Key Management Solutions that...

  • Generate, distribute, store, rotate and revoke crypto keys
  • Protect the crypto key lifecycle and meet compliance objectives
  • Integrate Hardware Security Module (HSM) functionality
  • Provide multi-factor and quorum authentication
  • Offer innovative and intuitive management and control
Blue-fingerprint Code Signing.jpg

Key Management

The growing threat landscape, with almost daily reports of data theft and security breeches, is driving the need for data encryption. More encryption means more cryptographic keys. However, when keys are compromised, encryption is no longer effective. Unfortunately, proper key security is often lacking.

Many organizations still store keys in software—a poor choice as hacks capture both data and the keys used to encrypt that data. The result is exposure of critical data harmful to both your organization and customers.

Keys should be stored in a separate hardware device. USB tokens and Smart cards are often used, but with the growing number of keys, it’s difficult to track them, monitor who has possession, or determine if they have been lost or stolen.

Black Vault CYNR image

Hardware Security Modules (HSMs) ensure keys are secure and confidential, limiting access to only those who need it. Unencrypted keys never exist outside the HSM and all key related operations occur inside the HSM. They also provide physical and logical barriers to attack and tampering; unavailable to USB tokens, smart cards, or software.

Engage BlackVault is a cryptographic appliance with a built-in FIPS Level 3 Hardware Security Module (HSM). It supports the complete key management life cycle and is available as a Code / Document Signing appliance, Certificate Authority (CA), or fully featured HSM. BlackVault makes meeting key management best practices straight forward, secure, and affordable.

Key Management with the BlackVault

The BlackVault platform provides maximum protection for cryptographic keys. It’s FIPS 140-2 Level 3 tamper reactive, silicon based, cryptographic boundary ensures keys and other cryptographic material cannot be compromised. An attempt to defeat the BlackVault’sphysical, environmental, and electronic protection mechanisms causes keys to be deleted (zeroized).

The BlackVault platform also has a unique single trust path authentication mechanism. Two factor authentication is determined directly at the BlackVault by inserting a smart card into the smart card reader and entering your PIN on its touch screen display. This prevents compromised third party devices from gaining access to the BlackVault platform.

An "M of N" quorum can also be established for Crypto Officer, User, and Key Backup / Restore authentication. In this case, a minimum of "M" personnel (smart cards / PINs) must be present to authorize an action by the BlackVault. For example, a new code release cannot be digitally signed unless Engineering, QA and Product Management “sign-off” on the release.

The BlackVault platform includes both USB and Ethernet ports for on-line as well as off-line (air-gapped) applications. The USB port is also used for off-line file transfer and key backup. Backups are encrypted and the backup encryption key can be distributed across multiple smart cards. The Ethernet port is a secure TLS connection.

Compact and portable, with a battery life measured in decades, the BlackVault is easily transported and stored in a safe or other secure location.

With a menu driven touch screen display, and built-in applications, the BlackVault achieves a new level of simplicity and ease-of-use for what has traditionally been very complex functions.

Behind the scenes, the BlackVault platform supports the most advanced cryptographic algorithms and popular cryptographic APIs.

Technology Comparison

 CapabilityBlackVaultSoftwareUSB TokenSmart Card
    Key Generation in HardwareYesNoOften NoOften No
    Hardware is Tamper ReactiveYesNoNoNo
    Safe Key BackupYesNoNoNo  
    Integrated ApplicationsYesYesNoNo
    Multifactor AuthenticationYesNoNoNo
    Quorum AuthorizationYesNoNoNo
    Single Trust Path SupportYesNoNoNo
    Networked and Off-lineYesNoNoNo

BlackVault HSM

Securely sign code by integrating this easy-to-use and highly secure HSM platform into your development environment

  • Supports all major crypto APIs
  • Easily installs in your development environment
  • Application software available for JAR signing
  • Compact and portable, long battery life
  • Facilitates best practices

BlackVault CA

With this standalone platform, manage certificates without the complexity of installing and operating general purpose OSs and HSMs

  • Define roles and authentication process
  • Create key and optional certificate
  • Load code and sign
  • Control from integrated touch screen display

 

BlackVault CYNR

As a standalone platform, sign code without the complexities of installing and operating general purpose OSs and HSMs

  • Boots up ready to sign code
  • Define roles and authentication process
  • Create key and optional certificate
  • Load code and sign
  • Control from integrated touch screen display

Secure Code Signing with...

Java Jar

Java Jar

Eclipse IDE

eclipse_logo image

Android Studio

android studio.png
More about The BlackVault

Data Sheet

Hardware security platform image
Engage Black News

Engage logo 990000 rev 2.000
9565 Soquel Drive Dr,
Aptos, CA 95003
 
Telephone: +1-831-688-1021
Toll Free : +1-877-ENGAGE4
Designed, Fabricated, and Assembled
in America icon
Supported Worldwide