You can now store sensitive keys either in the database or in an HSM. Currently, you can store the various encryption keys and the Strong Authentication Server listener SSL key in the HSM. The following table lists the requirements for the supported HSM modules.
|
HSM Module |
Java Cryptography Extension (JCE) |
PKCS #11 |
|---|---|---|
|
Thales nCipher netHSM (or nCipher netHSM) |
JCE framework provided with the 32-bit versions of JDK 5.0, JDK 6.0, and JDK 7.0 |
pkcs11v2.01 |
|
SafeNet High Availability HSM (or Luna HSM) |
Note: The decision to use and configure an HSM, if required, must be made while you are still in the planning and preparation stages. Otherwise, you will need to re-initialize the database later, because all your current encryption would use keys in software.
See the Product Support Matrix for a list of software requirements.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|