Loading
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            HSM Initialization

            You are here:

            1. Salesforce Help
            2. Docs
            3. Salesforce Shield Platform Encryption Architecture

            HSM Initialization

            A Hardware Security Module (HSM) must be initialized before it’s used. For the primary HSM, initialization creates a primary HSM encryption key pair and a primary HSM signing key pair. For each regional HSM, initialization creates a regional HSM encryption key pair.

            The primary HSM public signing key is used to sign and verify each regional HSMs public encryption key. At the start of each release, the primary and regional HSM public encryption keys are used to separately encrypt a per-release primary wrapping key. In turn, this key is used to encrypt the remainder of the per-release secrets used to derive data encryption keys.

            This way, each regional HSM is able to securely access the primary wrapping key for each release, which it uses to access the rest of the per-release secrets needed for key derivation. The private keys in each pair are accessible only inside their respective HSMs.

             
            Loading
            Salesforce Help | Article