Skip to main content

Product Fact Sheets & Getting Started Guides

This guide outlines all HSMs and FIDO devices used in Virifi’s Solution Proposal.

Updated over 8 months ago

Introduction

This guide outlines all hardware security modules (HSMs) and FIDO devices supported in Virifi’s Solution Proposal. It includes quick-start instructions, technical specifications, and security certifications to assist developers and integrators in secure deployments.

iShield HSM (PU-50n) – USB Hardware Security Module

Summary:

  • Compact USB 3.1 device

  • Supports PKCS#11 / PKCS#15

  • ISOApplet preloaded, compatible with OpenSC

  • Used for demonstration in On-Prem HSM environments

Setup Guide Includes:

  • Driver installation (PC/SC daemon)

  • Key generation with XCA or pkcs11-tool

  • Certificate CSR workflow

YubiKey 5 FIPS Series – Multi-Protocol FIDO Device

Summary:

  • FIPS 140-2 certified hardware token

  • Supports PIV, FIDO2/WebAuthn, OTP, OpenPGP

  • Works with Windows, macOS, Linux, Android, and browsers

Setup Guide Includes:

  • YubiKey Manager usage (GUI/CLI)

  • PIV applet configuration

  • Touch policy setup for PIN entry

  • Certificate upload (signing/authentication)

Securosys Cloud HSM – Post-Quantum HSM Integration

Summary:

  • Used in Virifi’s Cloud HSM stack for demo and test environments

  • Supports FIPS 204 (ML-DSA) for post-quantum digital signatures

  • High-throughput, low-latency signing operations

  • ISO 27001/ISO 14001-certified Swiss data centers

Features:

  • Remote key generation and lifecycle management

  • REST & PKCS#11 interfaces

  • Integration-ready with Virifi SDK and Signing Services

Use Cases:

  • Future-proof signing (LTA signatures)

  • Centralized signing operations for financial institutions

  • Secure and compliant cloud deployment

Reference: Securosys CloudHSM

Developer Tools & Requirements

Tools you’ll need:

  • XCA – key/cert management GUI

  • OpenSC – smart card middleware

  • pkcs11-tool / p11tool – CLI for HSMs

  • YubiKey Manager (ykman) – token management

  • AWS CLI / REST clients – for cloud HSM access

  • OS Compatibility: Windows, Linux, macOS

Compliance & Security Certifications

Device

Certification

Interface

Notes

YubiKey 5 FIPS

FIPS 140-2

PIV, FIDO2, OTP

Cross-platform

iShield HSM

FIPS 140-2

PKCS#11

On-prem USB

Securosys CloudHSM

ISO 27001, FIPS 204 Capable

REST, PKCS#11

Cloud-native

Documentation Links

Attachment icon
PU-50n_iShield-HSM_fact_sheet.pdf
Attachment icon
PU-50n_iShield-HSM_getting_started.pdf
Attachment icon
YubiKey_5_FIPS_Series_Product_Brief.pdf
Related Articles
Compliance Standards Overview
Recommended Hardware & OS Specs
Software Dependencies (e.g., .NET, Java, Docker, etc.)
HSM Integration Overview
POC Hardware, Infrastructure, and Design Considerations
Did this answer your question?