Merged Keys Concept

A merged key is a level of abstraction higher than normal keys. It holds an internal list of normal key IDs, each associated with its corresponding module. When a command to the hardserver specifies a MergedKey ID instead of a normal (single) key ID, the hardserver chooses an HSM and corresponding single key ID from the list in the Merged Key. See diagram below. Which module is chosen may depend on multiple factors, including load sharing settings in the hardserver config.

Merged Key

Benefits of MergedKeys:

  • A client need hold only a single M_KeyID reference instead of one for each HSM.

  • That ID remains usable even while the key’s actual IDs on HSMs can fluctuate.

  • The hardserver can use heuristics to choose the most appropriate HSM (e.g. the least heavily loaded one).

  • If some HSMs become unavailable, the hardserver uses the remaining ones automatically.

    • A MergedKey can be updated, removing its entry for a defunct HSM and corresponding single-key ID.

  • New HSMs can be added: if a new HSM is made operational and added to the relevant security world, then

    • the key can be loaded onto that HSM, thus creating a new single-key ID for that key on that HSM, and then

    • the new (Key ID, HSM) pair can be added to the existing Merged Key.