eHSM Product Info

eHSM Photo
Openvpn Logo Created with Sketch.

Product Features and Benefits

Not familiar with the general concept of using a Hardware Security Module? First read what is a HSM.
Just need the details? Read the specifications and documentation

Compatible with existing software

Because it fully implements the PKCS#11 standard, it works out of the box with existing software like EJBCA (to protect Certificate Authority keys), Adobe Reader DC (for document signing and encryption), VPN servers and clients (ie. OpenVPN), Webservers (Apache), Database servers (Oracle), OpenSSH, Thunderbird (signing and encrypting emails), Firefox, Disk volume encryption (VeraCrypt), etc.

Multiple standards and API’s

Interfaces via the industry standard PKCS#11 2.40, Microsoft CNG, Java Cryptography Architecture (JCA) and Java Cryptography Extension (JCE). Support for Native libraries on Windows, Linux and Mac OS X.

This eases integration into existing as well as custom applications.

Hardware Authenticator

Implements the FIDO2 (U2F/CTAP1 and CTAP2) specification and has support for TOTP (2FA) using the eHSM Manager.

This enables strong multi factor authentication with most known webservices (like Google, Facebook, GitHub etc.) and Microsoft accounts.

Secure key storage

With eHSM you can import, create and store cryptographic keys safely. Keys are stored encrypted with master keys in tamper proof silicon that can only be unlocked with the user password. Its hardware and operating system free nature safeguards your keys from being stolen or copied without your knowledge.

This protects your keys from ransomware as well as malware and viruses.

Advanced ciphers

eHSM supports RSA, ECDSA (with a wide range of elliptic curves), multiple symmetric algorithms (AES, DES3 etc.), HMACs as well as hashing and key wrapping.

This offers flexibility and support for a wide range of operational requirements as well as legislative compliance.

Secure key handling

Cryptographic operations are performed on the eHSM itself (when unlocked with a user PIN/password) - the keys never leave the secure module.

This prevents access to the keys even when a server is compromised either by external attacks or even employees with inside knowledge.

Tamper proof

Our device logs all events and will stop certain functions if it finds that it has been tampered with and eventually destroy the keys it contains.

This provides an additional layer of security.

Secure communication

Our solution creates a secure tunnel between your applications and eHSM to protect data communicated while the HSM is in use.

Networked device

To enhance its reach, eHSM can be securely shared on your network and thus provides access to applications across multiple physical and virtual servers.