The professional development kit for HSM solutions
- A professional development kit for UTIMACO u.trust Anchor platform
- Custom firmware development based on algorithms and functions of choice
- Full customizability ensuring complete flexibility
- Simulator for SDK: Test and validate the custom firmware with the simulator before the actual deployment
The professional development kit for customized HSM solutions
Although widely used cryptographic APIs such as PKCS #11 or JCE support many cryptographic algorithms and mechanisms, their use may be limited or impossible in certain use cases. For example, chip personalization and key injection often involve multiple cryptographic operations. Starting with the generation of unique keys or derivation of such keys from a secret master key using device-specific information, which includes assembling these keys and additional information into a well-defined personalization record to finally encrypting this record under a transport key.
Implementing such a sequence of operations using industry-standard cryptographic APIs results in multiple function calls may return intermediate and sensitive results outside the HSM and, in the worst-case scenario, failure due to the required key derivation function not being supported by the standardized cryptographic API.
u.trust Anchor SDK enables the creation of customized applications, such as proprietary algorithms, key derivation functions, or complex protocols as firmware modules that run within the tamper-proof environment of u.trust Anchor platform. Standard programming languages and integration with common development environments and toolchains are supported.
u.trust Anchor SDK enables to develop the custom firmware for low-to-high performance environments as well as for as-a-service offerings. With u.trust Anchor platform, it is available for SecurityServer Se100, SecurityServer Se2k, SecurityServer Se5k, SecurityServer Se15k, SecurityServer Se40k, and u.trust Anchor CSAR (Premium, Plus, and standard).
- Allows complete control over firmware functionality with manufacturer-independent development
- No review or approval by UTIMACO is required
- Provides a choice of either proprietary interface or PKCS #11 Vendor Defined Mechanism for application integration
Easy to use
- The u.trust Anchor SDK uses standard programming languages and popular development environments
- Provides sample code for firmware modules and host-side applications, including project files, and make files
- Provides an HSM simulator for testing and debugging of new firmware in Windows or Linux development environment
SDK for Simulator
- Test and validate the custom firmware with the simulator before the actual deployment
- The tested and validated firmware can be directly deployed on the purchased HSMs
- Developer training available
- Support provided on the developer level via phone and email
Full Support firmware
- SecurityServer Se100
- SecurityServer Se2k
- SecurityServer Se5k
- SecurityServer Se15k
- SecurityServer Se40k
- u.trust Anchor CSAR
Supports Various Cryptographic Algorithms
- RSA, DSA, ECDSA with NIST and Brainpool curves, EdDSA
- DH, ECDH with NIST, Brainpool, and Montgomery curves
- AES, Triple-DES, DES
- MAC, CMAC, HMAC
- SHA-1, SHA-2, SHA-3, RIPEMD
- Chinese Algorithms – SM2, SM3, SM4
- Hash-based deterministic random number generator
- True random number generator
- Reduced price for HSMs in development environments
- No additional costs for each delivered application
- All supported cryptographic algorithms are included
UTIMACO’s general purpose HSM utilizes tamper-responsive technology to secure cryptographic key infrastructures, making it ideally suited for applications and market segments with high physical security requirements.
u.trust Anchor CSAR
The world’s first converged crypto platform for payment and general purpose HSM use case enabling to offer HSM-as-a-Service and providing true multi-tenancy.