CNS - Cryptographic Network Service

CNS is a cryptographic network service. What that means is a network service dedicated to securely storing cryptographic keys and executing cryptographic operations with those keys. It is a key vault.

The security benefit is realized when the CNS is ran on a dedicated host (i.e. the "Cryptographic Module" or CM for short), and other services and web applications make API calls to CNS to hash passwords, sign JWTs etc. The cryptographic keys of course never leave the Cryptographic Module.

The need for this arose when I wanted to self-host my own web services and I needed a secure way to store keys. I looked into options like Hardware Security Modules (HSMs) but these where expensive and did not support algorithms I needed (argon2 for example).

I figured a cheaper, more flexible, and ideally equally secure alternative would be to build a network service on a dedicated host, hence the Cryptographic Network Service was born.

Leave a Comment