HSM Encryption: Operation and Private Keys (2026)

The security of digital transactions rests on a component often overlooked by IT management: the Hardware Security Module (HSM). This dedicated hardware device generates, stores and protects cryptographic keys without ever exposing them to the external software environment. As cyberattacks targeting PKI infrastructure increased by 43% between 2023 and 2025 according to the ENISA Threat Landscape 2025 report, understanding how HSM encryption works has become a strategic issue for any organisation managing qualified electronic signatures, banking transactions or sensitive data exchanges. This article decrypts HSM architecture, the lifecycle of private keys, the cryptographic protocols implemented, and the selection criteria for B2B organisations.

Hardware architecture of an HSM: a cryptographic safe

An HSM is, by definition, a tamper-resistant physical device. Unlike a software solution, it integrates intrusion detection mechanisms that trigger automatic key erasure as soon as a physical tampering attempt is detected (the so-called zeroization mechanism).

Internal components and secure isolation

The internal architecture of an HSM is based on several complementary layers:

• Dedicated cryptographic processor: executes encryption operations (RSA, ECDSA, AES, SHA-256) in isolation from the host system.
• Hardware random number generator (TRNG): produces true entropy, essential for the strength of generated keys — hardware TRNGs far outperform software PRNGs in terms of unpredictability.
• Secure non-volatile memory: stores master keys in a physically protected area, inaccessible from the outside even in case of disassembly.
• Tamper-evident enclosure: any attempt to open it triggers an alarm and erasure of secrets.

HSMs are certified according to FIPS 140-2/140-3 standards (levels 2 to 4) published by the US NIST, and Common Criteria EAL 4+ for the most demanding European uses. An FIPS 140-3 level 3 HSM, for example, requires multi-factor authentication for any key access and resists active physical attacks.

Deployment modes: on-premise, PCIe and cloud HSM

Three physical forms coexist in the B2B market:

1. Network HSM (appliance): rack-mounted enclosure connected to the local network, shared between multiple application servers. Typically used by trusted service providers (TSP) certified under eIDAS.
2. PCIe HSM card: module integrated directly into a server, offering better latency for applications with high signature volumes.
3. Cloud HSM: managed service offered by cloud providers (Azure Dedicated HSM, AWS CloudHSM, Google Cloud HSM). The hardware remains physically dedicated to the client but is hosted in the provider's data centre — relevant for organisations wishing to avoid hardware management whilst maintaining exclusive control over their keys.

The choice between these modes directly conditions the level of compliance achievable under eIDAS 2.0, particularly for qualified signatures (QES) which require a qualified signature creation device (QSCD) — a certified HSM constitutes the quintessential QSCD.

Lifecycle of private keys in an HSM

The real value of an HSM lies in its ability to manage the entire lifecycle of cryptographic keys without a private key ever leaving its hardware perimeter in the clear.

Key generation and injection

Key generation within the HSM is fundamental. Any key generated outside and then imported carries a residual risk related to its transit through an uncontrolled environment. Best practices therefore require:

• Generation of the key pair (public/private) directly within the HSM via the integrated TRNG.
• The private key never leaves the HSM's hardware perimeter — even system administrators do not have access to it in the clear.
• The public key, alone, is exported to be integrated into an X.509 certificate issued by a Certification Authority (CA).

Certain protocols such as PKCS#11 (OASIS standard) or JCE (Java Cryptography Extension) allow business applications to invoke HSM cryptographic operations via standardised API calls, without ever directly handling the keys.

Cryptographic operations: signing, decryption, derivation

When a user signs a document, here is the exact technical flow:

1. The application calculates the digital fingerprint (hash) of the document using a hash function (SHA-256 or SHA-384).
2. The hash is transmitted to the HSM via the PKCS#11 or CNG (Cryptography Next Generation under Windows) interface.
3. The HSM internally signs the hash with the RSA-2048 or ECDSA P-256 private key, depending on the configuration.
4. The digital signature is returned to the application — never the key itself.

This principle of black-box operation guarantees that even total compromise of the application server does not allow an attacker to extract the private key.

Backup, rotation and key destruction

The complete lifecycle of a key includes:

• Encrypted backup: keys can be exported in encrypted form (Wrapped Key) using a key encryption key (KEK), itself stored in another master HSM — principle of the Key Ceremony documented by CAs.
• Periodic rotation: recommended every 1 to 3 years depending on certificate lifetime and risk level. eIDAS 2.0 and ETSI TS 119 431 policies govern these periods for TSPs.
• Revocation and destruction: at end of life, the key is destroyed by zeroization — an irreversible operation guaranteeing that no reconstruction is possible.

For organisations wishing to understand how qualified electronic signature is based on these mechanisms, the HSM constitutes the technical heart of the QSCD required by eIDAS.

Cryptographic protocols and standards supported by HSMs

A modern enterprise HSM supports an extensive catalogue of cryptographic primitives and protocols.

Asymmetric and symmetric algorithms

| Family | Common algorithms | Typical usage | |---|---|---| | Asymmetric | RSA-2048/4096, ECDSA P-256/P-384, Ed25519 | Digital signature, key exchange | | Symmetric | AES-128/256-GCM, 3DES (legacy) | Data encryption, key wrapping | | Hashing | SHA-256, SHA-384, SHA-512 | Integrity, document fingerprint | | Post-quantum (PQC) | CRYSTALS-Kyber, CRYSTALS-Dilithium (NIST FIPS 203/204) | Cryptographic transition 2026+ |

Integration of post-quantum algorithms (PQC) is a hot topic of the moment: NIST finalised the first PQC standards in 2024 (FIPS 203, 204, 205), and several HSM manufacturers (Thales, nCipher/Entrust, Utimaco) are offering firmware by 2026 supporting these algorithms in hybrid mode RSA+Kyber.

Integration interfaces and protocols

The ecosystem for integrating an HSM rests on several open standards:

• PKCS#11: most widely used C API interface, supported by OpenSSL, EJBCA, and the majority of Java application servers.
• Microsoft CNG/KSP: native integration into the Windows Server / Active Directory Certificate Services ecosystem.
• KMIP (Key Management Interoperability Protocol): OASIS standard for centralised key management between heterogeneous HSMs — particularly useful in multi-cloud architectures.
• Proprietary REST APIs: modern cloud HSMs expose REST APIs for fluid DevOps integration (Infrastructure as Code, Terraform providers).

Mastery of these interfaces is essential for integrating an HSM into a electronic signature platform for high-volume enterprises.

Criteria for choosing an HSM for B2B enterprises in 2026

Facing a diversified market offering, several objective criteria should guide the purchasing decision or subscription to an HSM-as-a-Service.

Certification level and regulatory compliance

For use within the scope of qualified electronic signature (eIDAS) or banking processes subject to PSD2/DSP2:

• FIPS 140-3 level 3 minimum for sensitive personal or financial data.
• Common Criteria EAL 4+ certification with EN 419221-5 protection profile for eIDAS QSCDs — this is the reference standard for European trust lists (Trusted Lists ETSI TS 119 612).
• ANSSI qualification for French entities subject to specific sectoral regulations (defence, vital infrastructure operators).

Performance, high availability and TCO

High-end network HSMs (Thales Luna Network HSM 7, Entrust nShield Connect XC) deliver performance of several thousand RSA-2048 operations per second, with active-active configurations for high availability. The 5-year TCO of an on-premise HSM includes: hardware, maintenance, qualified personnel, and Key Ceremony management — elements that often make Cloud HSM more attractive for SMEs and mid-market enterprises.

For organisations evaluating the overall return on investment of their signature infrastructure, using a dedicated ROI calculator for electronic signature allows you to precisely quantify the operational gains associated with HSM security.

Key governance and access control

An HSM is only as good as the quality of its governance:

• M-of-N principle: any sensitive operation (master key generation, initialisation) requires the simultaneous presence of M administrators out of N designated — typically 3 out of 5.
• Immutable audit logs: each cryptographic operation is traced in timestamped and signed logs, a requirement of GDPR (art. 5.2, accountability) and ETSI frameworks.
• Role separation: HSM administrator, key operator, and auditor are distinct roles — in compliance with ETSI EN 319 401 certification policy requirements.

Understanding the requirements of eIDAS 2.0 regulation is essential to properly calibrate key governance in the context of European qualified signature.

Legal framework applicable to HSM encryption in the enterprise

The deployment of an HSM for cryptographic key management is part of a dense regulatory corpus, at the intersection of electronic signature law, data protection and cybersecurity.

Regulation eIDAS No 910/2014 and eIDAS 2.0 revision

eIDAS regulation establishes the technical and legal conditions for qualified electronic signatures (QES). Its Article 29 requires that qualified signature creation devices (QSCDs) guarantee the confidentiality of the private key, its uniqueness, and the impossibility of deriving it. These technical requirements can only be satisfied by an HSM certified according to the EN 419221-5 protection profile or equivalent. eIDAS 2.0 revision (EU Regulation 2024/1183, in force since May 2024) strengthens these obligations with the introduction of the European digital identity wallet (EUDIW), which also relies on compliant QSCDs.

Applicable ETSI standards

The ETSI standards family precisely governs the practices of trusted service providers (TSPs):

• ETSI EN 319 401: general security requirements for TSPs, including HSM management and role separation.
• ETSI EN 319 411-1/2: certification policies and practices for CAs issuing qualified certificates.
• ETSI EN 319 132: XAdES profile for advanced electronic signature — signing operations rely on HSMs.
• ETSI TS 119 431-1: specific requirements for remote signing services (Remote Signing), where the HSM is operated by the TSP on behalf of the signatory.

French Civil Code (Articles 1366-1367)

Article 1366 of the Civil Code recognises the legal value of electronic writing when it is possible to identify its author and its integrity is guaranteed. Article 1367 assimilates qualified electronic signature to handwritten signature. Protection of the private key by HSM is the technical mechanism that makes this presumption of imputability irrefutable before the courts.

GDPR No 2016/679

When an HSM processes keys linked to the identity of natural persons (qualified nominative certificates, audit logs including identification data), GDPR applies in full. Article 25 (privacy by design) requires integrating data protection from the design stage — the HSM meets this requirement by making it technically impossible to access private keys outside the defined operational framework. Article 32 requires the implementation of appropriate technical measures: the HSM represents the state of the art in cryptographic protection.

NIS2 Directive (EU 2022/2555)

Transposed into French law by the Act of 15 April 2025, the NIS2 Directive requires essential and important operators (OES/OEI) to implement risk management measures explicitly including cryptographic supply chain security. The use of certified HSMs to protect signature and encryption keys falls squarely within this framework, particularly for the health, finance, energy and digital infrastructure sectors.

Liabilities and legal risks

A compromise of a private key resulting from the absence of an HSM or insufficient configuration can engage the civil and criminal liability of the data controller, expose the organisation to CNIL sanctions (up to 4% of global turnover), and retroactively invalidate all signatures issued with the compromised key. Failure to log HSM operations constitutes a manifest non-compliance with ETSI and GDPR frameworks.

Use cases: the HSM in action in B2B enterprises

Scenario 1 — Qualified signature platform for a multi-site industrial group

A European industrial group with 15 subsidiaries managing approximately 4,000 supplier contracts per year decides to centralise its qualified electronic signature chain. The security team deploys two network HSMs in active-active high availability configuration across two separate data centres (geographical resilience strategy). The qualified signature keys of each legal entity are generated and stored exclusively in the HSMs, accessible via a PKCS#11 interface exposed to the SaaS signature platform.

Results observed after 12 months: zero security incidents related to key management, full compliance at the eIDAS audit conducted by an accredited conformity assessment body (CAB), and a 67% reduction in average contract signing times (from 8.3 days to 2.8 days). The total HSM deployment cost was recovered in 14 months thanks to productivity gains and the elimination of residual paper processes.

Scenario 2 — Law firm and management of client mandate signature

A law firm specialising in mergers and acquisitions and commercial litigation, with 45 collaborators, managing the signature of mandates, engagement letters and procedural documents, seeks to secure its signature flows. Unable to use an on-premise HSM (no dedicated IT team), the firm subscribes to a Cloud HSM service integrated into a electronic signature solution for law firms.

Each partner has a qualified certificate whose private key is stored in the provider's dedicated HSM, certified FIPS 140-3 level 3 and referenced on the European trust list. The firm benefits from complete traceability of operations (timestamped logs, exportable for evidentiary purposes in case of dispute), without any hardware infrastructure to manage. The reduction in administrative time related to document management is estimated at 3.5 hours per employee per week according to benchmark figures for comparable firms.

Scenario 3 — Healthcare facility and protection of electronic prescription data

A hospital group of approximately 1,200 beds implements secure electronic medical prescription (e-prescription) in compliance with ANS (French Digital Agency) requirements and the Mon Espace Santé framework. Prescriptions must be signed with a healthcare professional certificate (CPS) whose private key cannot under any circumstances be exposed on practitioners' workstations.

The IT department deploys an HSM certified Common Criteria EAL 4+ integrated into its identity management infrastructure (internal IGC). Medical practitioners' CPS keys are stored in the HSM; practitioners authenticate via smartcard + PIN to trigger the signature operation delegated to the HSM. This mechanism, compliant with eIDAS regulation and ETSI standards, reduces the risk of key theft by 89% compared to software storage on workstations, and enables centralised revocation in less than 5 minutes in case of departure or card loss.

Conclusion

HSM encryption constitutes the cornerstone of any qualified electronic signature infrastructure and secure private key management in the enterprise. By combining hardware isolation, proven cryptographic algorithms, strict key governance and compliance with FIPS 140-3, Common Criteria and ETSI standards, the HSM offers unmatched protection against current threats and European regulatory requirements. Whether you opt for on-premise deployment, a PCIe card or a managed Cloud HSM, the key is to align your choice with your risk exposure level and your legal obligations under eIDAS, GDPR and NIS2.

Certyneo natively integrates certified HSMs into its qualified electronic signature infrastructure, allowing you to benefit from enterprise-level security without operational complexity. Ready to secure your document flows with a compliant and certified solution? Start free on Certyneo or view our pricing to find the offer suited to your organisation.