Below we present a technological description of Chiave KMF. For a more detailed specification, please contact us for a review with one of our technicians.
Dual control. All activities associated with sensitive data, such as export and import, are protected with dual control.
Authentication: Access control of both administrators and key custodians is protected by strong two-factor authentication.
Encryption: Key components can only be viewed and entered in clear text via secure PED’s, components are encrypted end-to end, from smart card to HSM within Chiave KMF.
Transfer: Remote component transfer to and from Chiave KMF can be handled through normal card readers and regular open networks, since the information is encrypted.
Encryption standards: Built-in FIPS 140-2 level 2 hardware cryptographic engine. Level 3 is optional.
Symmetric key algorithms: AES, double- and triple-key DES.
Asymmetric key algorithms: RSA 2048 and larger; PKI support through PKCS#10 certification requests and PKCS#7 certification responses.
Key export formats: Component based onto individual key custodian smart cards, 2-9 components; PKCS#12; Sun Java JKS format. XML export, including CBS/No-padding, CBS/PKCS#5 padding and ECB/No-padding format.
Key import formats: Component based, 2-9 components; PKCS#12; Sun Java JKS format. XML export, including CBS/No-padding, CBS/PKCS#5 padding and ECB/No-padding format.
Key custodian smart cards: JCOP21 v2.4.1.