Sharing private keys securely between computational devices can present a challenge due to a need for both secure distribution and secure storage of the keys on all devices. One solution is key synchronization between trusted platform modules (TPMs), e.g., as defined by the Trusted Computing Group (TCG), but this solution is typically complex, costly, and may require specific hardware on all endpoints. As a result, there is no straightforward way to consume information that is protected by public key cryptography on endpoints without implementation of specific hardware and key synchronization methods.
Existing hardware security modules (HSMs) may be used by server platforms to remotely manage keys in a secure container that may also protect key operations such as encryption and signing. HSMs are typically expected to operate at highest levels of security because they manage keys for a large population. Hence, security requirements of the most secure use case become a minimum security requirement for the HSM, which can add significant cost and deployment lifecycle overhead.