Properly configuring secure communications can be difficult in many situations. For example, secure communication protocols, such as the secure sockets layer (SSL) and transport layer security (TLS) protocols, can be configured in an operating system. Configuring protocols within the operating system may require configuring a certificate from a certification authority and/or key pairs that form the basis for secure communications. Not only can such configuration of the operating system be difficult, but each protocol implementation, operating system and/or application may have differing configuration requirements for accessing secure communications, such as the cryptographic functionality. Not only may differing configuration requirements be difficult to implement, but if the operating system or application has not been properly hardened, the certificate and/or private key may be at risk of loss through server compromise by an intruder. Loss of a private key causes a loss of trust in the cryptographic benefits of secure communication, as the key may be used by the intruder.
Attempts to offload cryptography from the operating system configuration have resulted in several application programming interfaces. For example, a public key cryptography standard PKCS#11 has been used in a virtual machine to expose cryptographic primitives without exposing the key itself to the guest operating system. However, the solution can be difficult to configure, as different software may have different requirements for using PKCS#11. While various techniques have been employed to effectively simplify the use of secure communications, due to the complexity of the tasks, the employed techniques are of varied success.