized representation of Bitcoin that is interoperable with decentralized applications on the Ethereum blockchain.

Full definition

Unspent Transaction Output (UTXO)

Unspent Transaction Output (UTXO) refers to the amount of a cryptocurrency that is leftover following a specific transaction.

Full definition