SID-CRYPTO-01 — PKCS#11 HSM Key Protection

Property	Value
Status	verified
Owner	platform
Category	technical
CSF Function	protect
Group	Cryptography Controls

Description

Hardware Security Module integration via PKCS#11 for issuer key protection. Supports ECDSA (P-256/P-384/P-521) and RSA signing without key export. Keys never leave the HSM boundary. Multi-backend signer interface abstracts software keys, PKCS#11, and cloud KMS.

Components

VC Issuer/Verifier
WSCA / HSM

Source References

vc/pki/pkcs11.go
vc/pki/signer.go

Audit Findings

Finding	Severity	Status
EN-S-2 — Partial asset classification and cryptographic documentation	medium	in progress

Description​

Components​

Source References​

Audit Findings​

Description

Components

Source References

Audit Findings