Header-Banner

Luna CA4 HSM

Strongest Protection of the PKI Root Key

Luna CA4

Maintain PKI Integrity

The SafeNet Luna CA4 addresses the security and operational needs required to maintain the integrity of PKIs with true hardware key management, trusted path multi-person authentication, and direct hardware-to-hardware backup.

Optimal Root Key Protection

The SafeNet Luna CA4 offers the strictest hardware security for Certificate Authorities (CAs) issuing digital identities in PKIs. Luna CA4 protects the PKI root key and performs all key management, key storage, and key operations (such as digital signing) exclusively within hardware.

Comprehensive security policies, split user roles, and two-factor, trusted path authentication prevent unauthorized access to critical root keys. Direct hardware-to-hardware backup permits auditable backups of key material for backup and disaster recovery.

Integrates with Leading Certificate Authority Software

Tight integration with leading Certificate Authority software makes it easy to add security and integrity to enterprise PKIs:

  • Microsoft
  • Entrust
  • VeriSign
  • RSA; and more

Case Studies

View Характеристики Resource Library

Operating Systems

• Microsoft Windows 2003 (32 & 64-bit)
• Microsoft Windows 2008 (64-bit)
• Solaris 10 (32 & 64-bit)
• Linux E4, E5 K 2.6 (32 & 64-bit) cryptographic performance
• 25 1024-bit RSA digital signatures per second

Cryptographic Algorithms

  • Asymmetric Key Encryption and Key Exchange
  • RSA (512-4096 bit), PKCS #1 v1.5, OAEP PKCS#1 v2.0
  • Diffie-Hellman (512-1024 bit) Suite B Algorithm

Support

  • ECC Support
  • ECDSA

Digital Signing

  • RSA (512-4096-bit), DSA (512-1024-bit), PKCS #1 v1.5

Symmetric Key Algorithms

  • DES, TDES (double & triple key lengths), RC2, RC4, RC5, CAST-3, CAST-128, AES, ARIA Hash Digest Algorithms
    SHA-1, MD-2, MD-5, SHA256, SHA512 , SHA-224, SHA-384

Message Authentication Codes

  • HMAC-MD5, HMAC-SHA-1, SSL3-MD5-MAC, SSL3-SHA-1-MAC

ECC Brainpool Curves (named and user-defined) Object Limit

  • 1280 object limit
View Возможности и преимущества Resource Library

 Features:

  • Secure Key Storage
  • Keys are 3DES encrypted, encoded with M of N encryption, and stored on a tamper-proof hardware security token to ensure integrity.
  • Two-factor Trusted Path Authentication - true two-factor, trusted path, multi-person authentication of HSM administrative users to prevent unauthorized access to sensitive HSM administration functions
  • Common Criteria at EAL 4+ (in process) 
  • FIPS 140-2, Level 3 Validated 
  • Easy Hardware Key Management - hardware-based key life cycle management from generation, verification, storage, and backup. All key operations are performed exclusively within hardware to prevent unauthorized access to keys.
  • Easy Integration
  • Support for PKCS#11 Open API and Microsoft CryptoAPI allow easy integration with your custom solutions. In addition, existing Luna CA3 models can be easily migrated to the Luna CA4


Benefits:

  • Satisfies government and industry mandates for key management
  • First HSM to achieve support with Microsoft SQL Server
  • Integrates with leading certificate authority software – including Microsoft Certificate Services, Entrust Authority, VeriSign,  RSA and more
View Обзор Resource Library
soa image