Adobe recommends that content publishers store cryptographic private keys for signing and encryption in a secure, tamper-proof hardware device. Keys that are stored in software are more susceptible to compromise than keys that are stored in hardware. For example, if a software key is leaked, the key or file that contains the key is typically copied, making it difficult to detect the breach. Keys that are stored on hardware are less vulnerable to undetected compromise.
Hardware security modules (HSMs) are dedicated hardware devices that store and protect cryptographic keys. For more information, see Storing credentials in Using the Adobe Primetime DRM SDK for Protecting Content.