Securing digital identities: from the deployment to the analysis of a PKI ecosystem with virtual HSMs leveraging open-source tools

The objective of this work is to implement a PKI using exclusively open-source tools, with a particular focus on the integration of EJBCA CE with a virtual HSM. The primary goal is to establish trust between the Authorities and the End Entities within the ecosystem and then to identify the principal challenges that might be encountered during the deployment, from a security, performance and management point of view. The system has been implemented within a containerised environment, with Docker Compose orchestrating the modules of the infrastructure. The designed architecture comprises two EJBCA CE instances, which have been configured as the CA and the VA, respectively. Each instance is equipped with its own database and virtual HSM, and its functionalities are subject to RBAC, thereby ensuring that the principle of least privilege is upheld for the entities within the organisation. SoftHSM2 has been selected as the HSM for this project, due to its strong compatibility with the EJBCA framework. The analysis of the resulting PKI demonstrates that such open-source tools offer a viable and cost-effective option for the provision of strong authentication, particularly in terms of scalability and flexibility. From a performance perspective, the infrastructure has shown the capacity to issue a significant number of certificates with high throughput. Nevertheless, the system exhibits several security deficiencies, including the inability to segregate the CA from the RA, the incompatibility of EJBCA CE with more modern and secure enrolment protocols, such as ACME and EST, and the utilisation of a virtual HSM, which cannot be considered a substitute for a physical one in any case. In conclusion, this solution is suitable for a variety of applications, for instance educational purposes or testing environments. In the context of production, this solution may be adopted by SMBs that do not have complex requirements and wish to enhance their security posture with a minimal investment. Conversely, large enterprises, that have more rigorous security demands, and must adhere to strict compliance policies and establish public trust, will find this solution unsuitable for their needs.