@zaire @benjojo A HSM in the high-level sense is a networked computer built on top of well-tested lab certified hardware, with a security-focused OS. They have limited access via some interface that is controlled by internal rules.

They are designed to hide and protect cryptographic material. Generally they will also have anti-tamper markings or anti-tamper mechanisms which may even destroy the cryptographic material if tampering is detected.

They are used in a manner of things. e-Passport security use HSMs in the gates which prevents anyone (including the operator) from tampering with it. Companies usually store signing keys in HSMs. HSMs secure smart metering systems. They secure mobile money payments. Pin issuing for payment cards is done by HSMs.

Around Europe, around 6000km of roads have a "cooperative intelligent transport system" for linking "vehicles, road users, service providers, and road operators" which also uses HSMs in some manner.

Some rail systems (five last I checked) use HSMs for signalling.

HSMs also fulfill many roles in airlines.

@benjojo @zaire sometimes we have sensitive cryptographic keys and we worry the computer can be hacked and the keys could get stolen. So an HSM is a magic box that you can put the keys in to keep them safe and secure, except it's actually just another computer that we've convinced ourselves can never be hacked, unlike other computers which sometimes can.

Also, now that the keys are secure, you need to authenticate yourself to the HSM to use them, and you do this by using another key that you store outside the HSM. Unless you can get another HSM to store that key in. It's HSMs all the way down, essentially