|
Bloombase KeyCastle - Enterprise Key Life-Cycle Management
Technical Specifications
Bloombase KeyCastle offers extensive enterprise key management and protection with rich cryptographic capabilities to secure your corporate sensitive data.
|
Download Specifications
You need Adobe Acrobat Reader to read our digital product brochure.
|
|
|
Security |
|
|
- NIST FIPS 197 AES encryption and decryption (NIST certificate #1041)
- RSA public key cryptography (NIST certificate #496)
- SHA-1, SHA-256, SHA-384, SHA-512 hash generation (NIST certificate #991)
- Proven keyed-hash message authentication code generation (NIST certificate #583)
- Japan NTT/Mitsubishi Camellia encryption and decryption
- Chinese National SCB2(SM1), SSF33, SSF28 encryption and decryption
- Korean Data Encryption Standard (SEED) and ARIA block ciphers
- NIST FIPS 46-3 3DES and DES encryption and decryption
- RC2, RC4, RC5 and RC6 encryption and decryption
- CAST5 encryption and decryption
- Twofish and Blowfish encryption and decryption
- IDEA encryption and decryption
- Serpent and Skipjack encryption and decryption
- DSA public key cryptography
- MD5 and Chinese National SCH(SM3) hash generation
- Pluggable cipher architecture for future cipher upgrade or custom cipher support
- Hardware ASIC cryptographic acceleration (optional)
|
Key Generation |
|
|
- Accredited random number generator (RNG) (NIST certificate #591)
- ID Quantique Quantis true random number generator support (optional)
|
Key Management |
|
|
- Multiple certificate authority (CA) support
- Hardware true random (optional) or software pseudo-random key generation, inquiry and deletion
- No limitation on number of cryptographic keys managed or scales with system storage infrastructure
- Built-in certificate request and revocation check (CRL/OCSP)
- X.509 and PKCS#12 DER and PEM Key Import and Export
- Key Usage Profiling
- RDBMS and Generic LDAP Support and Integration
- Industry Standard PKCS#11
- NIST FIPS-140-1 level 2 cryptographic module support (optional)
- Automatic Certificate Retrieval via HTTP or LDAP
- Certificate Validity Check
- Certificate Revocation Check via HTTP or LDAP
- Certificate Revocation List (CRL)
- Certificate Revocation List Distribution Point (CRLDP)
- Online Certificate Status Protocal (OCSP)
- CRL scheduled download, caching and automatic retry
- OCSP scheduled request, caching and automatic retry
|
Hardware Security Module Support |
|
|
- AEP Networks Keyper
- Oracle Sun Crypto Accelerator
- Sophos Utimaco SafeGuard CryptoServer
- Thales nShield
- HP Atalla
- IBM 4758 Cryptographic CoProcessor
- IBM eServer Cryptographic Accelerator
- IBM Crypto Express2
- IBM CP Assist for Cryptographic Function
- Cavium NITROX XL
- Other PKCS#11 compliant hardware security modules
|
Standard Support and Certification |
|
|
- OASIS Key Management Interoperability Protocol (KMIP) compliant
- NIST FIPS 140-2 compliant Bloombase Cryptographic Module
|
Management |
|
|
- Web based management console
- Central administration and configuration
- User security
- Serial console
- SNMP v1, v2c, v3
- syslog, auto log rotation and auto archive
- Heartbeat and keep alive
|
Client Accessibility |
|
|
- PKCS#11
- OpenSSL
- Java JCA/JCE
- Web services
- Plain socket
- HTTP/HTTPS
- Java HTTP tunneling
- Java Remote Method Invocation (RMI)
- Native language support: C, C++, Java
- PKI-based client authentication and identity management
- PKI-based network channel encryption
|
Disaster Recovery |
|
|
- Configurations backup and restore
- FIPS-140 hardware security module recovery key or software recovery key vault for settings restoration
- Customer-defined recovery quorum (e.g. 2 of 5)
- FIPS-140 hardware security module operator key or operator pin for daily Bloombase KeyCastle operation
- High-availability option for active-active or active-standby operation
- Stateless active-standby failover
|
Platform Support |
|
|
- Solaris, HP-UX, OpenVMS, IBM AIX, Linux, Microsoft Windows and Mac OS X
- VMware (vSphere, ESXi, Server), Oracle VM, Sun VirtualBox, Citrix XenServer, Microsoft Virtual Server
- Supports all x86, PowerPC, UltraSPARC, PA-RISC and Itanium architecture hardware
|
The specification and outlook of the model may vary and is for reference only
|
|
Secure Your Data Now
Protect your data with Bloombase transparent encryption.
Bloombase Demonstrations
See how Bloombase protects your digital assets.
Bloombase SupPortal
Get technical support from Bloombase Supportal and Knowledgebase.
|
|