Building a hardware security module

secure

[Stefan] was nervous about putting the secret key for his Amazon Web Services account in his config file. In the security world, storing passwords in plain text is considered a very bad thing. but luckily there are ways around it. [Stefan]’s solution was to make a hardware security module out of the newest ARM-powered Arduino Due.

The build puts the secret key for [Stefan]’s AWS account right in the firmware of the Arduino Due (with the security bit on the Arduino flipped, of course). A Python web service then receives sign requests and talks to the Due over a serial port. The Due then signs the request and sends it off to another bit of Python code that handles the AWS API.

Hardware security modules are frequently used by three-letter government agencies to manage cryptography keys and ensure their data are encrypted properly. Instead of a hardware module costing tens of thousands of dollars, [Stefan]’s only cost the price of an Arduino Due; not too shabby for a hardware security module that can sign more than 2000 requests per second.