You can now store sensitive keys either in the database or in an HSM. Currently, you can store the various encryption keys and the RiskMinder Server listener SSL key in the HSM. The following table lists the requirements for the supported HSM modules.
|
HSM Module |
Java Cryptography Extension (JCE) |
PKCS #11 |
|---|---|---|
|
Thales nCipher netHSM (or nCipher netHSM) |
JCE framework provided with 32-bit versions of JDK 5.0, JDK 6.0, and JDK 7.0
|
pkcs11v2.01 |
|
SafeNet High Availability HSM (or Luna HSM) |
Note: The decision to use and configure an HSM, if necessary, must be made while you are still in the planning and preparation stages. Otherwise, you must initialize the database again later, because all your current encryption would use keys in software.
|
Copyright © 2013 CA.
All rights reserved.
|
|