
Secure Your Signed Documents with TLS Encryption
TLS encryption has become essential for protecting your electronically signed documents. Discover best practices for securing your document flows in compliance with eIDAS.
An HSM (Hardware Security Module) is a tamper-resistant electronic device that generates, stores and uses cryptographic keys without ever exposing them in plaintext outside the enclosure. It is the hardware component that makes qualified electronic signatures (QES) possible under the eIDAS regulation, public-key encryption (PKI), the trust root of a certificate authority (CA), and more broadly any cryptographic operation requiring physical and logical tamper resistance. This guide explains what an HSM is, what it is used for, how it is certified (FIPS 140-2, FIPS 140-3, Common Criteria EAL4+) and how it differs from a TPM or a purely software KMS.
An HSM is a hardware appliance (1U rack, PCIe card, USB token or network appliance) that performs cryptographic operations (key generation, signing, encryption, decryption, hashing) inside a sealed physical enclave. Private keys never leave the HSM: any physical extraction attempt triggers immediate erasure (tamper response). The enclosure is designed to resist side-channel attacks (power analysis, electromagnetic emanations, voltage glitching), fault injection attacks, and electron-microscope observation.
Concretely, an application that wants to sign a document sends the SHA-256 hash of the document to the HSM via a standardized API (PKCS#11, KMIP, CNG, JCE). The HSM signs the hash with a private key that lives exclusively in its enclave, then returns the signature. The signed document contains the signature and the matching public certificate — but the private key remains tamper-proof. This is what distinguishes an eIDAS qualified signature (QES, HSM-backed at the trust service provider) from a simple signature (SES, no hardware requirement) or an advanced signature (AES, with a signer-controlled key).
HSMs are not consumer commodities: they are required as soon as a regulation, standard or contract demands a hardware guarantee of key tamper resistance.
The European eIDAS regulation (EU 910/2014) requires a qualified signature to be generated by a certified qualified signature creation device (QSCD) — in practice, an HSM certified to EN 419 221-5 or Common Criteria EAL4+. The qualified trust service provider (QTSP) operates the HSM that hosts the signer's private key and executes the signature.
HSMs manage the master keys (Key Encryption Keys, KEKs) that encrypt database, disk (BitLocker, LUKS) or backup encryption keys. Typical cases: PCI-DSS compliance for payment processors, HIPAA / HDS for health data, defense secret for government agencies.
Every root, intermediate or issuing certificate authority (CA) uses an HSM to generate and use the key that signs X.509 certificates. The root key of a public CA (Let's Encrypt, DigiCert, Sectigo) or a private enterprise CA (Active Directory CS, ADFS) must live inside a certified HSM.
Cloud platforms (AWS CloudHSM, Azure Dedicated HSM, Google Cloud HSM) expose shared or dedicated HSMs to manage the full key lifecycle: generation, rotation, derivation, archiving, destruction. The advantage over a purely software KMS: provable tamper resistance defensible to regulators and auditors.
TLS certificates for critical infrastructure (banking gateways, software code signing, IoT manufacturer root CAs) are HSM-protected. The HSM signs outbound certificates without ever exposing the root key — even if the host server is fully compromised.
Not all certifications carry equal weight. The certification level determines which regulations the HSM qualifies for (eIDAS QSCD, PCI-DSS HSM, defense contracts).
FIPS 140-2 (published 2001, retired from the active catalog in 2026) and its successor FIPS 140-3 (in force since 2019, mandatory for new products since 2024) define 4 security levels. Level 3 (keys erased if the enclave is opened) is the minimum for banking and public PKI; Level 4 (resistance to side-channel attacks and environmental variations) is required for certain defense secret uses.
Common Criteria is the international IT security evaluation standard. For HSMs, Common Criteria EAL4+ with the EN 419 221-5 Protection Profile is required by the eIDAS regulation for qualified signature creation devices (QSCDs). That is what European qualified trust service providers (QTSPs) use.
ETSI standards define the technical requirements a qualified trust service provider (QTSP) must meet under eIDAS — including the use of HSMs certified to EN 419 221-5. A QTSP listed on the European Trusted List (eIDAS TL) has been audited against these standards by an accredited body (in France: LSTI, COFRAC).
ANSSI publishes a General Security Framework (RGS) and issues "Standard" and "Reinforced" qualifications for cryptographic products. The German BSI publishes equivalent certifications (CSPN, BSI-TR). National public administrations may require these national qualifications on top of European certifications.
The right choice depends on the value of the keys to protect, the regulatory constraints and the budget. Here are the six dimensions that drive the decision.
| Dimension | HSM | TPM | Software KMS |
|---|---|---|---|
| Purpose | Protect enterprise and infrastructure cryptographic keys (QES, PKI, KMS). | Seal boot and identify a machine (BitLocker, TPM 2.0 attestation). One key per machine. | Centralize key lifecycle in memory/on disk, without hardware isolation. |
| Cryptographic throughput | Several thousand RSA-2048 signatures per second (top-tier models: 25,000+ sig/s). | A few signatures per second — built for occasional local use. | CPU-bound (often < 1,000 sig/s for RSA-2048). |
| Regulatory certifications | FIPS 140-2/3, Common Criteria EAL4+, EN 419 221-5 (eIDAS QSCD). | Common Criteria EAL4+ for TPM 2.0 (Microsoft Pluton, Google Titan). Not enough for eIDAS QES. | No hardware certification. ISO 27001 at the vendor at best. |
| Form factor | 1U-2U rack appliance, PCIe card, hardened USB token, or dedicated network appliance. From €8,000. | Chip soldered to the motherboard (TPM 2.0) or virtualized (vTPM). A few euros per machine. | Free (HashiCorp Vault, OpenStack Barbican) or SaaS (AWS KMS without CloudHSM). |
| Typical use case | eIDAS qualified signature, PKI root, PCI-DSS compliance, defense secret. | Secure boot, local disk encryption, Windows Hello attestation. | Application encryption, DevOps secrets, non-critical internal certificates. |
| Total cost of ownership | €8,000 to €80,000 per appliance + maintenance + audit. Shareable via cloud (per-hour pricing). | Marginal cost (already shipped in 99% of post-2016 business PCs). | Free in open-source; ~$0.03/key/month in managed SaaS (AWS KMS, Azure Key Vault). |

TLS encryption has become essential for protecting your electronically signed documents. Discover best practices for securing your document flows in compliance with eIDAS.

End-to-end encryption is the technological foundation of confidentiality for electronically signed documents. Understanding how it works means mastering the security of your contractual exchanges.
HSM and TPM are two hardware security technologies often confused, but with very distinct roles. Discover how to choose the right module according to your needs.
HSM encryption is the invisible foundation of all qualified electronic signatures. Understanding how it works means mastering the cryptographic security of your enterprise.
Certyneo relies on Common Criteria EAL4+ certified HSMs operated by a qualified QTSP listed on the European eIDAS Trusted List. QES from €9.90/act starting on the Standard plan.
We use cookies to improve your experience on our site. Cookies strictly necessary for the service to function are always active. Learn more