Introduction
This guide describes how to:
-
install and configure Entrust Cryptographic Security Platform Key Management Vault
-
integrate Entrust Cryptographic Security Platform Key Management Vault and Entrust nShield HSM for establishing a hardware root of trust for all encryption keys
-
protect the Cryptographic Security Platform Key Management Vault Admin Key in the HSM
When all of these procedures are performed, the combined solution facilitates regulatory compliance with a FIPS 140 Level 3 and Common Criteria EAL4+ root of trust.
|
Product configuration
Entrust has successfully tested nShield HSM integration with Key Management Vault in the following configurations:
| Vendor | Product | Version |
|---|---|---|
Entrust |
Cryptographic Security Platform |
1.3 |
Entrust |
Key Management Vault |
10.5.1 |
Entrust |
Compliance Manager |
10.5.1 |
Entrust |
nShield Security World |
13.9.0 |
Entrust |
nShield HSM hardware |
Connect XC, nShield 5c |
Supported features
Entrust has successfully tested nShield HSM integration with the following features:
| Feature | Support |
|---|---|
Softcards |
Yes |
Module-only key |
Not Supported |
OCS cards |
For FIPS Authorization Only |
nSaaS |
Not tested |
Supported nShield hardware and software versions
Entrust has successfully tested with the following nShield hardware and software versions:
| HSM | Security World Software | Firmware | Image |
|---|---|---|---|
Connect XC |
13.9.0 |
13.8.3 (Post-quantum Supported Firmware) |
13.9.3 |
nShield 5c |
13.9.0 |
13.8.4 (Post-quantum Supported Firmware) |
13.9.3 |
Connect XC |
13.9.0 |
13.6.14 |
|
nShield 5c |
13.9.0 |
13.6.14 |
|
Connect XC |
13.9.0 |
13.6.14 |
|
nShield 5c |
13.9.0 |
13.6.14 |