HSM Integration for Key Management

Hardware Security Modules (HSMs) are the most secure way to protect data and related keys, however they are not very user friendly and require some level of technical expertise to perform key management. EncryptRIGHT® solves these problems by providing a friendly graphical user interface to the Thales nShield HSM that significantly simplifies key management.

Ease-of-use for key management is one of the major advantages of the EncryptRIGHT integration with the nShield HSM. EncryptRIGHT creates Hardware Master Keys (HMKs) in the nShield, and uses them to protect data keys. New key values are exported from the nShield as HMK-encrypted values for storage in the EncryptRIGHT key database. HMK values are not stored in the EncryptRIGHT key database; instead HMKs are referenced by their name only.  

For added protection, the EncryptRIGHT database itself is encrypted with its own hardware Local Master Key, thus there is no way to determine from outside of EncryptRIGHT what the HMK-encrypted value of a key is or where it is stored. This protects the EncryptRIGHT database such that if the database were to be illicitly replicated on a machine that does not have access to the HSM, then the EncryptRIGHT database would be totally useless.

HMK-encrypted data keys can be stored in the EncryptRIGHT database for use by EncryptRIGHT applications, or optionally the current value of a key can be stored in the HSM for use by applications that do not use EncryptRIGHT.

The EncryptRIGHT configuration program and flexible API provide role-based access to keys, and thus to cryptographic capabilities. Security processes and key changes are recorded in the secure EncryptRIGHT event log, and helpful reports can be generated to streamline information for oversight and auditing, including PCI audits.

Find out more about how EncryptRIGHT provides better way to protect sensitive data throughout your enterprise.