Bloombase Operator Key
Operations of Bloombase security appliances are secured by Bloombase operator key(s). Spitfire operator key can be in form of pin, software key vault, PKCS#11 compliant hardware security module (HSM) token or card.
Bloombase servers/appliances require at least one operator key to be present for successful initialization. There is no maximum limit on the number of operator keys. Authenticated administrative users accessing Bloombase in its normal production mode of operation can issue new operator key(s) or revoke existing operator key(s) via the web-based management console.
Power-up of Bloombase servers/appliances only starts the management modules for local and remote administration. Actual cryptographic processes are started only when a valid operator key is presented remotely via the web-based management console or locally/physically at the hardware appliance.
Bloombase operator key is protected by pin. Bloombase operator key automatically blocks by itself on 3 successive pin failure. Spitfire administrators can unblock Spitfire operator key with their own unblock pin assigned during initialization sequence.
In worst case scenario where unblock pin is forgotten, administrator can reformat a Spitfire operator key with transport key supplied by Bloombase as a last resort. Care should be taken because on format of Bloombase operator key, all contents are to be erased and there is no known procedure where erased contents can be recovered and unformatted.