The BlackVault Hardware Security Module (HSM) is a network attached general purpose FIPS 140-2 Level 3 HSM with unique functionality making authentication, security, compliance, and ease of use paramount.
Public Key Cryptography for generating and protecting public and private keys.
Powerful Features Its powerful features include a compact form factor, smart card reader, integrated touch screen color display, tamper reactive silicon die shield, long battery life, networked and off-line operation with Ethernet and USB ports, and much more.
BV Tool Is aPowerful, easy to use, PKCS#11 CLI tool able to perform many different cryptographic operations that comes with every BlackVault HSM and works on Windows/Linux/MacOS both physical and virtualized. Some of the functions are:.
• Create Keys
• Delete Keys
• Key Import/Export Wrap/Unwrap
• Self-Signed Certificates
As Well as...
• Sign/Verify Files
• Encrypt/Decrypt Files
Able to utilize AES, RSA EC, and DSA key types. Sign using various hashes including but not limited to SHA256, SHA384, and SHA512.
Easy to Integrate
BlackVault easily integrates into a variety of applications, supporting numerous crypto APIs including PKCS#11, Java (JCE) and Microsoft CAPI / CNG, across a variety of operating systems.
A SDK comes with a purchase of an HSM designed to help you integrate your application with the BlackVault through its PKCS#11 interface.
- Includes example code of Python and C++
Simple easy to use integration guides with step by step walkthroughs to get you up and running with a variety of applications including:
• Android Dev Studio
• Microsoft Active Directory Certificate Services
FEATURE: REST API
Engage Black introduces full support for Representational State Transfer (REST) Application Programming Interface (API). The REST API allows a BlackVault HSM operator to request a resource or service through a URL path, these paths contain endpoints that perform an action. Requests and responses are application/json content type and follow the common HTTP response status codes for success and failure.
Integration Made Easy BlackVault HSM support of the REST API makes integration with external systems and components seamless. Slots are independent User partitions that reside within the BlackVault HSM. Each Slot has its own Data, Access Controls, Security Policies, and are independent from other HSM Slots.
FEATURE: MULTIPLE SEPARATE SLOTS
Slot Access Control Only those authorized can access cryptographic material they require; each Slot has unique login credentials that can be configured with two factor authentication and M of N. Slot based TLS Client, Server Authentication, and IP Address Whitelisting ensures that the network connection is authorized and secure. This creates flexibility for applications requiring different controls and separate administration access on their cryptographic material.
RS OPTION - FEATURE: MULTIPLE SEPARATE SLOTS TLS Client Authentication
Portable / Embeddable Form Factor Its compact “hard drive” form-factor and redundant, battery-backed, solid state key storage allow BlackVault to be moved to a secure room or safe without loss or compromise of root keys or other cryptographic material. Its small form factor with USB connection and power also supports mounting BlackVault within application servers and other compact environments.
Trusted Path Authentication The intuitive touch screen display with randomized keypad provides a certified trust path for configuration, PIN entry, and backup operations. This eliminates the risk of compromise from intermediary software or devices.
In addition, the integrated smart card reader facilitates two-factor authentication, and advanced “M of N” Quorum approval. This ensures that no single individual can authorize administrative or operational actions.
Real Time Audits Constantly updated configuration and operation information provide Security Administrators with the data to discover anomalous activity or failure of critical functions. Audit information can be sent to a trusted entity and is protected to prevent unauthorized access, modification, or deletion.
Military Grade Tamper Reactive BlackVault cryptographic boundary is within the silicon of its secure CPU. This silicon die shield has dynamic fault detection with real-time environmental and tamper detection circuitry. It also avoids inadvertent tamper, making the BlackVault safe to transport. When a tamper event is detected, the Cryptographic keys are zeroized (deleted).
Ideal for Many Applications The BlackVault is an independently certified standards based network attached hsm (hardware security module) that performs key management and cryptographic operations for enterprises, certificate authorities, government, and a growing list of organizations requiring strong security for PKI, digital certificates, code signing, document signing, cryptographic key storage, data encryption, key generation and regulatory compliance in cloud companion, networked and off-line (air-gap) operations.
Certificate Authority (online and off-line)
Smart Card Issuance
Intrusion Tamper Reactive Hardware (Level 3+)
Single Trust Path Touch Screen User Interface
Integrated Smart Card Reader
Network and USB Connectivity
Solid State Construction (“Transport Safe”)
Highly Secure Silicon Die Shield Crypto Boundary
Multiple Administrative Roles
"M of N" Multi-factor Authentication
Key Backup / Cloning
Full Suite B Cryptography
Secure Keys in Tamper Reactive Hardware
Generate, Store, Backup and Decommission Keys
Expedite Regulatory Compliance Audits
Securely Transport Keys, Certificates, Signatures, etc.