CodeSafe 5 v13.9.5 Developer Guide

CodeSafe is a runtime on the Entrust nShield HSM that allows third-party developers to run their own code within the secure boundary of the module, using the SEE (Secure Execution Engine) technology.

The CodeSafe product comprises a suite of cross-compilers and support tools that allow you to develop CodeSafe applications, which are also known as SEE machines.

Using the CodeSafe Developer Kit, developers write their own CodeSafe applications, cross-compile them and package them to run on the HSM. While on the HSM, the CodeSafe application is segregated from the actual keys loaded onto the module, including the keys the application uses. This means that CodeSafe can be used without affecting the FIPS 140 validation of the module it runs on.

Where the HSMs provide security controls on key usage, CodeSafe provides control over application code. You can send nCore commands to the HSM inside SEE, build a protocol to send data and commands back and forth on top of the SEEJobs library, which provides an off-the-shelf mutually authenticated and encrypted communication channel, expose your own TCP protocol, or any combination of these.

With CodeSafe, you can build and deploy Trusted Agents to perform application-specific security functions on your behalf on unattended servers, or in unprotected environments where the operation of the system is outside of your direct control. Examples of Trusted Agents include digital meters, authentication agents, timestamp servers, audit loggers, digital signature agents and custom encryption processes.

Traditionally, HSMs have protected cryptographic keys within a defined security boundary; SEE allows you to extend that security boundary to include code that utilizes those protected keys. The code itself is signed to provide additional protection.