Hello, On Wed, Oct 26, 2011 at 21:12, Thor Lancelot Simon <tls@panix.com> wrote:

I find myself needing a crypto card, preferably PCIe, with onboard key storage. The application is PGP,

I don't know about PGP(.com), but GnuPG is picky about hardware key containers. Things like PKCS#11.

As far as I know, the only current products that do this are the IBM 4765 and the BCM586x line of chips. There were more sources once-upon-a-time of course -- nCipher and NetOctave/NBMK/etc. but those products seem to be gone now (and have obsolete PCI host interfaces, as well).

I think there are plenty of PCI products from several vendors, incl Thales(nCipher), SafeNet and others. But getting them "off the shelf" might vary, depending on your budget and origin and whatnot.

What, if anything, can I buy off-the-shelf in this space? I don't think a smartcard will work, since I need unattended operation within the chassis of a standard x86 rackmount server.

You have not described your requirements (ops/sec, FIPS/CC etc) but if the volume is low, you could take USB CryptoStick(s) (crypto-stick.org), which is supported by GnuPG and what can do up to 4096 bit onboard keys, unfortunately only one signature/decryption pair usable through GnuPG. Probably you can also stack them up and populate with the same key for load sharing. Martin _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE