Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Acala Benefits
• Lowers cost
• Enhances security
• Enforces strict password quality requirements
• Audits all private key operations
• May be easily deployed and managed
• Appropriate for oganizations of any size
• Uses NIST CMVP-validated FIPS 140-2 cryptography and today’s proven standards, including ANSI X.509 and IETF PKIX, TLS, and S/MIME
infoseccorp
@infoseccorp
/infsec.us
Information SecurityCORPORATION
Acala emulates a hardware security module to protect X.509 certificates and private keys. It provides a secure environment for cryptographic operations that nearly all security-enabled applications can access.
Overview
Acala affords an organization’s servers the functionality of a physical hardware security module (HSM) for a fraction of the cost. It stores each servers’ credentials in a single encrypted file on any designated storage device (e.g., local hard drive, network share, or removable memory device), and provides cryptographic operations to security-enabled programs through a PKCS#11 application programming interface.
CSfC Applications
In some instances, Acala may be used in a CSfC solution as the PKCS#11 cryptographic provider for CertAgent, ISC’s Certificate Authority.Acala also includes a key generation feature to generate symmetric keys for use in CSfC solutions that don’t use a PKI.
Use Cases for Acala
Safeguarding Keys in a Low Assurance CertAgent DeploymentAcala’s software protection of a CA’s sensitive keys, combined with sufficient protection of the system on which both Acala and the certificate authority reside, enables a low cost solution for a low assuarance certificate authority
Generating Pre-shared Keys for a IKEv1 VPNAcala supports the generation of symmetric keys in an IPSEC VPN using IKEv1 deployment
Securing Keys in a Prototype, Test, or Development CertAgent EffortAcala allows the quick establishment of a certificate authority for prototype, test, or development purposes without the expense of a true hardware security module
Information SecurityCORPORATION
©2019 Information Security Corporation. All rights reserved. CertAgent, CSPid, SecretAgent, and SpyProof! are registered trademarks of Information Security Corporation and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners. Specifications quoted herein are subject to change without notice.
EXPORT INFORMATIONAcala may be freely exported to all but a handful of embargoed countries and denied parties under License Exception ENC:
ECCN 5D002 (C.1); CCATS: Pending
TECHNICAL SPECIFICATIONS• Complies with NIST FIPS
140-2 Level 1 requirements• Exports a PKCS#11 version
2.20 compliant API• Imports and exports PKCS#12,
PKCS#7, and ASN.1 DER-encoded X.509 certificates
• Generates up to 8192-bit RSA and up to 571-bit ECDSA PKCS#10 requests
• Supports SHA-256, SHA-384, and SHA-512
• Employs password-protected PKCS#15 PDUs for key storage on local, removable, or network-attached drives, using AES-256 for confidentiality and HMAC-SHA-512 for integrity checking
SUPPORTED PLATFORMS• Windows Server 2012 R2 or above• Windows 7, 8, 8.1, 10, or above• CentOS 6.7 (Linux Kernel 2.6) or
above (x64)