Introduction
|
Entrust KeyControl has been rebranded as the Entrust Cryptographic Security Platform (CSP) Key Manager. The Entrust CSP Key Manager continues to provide a comprehensive solution for discovering and managing the lifecycles of cryptographic keys, secrets, certificates, tokens, libraries, protocols, and configurations:
Because the Entrust integrations are tested against specific product versions, this guide is still branded as a "KeyControl" integration. It was tested against a pre-CSP version of KeyControl. Exercise caution when using an Entrust Integration Guide with a product version that does not match the tested version, because your version might not function in exactly the same way. Entrust cannot guarantee the success of integrations in configurations other than those indicated in the guide. This guide remains on the website for customers using pre-CSP versions of KeyControl. |
This guide describes:
-
The procedure to install and configure KeyControl Vault.
-
The procedure to integrate Entrust KeyControl Vault and Entrust nShield HSM for establishing a hardware root of trust for all encryption keys.
-
The procedure to protect the KeyControl Vault Admin Key in the HSM.
When all of these procedures are performed, the combined solution facilitates regulatory compliance with a FIPS 140 Level 3 and Common Criteria EAL4+ root of trust.
|
Product configuration
Entrust has successfully tested nShield HSM integration with KeyControl Vault in the following configurations:
| Product | Version |
|---|---|
KeyControl Vault |
10.4.3 |
nShield HSM hardware |
Connect XC, nShield 5c |
Supported features
Entrust has successfully tested nShield HSM integration with the following features:
| Feature | Support |
|---|---|
Softcards |
Yes |
Module-only key |
Not Supported |
OCS cards |
For FIPS Authorization Only |
nSaaS |
Not tested |