Technical Features
Algorithms
- RSA (512, 1024, 1152, 1408, 1536, 1976, 1984, 2048, 2304, 2502, 2816, 3072, 4096 or 8192 bits)
- ECDSA (128, 160, 192, 256, 384 and 521 bits)
- ECX EdDSA (Ed25519 and Ed448)
- ECDH (128, 160, 192, 256, 384 and 521 bits)
- XECDH (X25519 and X448)
- DES
- 3DES (112 and 168 bits)
- AES (128, 192 and 256 bits)
- MD5
- SHA1
- SHA2 (224, 256, 384 and 512 bits)
- SHA3 (224, 256, 384 and 512 bits)
- HMAC based on the SHA1, SHA2 and SHA3 hash algorithms.
Operating modes
- Non Restrictec Mode(NRM)
- Restricted Mode 1(RM1)
- Restricted Mode 2(RM2)
APIs
- MS Crypto API
- Java JCA/JCE
- PKCS#11
- KMIP protocol v1.4
- Native API (encryption and management)
Operating Systems
- MS Windows
- Linux
- Others (on request)
Cloud
- Cloud HSM (Private Cloud)
- BYOK (Bring Your Own Key)
- Azure Cloud Services
- Amazon Web Services
Storage
- Key protection master (Server Master Key) on smart card
- Partition separation by user
- Different privilege levels
- Encrypted backup
Management
- Local console (trusted path)
- Remote console (network)
Modules(Engines)
- Core Crypto
- State Manager
- EFT
- EFT Direct
- Blockchain
- OATH
- SPB
- XML DSig
- Pix
- SVault
- TSP
AAA
- Authentication: authentication by identity
- Authorization: granular authorization by permissions
- Accounting: internal audit trail
Communication
- Open channel (remote console/API)
- Cipher channel - TLS (remote console/API)
- Simultaneous sessions (up to 1500 application server connections)
Auditing
- Persistent logging of events
- Record retrieval
Monitoring
- Events
- CPU, memory and active sessions
- Battery, memory and controller diagnostics
Authentication
- Regular (remote console/API)
- smart card (local console)
- TFA - Two Factor Authentication (remote console/API)
Connectivity
- Ethernet 10/100/1000 Mpbs RJ-45 x2
Certifications
- FIPS 140-2 L3 ST, XP and CD models
- Inmetro MCT-7 NSC 3 ST and XP models1
Performance
Info
Values refer to the most recent hardware profile.
| metric | CD | XP | ST |
|---|---|---|---|
| Signatures per second RSA@2048 | 3500 | 7500 | 23000 |
| Signatures per second Brainpool p256t1 | 2600 | 5400 | 18000 |
| KiB per second (AES 256) | 44000 | 60000 | 90000 |
-
Search in product class ICP-Brasil Standard Digital Certification Equipment - PT Inmetro no. 8/2013 / PT Inmetro no. 130/2021