Luna SA

Flexible, Ethernet-attached Hardware Security Module

Luna SA

Award-Winning Hardware Security Module

Luna SA is the choice for enterprises requiring strong cryptographic security for paper-to-digital initiatives, digital signatures, DNSSEC, hardware key storage, transactional acceleration, certificate signing, code or document signing, bulk key generation, data encryption, and more. 

Scalable Security for Virtual and Cloud Environments

  • Virtual Platform Support- vSphere, Microsoft Hyper-V, and Citrix XenServer
  • Digital Certificate Authentication

Market Leading Performance

  • The only HSM on the market that delivers high performance implementations for the full range of Suite B cryptographic algorithms.
  • First HSM to integrate with Microsoft SQL Server 2008 & integration with SQL Server 2008 R2
  • Cryptographic acceleration up to 6,000 1024-bit RSA tps; 400 384-bit ECC tps 

Management and Operational Cost Savings

  • Central Administration -Remote PED
  • Cost Savings - PKI Bundle

High Assurance Trust HSM

  • FIPS validated (Luna SA 5.0, in process)
  • CC  EAL 4+ certified cryptographic module (Luna SA 4.1 key card)
  • Dual, hot-swappable power supply ensuring consistent performance and no down-time
  • Ethernet connectivity for flexible deployment/communication with other network devices

Secure Hardware Key Management and Cryptographic Processing 

SafeNet Luna SA HSM ensures the integrity and security of cryptographic operations in a robust, high- availability appliance. Luna SA is capable of up to 6,000 RSA and 400 ECC transactions per second and offers optional standalone authentication to protect the most demanding security applications. 

Remote Central Administration

The Remote PED  (PIN entry device) is an authentication device that connects to a remote Windows workstation via USB, and communicates over a secure network connection to a Luna SA. Full PED functionality facilitates management of security administration functions by offering the security administrator to centrally manage administration rights remotely by simply inserting the required key, and entering the secret PIN into the PED. 

Cost Savings with PKI Bundle

With the SafeNet Luna SA PKI Bundle solution, product and maintenance costs are dramatically reduced by combining HSM functionality that usually requires 2 or more HSMs into a single HSM "bundle" of modular functions. For CAs with certificates and root keys, for example, rather than requiring separate HSMs for key generation and key export for offline and online root CAs respectively, the requirements can be fulfilled by only 1 Luna SA HSM which stores keys in hardware achieving FIPS 140-2 L3 security (Luna SA version 4.4). 

Luna SA 5.0 Architectural Diagram

For Solution Partners/Integrators/Developers

As a component of a multi-part solution, the success of a SafeNet HSM relies on global partners integrating with the HSM as quickly and easily as possible, all for an attractive price. SafeNet remains at the forefront of global interoperability, offering integrations with latest technologies from the following to name a few. To request specific integration guides, or search for one of our more than 600 partners, access the Partner Search page or click on the partner of your choice:

Adobe Apache Microsoft
IBM Entrust Red Hat
Oracle Gemalto ActivIdentity
Sun                       VeriSign                  

View Характеристики Resource Library

Operating Systems

  • Windows 2003, 2008 R2
  • Solaris 9 (SPARC), 10 (SPARC and x86)
  • Linux E4, E5
  • SuSE 10, 11
  • AIX 5.3, 6.1
  • HP-UX 11i (PA-RISC and Itanium)
  • VM Ware
  • Hyper-V
  • Xen

Cryptographic APIs

  • PKCS#11, Microsoft CAPI, and CNG
  • OpenSSL

Cryptographic Functions

  • True hardware accelerated random number generation (Annex C of ANSI X9.17)
  • Symmetric and asymmetric key pair generation
  • Encryption and decryption
  • RSA
  • Digital signing

Industry Regulatory Standards

  • Includes a FIPS 140-2 Level 3 validated cryptographic module (Luna SA 4.4)
  • Includes a CC EAL 4+ certified cryptographic module (Luna SA 4.4)
  • U/L 1950 (EN60950) & CSA C22.2 compliant
  • FCC Part 15 - Class B
  • RoHS compliant
  • BAC and EAC ePassport certification
View Возможности и преимущества Resource Library


  • PKI Bundle
  • Multi-level access control
  • Intrusion-resistant, tamper-evident hardware
  • Strongest cryptographic algorithm
  • Suite B Algorithm Support
  • Keys in hardware
  • Cryptographic acceleration of up to 6,000 1024-bit RSA tps; 400 384-bit ECC tps in test environments
  • Allows up to 20 unique partitions
  • Remote PED
  • Software upgradeable
  • Dual, hot-swappable power
    supply ensuring consistent
    performance and no down-time
  • Secure transport mode


  • Compliant: meets industry regulatory standards
  • Customizable: wide range of configurations
  • Future-proof: software is upgradeable
View Обзор Resource Library

Продукты партнеров

CTA Enterprise Key Managment CTA
Microsoft sql sol brief image