Fully open USB2 hardware-secure module

Introducing the SC4-HSM

The SC4-HSM is a fully-open USB2 HSM (hardware-secure module). Prototype units are now available in limited quantities.



For more details see the FAQ and user manual.

How can I get one?

Do you have a mailing list?

Yes! It's powered by MailChimp (for now) so you won't get spammed, and you can unsubscribe any time. Sign up here:


What is the SC4-HSM's threat model?

The SC4-HSM is designed to defend against a compromised client machine, i.e. an attacker who pwns your laptop or desktop machine. If you think about it, this is the only threat model that makes sense for dedicated secure hardware. If you can trust that your client machine is secure, you don't need an HSM.

What does the SC4-HSM actually do?

It generates and stores cryptographic keys using an on-board hardware random number generator, and it uses those keys to perform cryptographic operations, mainly generating secure digital signatures (not to be confused with an electronic signature. These are not the same.) The keys are stored in such a way that they cannot be extracted from the device even by someone who has physical possession of the device. This is the central feature of any HSM.

Why does the SC4-HSM include a built-in display?

If an attacker controls your client machine (laptop or desktop) then they can do anything you can do. In particular, if you can access a security device, then an attacker can too. Without a display and user input on the device, an attacker can access that device just as easily as you can.

The display and user buttons protect against an attack launched from the host machine. Before the unit performs a cryptographic operation it can display information about what it is about to do on the display and wait for the user to confirm the operation by pushing one of the user input buttons on the unit. Because these operations are entirely under the control of the device firmware, they cannot be directly attacked from the host machine.

It is still possible to mount phishing attacks against the SC4-HSM, but this is unavoidable. No system can ever be fully secure against user error.