With the latest release of CZERTAINLY platform, we have introduced cryptographic key management and automation features. It allows to generate symmetric and asymmetric keys and supports the lifecycle of cryptographic key operations.
For easy integration of literally any cryptographic technology, we have prepared the so called Cryptography Provider interface. It can be used to connect with software key stores, hardware modules, or any cloud-based technology.
The key management and automation is integrated with certificate management and automation and for the future use cases and we’re planning to support more general key management use cases, including interfaces like PKCS#11 or protocols like KMIP.
Cryptography Provider is used to connect to specific technologies that are capable of managing and using cryptographic keys. Independently of the technology it is connected to, it provides interfaces to manage cryptographic tokens and cryptographic keys in a consistent way.
A logical unit maintaining its cryptographic keys is called “The Token”. The solution supports as many tokens as is required with proper authentication or activation data.
When there is a need to use a cryptographic key, CZERTAINLY platform can request operation on top of some specific key and the operation will be executed in the technology through the Cryptography Provider implementation.
For more information, see Cryptography Provider.
Experimental support for PQC algorithms
With the implementation of Cryptography Provider we have also added experimental support for post-quantum cryptography algorithms to the CZERTAINLY platform.
The PQC algorithms can be used to sign request and if the certification authority supports it, certificates can be issued and managed in the inventory.
For more information, see Key Management.
Encryption management compliance
There are standards and regulations that needs encryption like PCI , EMVCo, NIST, PSD2, ISO, GDPR, SOX, eIDAS, GLBA, HIPAA, and many more.
In most case, you need to comply with at least one of them and provide evidence that the key management practices are designed and followed in a proper, secure, and trusted way. For example:
- generation, distribution, and installation of keying material
- controlling the use of keying material
- update, revocation, and destruction of keying material
- storage, backup/recovery, and archival of keying material
CZERTAINLY platform can help you to build your encryption management strategy and use it across various use cases consistently. The agility is built-in, so you do not have to worry about changing deprecated algorithms, or post-quantum algorithms!
Keys, tokens, and token profiles
There are couple of good resources where you can read more about how the cryptographic keys management and automation works using CZERTAINLY:
keys, tokens, and token profiles:
We can also recommend reading article about importance of key attributes.
Get more information about the CZERTAINLY
CZERTAINLY is an open-source platform for effective and efficient trust lifecycle management for companies of any size and individuals. One of its goals is to provide an easy and affordable way to secure digital communication and support information security in more and more connected world.
Do not hesitate to get in touch with us!