Hardware Security Module

A Hardware Security Module (HSM) is a physical cryptographic device — typically a rack-mounted appliance or a PCIe card — that generates, stores, and uses cryptographic keys inside a tamper-resistant hardware boundary. The private key material never exists in software memory. Signing and decryption operations happen inside the HSM, and only the output (a signature, a decrypted payload) crosses the boundary.

HSMs are certified against FIPS 140-2 (or the newer 140-3) which defines security levels: Level 1 is software, Level 2 is tamper-evident, Level 3 is tamper-resistant with active response, Level 4 is environmentally sealed. Cloud KMS HSM offerings (AWS CloudHSM, GCP Cloud KMS HSM, Azure Key Vault HSM) are all FIPS 140-2 Level 3.

Every LearnCoin tenant's signing key lives inside GCP KMS HSM. Compromise requires compromising the HSM itself, which is orders of magnitude harder than extracting keys from an application server.