The VS-NfD-compliant solution of CryptoServer General Purpose HSM for key processing and storage
- The only BSI-approved HSM on the market
- Approved up to classification RESTREINT UE/EU RESTRICTED, NATO RESTRICTED, and VS-NfD
- Secure key processing and storage in a high-security environment
Key Benefits
Details
VS-NfD compliance version for CryptoServer General Purpose HSM – Processing of classified data inside a tamper-proof hard-ware security module
As the only BSI-approved VS-NfD HSM on the market, the CryptoServer HSM platform with the VS-NfD compliance version offers the ideal solution for various VS-NfD-compliant applications such as certificate creation for authentication and access control or secure key generation and management. It is the central trust anchor for the backup and processing of classified data according to VS-NfD, RESTREINT UE/EU RESTRICTED and NATO RESTRICTED.
The listings for the various approvals can be viewed at the following links.
Features
Easy integration
- Support for Windows and Linux operating systems.
- Wide range of integration options
- Supports standardized interfaces, e.g. PKCS #11 and Microsoft Cryptography Next Generation (CNG)
- UTIMACO Cryptographic eXtended services Interface (CXI) for easy integration into your own applications
Comprehensive key management with key authorization
- Multi-client capability
- Remote Management
- Secure firmware update
- Reliable access control
Configurable role-based access control and segregation of duties
- “m out of n” quorum authentication (e.g. 3 out of 5)
- 2-factor authentication using smart cards
Meets the highest safety requirements
- VS-NfD approval
- RESTREINT UE/EU RESTRICTED and NATO RESTRICTED approval
- Common Criteria EAL4+ certified
- Protection against attacks by passive and active tamper protection mechanisms
Free, fully functional simulator
- Dedicated software simulator for evaluation and integration testing
Technical Specifications
Support of numerous cryptographic algorithms
- RSA, ECDSA with NIST and Brainpool curves
- ECDH with NIST and Brainpool curves
- AES
- CMAC, HMAC
- SHA2 family, SHA3
- Hash-based deterministic random number generator (DRG.4 according to AIS 31)
- True random number generator (PTG.2 according to AIS 31)
- Up to 3000 RSA or 2500 ECDSA signature operations when processing in bulk mode