Cryptographic key management and automation

/ Innovation, News, Technology / By / February 23, 2023 / Automation, Certificate, Cryptography, CZERTAINLY, eIDAS, EMV, ETSI, Freedom, GDPR, GLBA, HIPAA, HSM, Innovation, ISO, Keys, Keystore, KMIP, KMS, Lifecycle, Management, NIST, Open Source, PCI, PKCS, PKI, Platform, Protection, Provider, Security, Signature, SOX, Technology, Token, Vault

With the latest release of CZERTAINLY platform, we have introduced cryptographic key management and automation features. It allows to generate symmetric and asymmetric keys and supports the lifecycle of cryptographic key operations.

For easy integration of literally any cryptographic technology, we have prepared the so called Cryptography Provider interface. It can be used to connect with software key stores, hardware modules, or any cloud-based technology.

The key management and automation is integrated with certificate management and automation and for the future use cases and we’re planning to support more general key management use cases, including interfaces like PKCS#11 or protocols like KMIP.

Cryptography Provider

Cryptography Provider is used to connect to specific technologies that are capable of managing and using cryptographic keys. Independently of the technology it is connected to, it provides interfaces to manage cryptographic tokens and cryptographic keys in a consistent way.

A logical unit maintaining its cryptographic keys is called “The Token”. The solution supports as many tokens as is required with proper authentication or activation data.

When there is a need to use a cryptographic key, CZERTAINLY platform can request operation on top of some specific key and the operation will be executed in the technology through the Cryptography Provider implementation.

For more information, see Cryptography Provider.

Experimental support for PQC algorithms

With the implementation of Cryptography Provider we have also added experimental support for post-quantum cryptography algorithms to the CZERTAINLY platform.

The PQC algorithms can be used to sign request and if the certification authority supports it, certificates can be issued and managed in the inventory.

For more information, see Key Management.

Encryption management compliance

There are standards and regulations that needs encryption like PCI , EMVCo, NIST, PSD2, ISO, GDPR, SOX, eIDAS, GLBA, HIPAA, and many more.

In most case, you need to comply with at least one of them and provide evidence that the key management practices are designed and followed in a proper, secure, and trusted way. For example:

  • generation, distribution, and installation of keying material
  • controlling the use of keying material
  • update, revocation, and destruction of keying material
  • storage, backup/recovery, and archival of keying material

CZERTAINLY platform can help you to build your encryption management strategy and use it across various use cases consistently. The agility is built-in, so you do not have to worry about changing deprecated algorithms, or post-quantum algorithms!

Keys, tokens, and token profiles

There are couple of good resources where you can read more about how the cryptographic keys management and automation works using CZERTAINLY:

keys, tokens, and token profiles:

We can also recommend reading article about importance of key attributes.

Get more information about the CZERTAINLY

CZERTAINLY is an open-source platform for effective and efficient trust lifecycle management for companies of any size and individuals. One of its goals is to provide an easy and affordable way to secure digital communication and support information security in more and more connected world.

Need Help

Do not hesitate to get in touch with us!

Contact us