Technical Features
Algorithms
- RSA (512, 1024, 1152, 1408, 1984, 2048, 3072, 4096, 8192 bits)
- ECDSA (128, 160, 192, 256, 384 and 521 bits)
- ECX EdDSA (Ed25519 and Ed448)
- ECDH (128, 160, 192, 256, 384 and 521 bits)
- XECDH (X25519 and X448)
- DES
- 3DES (112 and 168 bits)
- AES (128, 192 and 256 bits)
- MD5
- SHA1
- SHA2 (224, 256, 384 and 512 bits)
- SHA3 (224, 256, 384 and 512 bits)
- HMAC based on the SHA1, SHA2 and SHA3 hash algorithms.
Homologation
- ICP-Brasil MCT-7 NSH3
- FIPS 140-2 Level 3
Operating modes
- Non Restrictec Mode (NRM)
- Restricted Mode 1 (RM1)
- Restricted Mode 2 (RM2)
APIs
- MS Crypto API
- Java JCA/JCE
- PKCS#11
- KMIP protocol v1.4
- Native API (encryption and management)
Operating Systems
- MS Windows
- Linux
- Others (on request)
Connectivity
- Ethernet 10/100/1000 Mpbs RJ-45 x2
Storage
- Server Master Key protection on smart card
- Partition separation by user
- Different privilege levels
- Encrypted backup
Management
- Local console (trusted path)
- Remote console (network)
Modules(Engines)
- Core Crypto
- State Manager
- EFT
- EFT Direct
- Blockchain
- OATH
- SPB
- XML DSig
- Pix
- SVault
- TSP
AAA
- Authentication: authentication by identity
- Authorization: granular authorization by permissions
- Accounting: internal audit trail
Authentication
- Regular (remote console/API)
- smart card (local console)
- TFA - Two Factor Authentication (remote console/API)
Communication
- Open channel (remote console/API)
- Cipher channel - TLS (remote console/API)
- Simultaneous sessions (up to 1500 application server connections)
Auditing
- Persistent logging of events
- Record retrieval
Monitoring
- Events
- CPU, memory and active sessions
- Battery, memory and controller diagnostics
Performance
Info
Values refer to the most recent hardware profile.
| metric | CD | XP | ST |
|---|---|---|---|
| Signatures per second RSA@2048 | 3500 | 7500 | 23000 |
| Signatures per second Brainpool p256t1 | 2600 | 5400 | 18000 |
| KiB per second (AES 256) | 44000 | 60000 | 90000 |