The HSM on Demand with Key Export service on the Data Protection on Demand (DPoD) platform enables customers whom require high quality cryptographic keys for use outside of an HSM. The service enables export of high quality private asymmetric keys from the HSM for use on other devices.
This mode is designed for generating key pairs for identity issuance, where transient key-pairs are generated, wrapped off, and embedded on a device. They are not used on the HSM, but generated and issued securely, and then deleted from the HSM.
The Luna Cloud HSM key export facility provides a simple cloud based key export that is fast to deploy and easy to export.
Unlike traditional software based solutions that have limited security and auditability, Luna Cloud HSM services ensure a FIPS certified key generation solution.
A service in Key Export mode has the following capabilities and restrictions:
- Private keys cannot be cloned to other HSM services.
- The service cannot be part of a HA (high availability) HA group i.e. private keys will not be replicated.
- All keys/objects, including private keys, can be wrapped off the HSM (can be exported to a file encrypted with a wrapping key).
For more information about DPoD and this new service, take a look at the new web page
Try it now – free 30 day evaluation
The DPoD Team