You can now store sensitive keys either in the database or in an HSM. Currently, you can store the various encryption keys and the CA Strong Authentication Server listener SSL key in the HSM. The following table lists the requirements for the supported HSM modules.
|
HSM Module |
Java Cryptography Extension (JCE) |
PKCS #11 |
|---|---|---|
|
Thales nCipher netHSM (or nCipher netHSM) |
JCE framework provided with the 32-bit versions of JDK 5.0, JDK 6.0, and JDK 7.0 |
pkcs11v2.01 |
|
SafeNet High Availability HSM (or Luna HSM) |
Note: The decision to use and configure an HSM, if required, must be made while you are still in the planning and preparation stages. Otherwise, you will need to re-initialize the database later, because all your current encryption would use keys in software.
The following sections provide information about software requirements:
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|