Skip to content

Technical Features

Algorithms

  • RSA (512, 1024, 1152, 1408, 1536, 1976, 1984, 2048, 2304, 2502, 2816, 3072, 4096 or 8192 bits)
  • ECDSA (128, 160, 192, 256, 384 and 521 bits)
  • ECX EdDSA (Ed25519 and Ed448)
  • ECDH (128, 160, 192, 256, 384 and 521 bits)
  • XECDH (X25519 and X448)
  • ML-DSA (NIST Categories 2,3,5) 1
  • ML-KEM (NIST Categories 1,3,5) 1
  • SLH-DSA (SHA-256/SHAKE-256/Small/Fast NIST Categories 1,3,5) 1
  • DES
  • 3DES (112 and 168 bits)
  • AES (128, 192 and 256 bits)
  • MD5
  • SHA1
  • SHA2 (224, 256, 384 and 512 bits)
  • SHA3 (224, 256, 384 and 512 bits)
  • HMAC based on the SHA1, SHA2 and SHA3 hash algorithms.

Operating modes

  • Non Restrictec Mode(NRM)
  • Restricted Mode 1(RM1)
  • Restricted Mode 2(RM2)

APIs

  • MS Crypto API
  • Java JCA/JCE
  • PKCS#11
  • KMIP protocol v1.4
  • Native API (encryption and management)

Operating Systems

  • MS Windows
  • Linux
  • Others (on request)

Cloud

  • Cloud HSM (Private Cloud)
  • BYOK (Bring Your Own Key)
    • Azure Cloud Services
    • Amazon Web Services

Storage

  • Key protection master (Server Master Key) on smart card
  • Partition separation by user
  • Different privilege levels
  • Encrypted backup

Management

  • Local console (trusted path)
  • Remote console (network)

Modules(Engines)

  • Core Crypto
  • State Manager
  • EFT
  • EFT Direct
  • Blockchain
  • OATH
  • SPB
  • XML DSig
  • Pix
  • SVault
  • TSP

AAA

  • Authentication: authentication by identity
  • Authorization: granular authorization by permissions
  • Accounting: internal audit trail

Communication

  • Open channel (remote console/API)
  • Cipher channel - TLS (remote console/API)
  • Simultaneous sessions (up to 1500 application server connections)

Auditing

  • Persistent logging of events
  • Record retrieval

Monitoring

  • Events
  • CPU, memory and active sessions
  • Battery, memory and controller diagnostics

Authentication

  • Regular (remote console/API)
  • smart card (local console)
  • TFA - Two Factor Authentication (remote console/API)

Connectivity

  • Ethernet 10/100/1000 Mpbs RJ-45 x2

Certifications

Performance

Info

Values refer to the most recent hardware profile.

Transactions per second CD XP ST NG
RSA 2048 3.500 7.500 23.000 24.000
ECC secp256r1 21.000 41.000 78.000 120.000
ECC secp256k1 2.300 5.000 16.000 17.000
ECC ed255193 13.000 27.000 64.000 95.000
ML-DSA 441 N/A N/A N/A 18.000
SLH-DSA 128f1 N/A N/A N/A 310
Transactions per second CD XP ST NG
ML-KEM 7681 N/A N/A N/A 70.000
Transactions per second CD XP ST NG
AES 2564 85.000 90.000 100.000 190.000
PIN Translate5 75.000 78.000 80.000 110.000

  1. PQC algorithm(Post-Quantum Cryptography)

  2. Search in the product class ICP-Brasil Standard Digital Certification Equipment - PT Inmetro no. 8/2013 / PT Inmetro no. 130/2021.

  3. Message signature with a size equal to the hash of the same security level.

  4. Encryption of messages with a size equal to the key block.

  5. PIN Block Translation with source and destination keys 3des168.