When considering different key storage methods, keep the following factors in mind:

The following sections explore these considerations.

For general-purpose use cases, you primarily store keys on the HSM. However, some HSM products divert from this norm by storing keys off the HSM (for example, nShields Security World). In this case, you encrypt those off-HSM keys with a master key that you store on the HSM.

Encrypted keys are generally in one of the following formats:

Key block formats other than TR-31 exist, but they are more proprietary. Because the American National Standards Institute (ANSI) developed TR-31 key blocks, this format has more widespread support.

A cryptogam is an encrypted blob of data. Aside from the encryption itself, no additional security mechanisms are baked in. However, instead of using a cryptogram, we recommend using TR-31 key blocks to manage keys. The advantages of using TR-31 key blocks are explained further in the following section.

The ANSI X9.24-1-2017 specification describes TR-31 key blocks. The key block structure consists of the following parts:

Our HSMs use TR-31 key blocks for external key escrow and key transport. We recommend using TR-31 key blocks to manage keys instead of cryptograms because they safeguard against unauthorized substitution, replacement, or misuse of cryptographic keys by embedding information about a key within the key and data itself. Cryptograms do not provide this extra level of security.