Primus HSM X2 CyberVault – Scalable, High-Performance & PQC-Ready HSM

As digital security demands grow, businesses must balance high performance, resilience, and future-proof encryption. The rise of quantum computing necessitates a seamless transition to post-quantum cryptography (PQC) while maintaining existing cryptographic standards. At the same time, organizations require cryptographic solutions that can process millions of transactions per second without compromising security or compliance.

Ensuring uninterrupted operations is critical, making high availability, clustering, and failover mechanisms essential for mission-critical systems. Scalability is another key concern, as security infrastructures must evolve alongside business growth without requiring costly system overhauls. Finally, complexity in cryptographic management remains a challenge, requiring intuitive solutions that integrate seamlessly and simplify deployment.

Solution

The Securosys Primus HSM CyberVault Series provides the perfect blend of cutting-edge security, scalability, and performance, enabling businesses to stay ahead of emerging threats and technological shifts.

Designed for businesses of all sizes, from small enterprises to large financial institutions, it ensures seamless integration, uninterrupted operation, and a smooth transition to post-quantum cryptography (PQC). Built for mission-critical applications, our Primus CyberVault HSMs support clustering, load balancing, and failover mechanisms, guaranteeing reliability and performance even in the most demanding environments.

The Pro edition – like all models from the series – is equipped with a 2FA authentication mechanism and a user interface for intuitive management. Performance and storage are fixed, making it a cost-efficient and reliable solution for small to midsized businesses that require secure key management and encryption without the need for extensive scalability.

The Enterprise edition provides the highest flexibility in the CyberVault series to best fit a company’s need. It offers upgrade options for enhanced performance, additional storage, or increased number of partitions, allowing businesses to scale as their security infrastructure evolves. Designed for blockchain infrastructures or organizations requiring adaptability, the Enterprise model ensures long-term investment protection.

The Max edition stands out as one of the fastest HSMs on the market, handling over 50’000 transactions per second (TPS). Designed for high-performance environments, it can scale up to 1,000 partitions and over 1’000’000 TPS in clustered setups, delivering unmatched speed, security, and reliability. This makes it the ideal choice for financial institutions, or for anyone requiring demanding cryptographic workloads.

freepik_white-background-with-squares-coming-out-wall-creating-3d-effect

The Max Plus edition pushes the limits of hybrid performance for PQC and classical algorithms combined, and an impressive 30GB off-the-shelf storage. This model is tailored for organizations requiring high-speed cryptographic processing, and large-scale key storage. It is the ultimate solution for businesses operating in highly regulated industries, large-scale cloud environments, or national security applications.

Hybrid PQC and Classical Cryptography

Primus CyberVault (X2 models) ensures a smooth transition to post-quantum cryptography (PQC) by integrating hybrid signatures that combine classical algorithms (RSA, ECC/ED) with NIST-selected PQC algorithms (ML-DSA, SLH-DSA, ML-KEM, HSS-LMS, XMSS).

Seamless Integration & Effortless Management

Designed for plug-and-play deployment, CyberVault X2 models fit into existing infrastructures without disruption, featuring intuitive user interfaces and 2FA authentication for simplified operation.

Market-Leading Performance & Scalability

From small businesses to enterprise-level cryptographic workloads, CyberVault X2 models offer fixed, upgradeable, or extreme-speed performance handling up to 1 million transactions per second in clustered setups.

Unmatched Reliability & Availability

With load balancing, clustering, and automatic failover, CyberVault X2 series ensures continuous operation, even in the most demanding environments.

Swiss-Engineered Security

Developed, manufactured, and maintained in Switzerland, CyberVault is built to meet the highest security and compliance standards, ensuring trust and regulatory adherence.

Security Features

Networking Features

Technical Data

Security Features

Multi-barrier software and hardware architecture with supervision mechanisms
Secure supply-chain

Post-Quantum Cryptographic (PQC) algorithms
ML-DSA, SLH-DSA, ML-KEM, HSS-LMS, XMSS
RSA 1024-8192, DSA 1024-8192
ECDSA 224-521, GF(P) arbitrary curves (NIST, Brainpool, ...)
ED25519, Curve25519
Diffie-Hellman 1024, 2048, 4096, ECDH
SHA-3/SHA-2 (224 - 512), SHA-1, RIPEMED-160, Keccak
HMAC, CMAC, GMAC, Poly 1305
128/192/256-Bit AES with GCM-, CTR-, ECB-, CBC-, MAC Mode
Camellia, ChaCha20-Poly1305, ECIES

Two hardware true random number generators (TNRG)
NIST SP800-90 compatible random number generator

			Upgradeable to
Model	Partition	Total Storage	Partitions	Total Storage
Pro	5	600MB	fixed
Enterprise	10	2.4GB	250	30GB
Max	20	4.8GB	1000	30GB
Max Plus	100	30GB	1000	fixed

Number of client connections not restricted
Unlimited number of backups

Several sensors to detect unauthorized access
Active destruction of key material and sensitive data on tamper
Transport and multi-year storage tamper protection by digital seal

Cryptographic evidence of audit relevant parameters (keys, configuration, hardware, states, logs, time-stamping)

Multiple security officers (m out of n)
Identification based on smart card and PIN

Networking Features

Technical Data

Signing	Pro	Enterprise		Max	Max Plus
RSA 4096	400	500	1'000	2'000	5'000
EC 256*	5'000	5'000	10'000	30'000	45'000
ED 25519	7'500	7'500	15'000	30'000	45'000
AES	7'500	7'500	15'000	30'000	45'000
ML-DSA-44	2'500	2'500	5'000	10'000	20'000
Key Creation
RSA 2048	20	40	60	80	80

*With maximum performance license.

Two redundant power supplies, hot pluggable:  100 ... 240 V AC, 50 ... 60 Hz
Power dissipation: 65 W (typ.), 100 W (max.)
Backup lithium battery:  Lithium Thionyl Chloride 0.65g Li, IEC 60086-4, UL 1642, 3.6V

4 Ethernet RJ-45 ports with 1 Gbps (rear)
2 SFP+ slots for optical 10Gbps Ethernet modules (rear)
2 Console ports (RJ45, front/rear)
2 USB-A management ports (front/rear)
1 USB-C management port (rear)
3 Smart card slots

3 slots for Securosys security smart cards
4 LEDs for system and interface status (multicolor)
Touch screen for configuration
Console interface
Optional Decanus Terminal for remote administration

EMV/EMC: EN 55022, EN 55024, FCC Part 15 Class B
Safety: IEC 62368-1

Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): 
storage -20 ... +60 °C; operation 0 ... +35 °C
Temperature ranges (IEC 60068-2-1 Ad, IEC 60068-2-2 Bd): 
storage -20 ... +60 °C; operation 0 ... +35 °C
Humidity (IEC 60068-2-78 Cab): 40 °C, 93% RH, non-condensing
MTBF (RIAC-HDBU-217Plus) at tamb=25 °C:
>100 000 h
Dimensions (w×h×d) 417 x 44 x 365 mm (1U 19" EIA standard rack)
Weight 7.5 kg

FIPS140-3 Level 3 (in certification)
Common Criteria EAL4+ (in certification)

– CC EN 419221-5 eIDAS protection profile

– CC EN 419241-2 Sole Control (SAM)
CE, FCC, UL

Primus HSM CyberVault
(X2 models)

Challenge

Solution

Which CyberVault model is right for you?

Technical Specifications

Primus HSM CyberVault (X2 models)

Challenge

Solution

Which CyberVault model is right for you?

Technical Specifications

Related Products

Primus HSM CyberVault
(X2 models)