Nitrokey HSM 2



Deliveries:
South Africa: Price: R115, 2-4 working days.
International: Contact us for a quote.
Collections:
No Charge - 3 Appian Place, 373 Kent Ave, Randburg

All items subject to 1 month warranty. Extended 12 month warranty available at 20% of purchase price. t&c apply

Nitrokey HSM 2

Nitrokey HSM 2 which reliably protects your cryptographic keys with encrypted backups

  • FEATURES

  • Two-Man Rule as Access Protection / M-of-N Threshold Scheme.  In order to gain access to the cryptographic keys, m of n key administrators must approve. A single person alone cannot obtain access. If an individual key administrator is unavailable, key access is still possible, provided at least m key administrators are available. This means that your keys are always protected, even in large and changing teams.
    Key administrators can either authenticate themselves using their own Nitrokey HSM (required for m-of-n access protection) or by means of a password. Remote access is possible, so key administrators do not have to be physically present in the same location.

  • Built-in PKI Feature
    The built-in PKI feature can be used to sign keys which were generated in the Nitrokey. An external entity (e.g. CA) can check the authenticity, integrity and origin of the keys. The preinstalled root certificate from our partner CardContact makes it possible to create individual and valid device certificates for each Nitrokey HSM. On request, an own root certificate can be used. A unique device ID allows cryptographic verification of the Nitrokey HSM.

  • Encrypted Backups
     Nitrokey HSM supports key backup to protect against data loss. The backups are encrypted with the device key encryption key (DKEK). Since the DKEK can only be imported to another Nitrokey HSM, backups are always encrypted and cannot be decrypted outside of a Nitrokey HSM.

  •   Key Restriction
        Each key‘s use can be restricted (e.g. by algorithm, purpose, backup permissions). These restrictions are determined at the time of key generation and are valid for the entire life cycle of the key. This ensures compliance with allowed algorithms and with the correct cryptographic purpose.

  •   Key Counter
        A key counter allows you to count and limit the use of keys. Once defined during key generation, the key counter counts down with each key usage. As soon as the maximum number of key uses is reached, the key is locked.

  • Key Import
        You can import existing keys onto the Nitrokey HSM: for example, for a CA key migration by converting keys from a PKCS#12 container to a suitable, importable format. Our advice: Always generate your keys in the Nitrokey HSM so that they remain protected during their entire life cycle.

  •   Secure Channel
        You can use an encrypted communication channel with the Nitrokey HSM locally or remotely (similar to SSL/TLS). Thus data exchange (e.g. PIN, signed data) and the integrity of the device commands are secured.

  • Transport PIN
        A freely selectable transport PIN allows you to secure the device while being transported to users. The transport PIN helps the user to verify that the Nitrokey HSM has not been manipulated in transit. The user must change the transport PIN to a PIN of his own choosing before using the device for the first time.

  •  PIN Management
        Nitrokey HSM provides an initialization code (SO-PIN) for device initialization security and a user PIN for secure access. The maximum number of PIN input attempts can be configured to prevent brute force attacks.

  • Strong Authentication
        You can use a PIN or a key to authenticate. For the latter, during the initial setup of a Nitrokey HSM, register another Nitrokey HSM key. A challenge-response procedure is used when authenticating using the Nitrokey HSM.

  • In order to gain access to the cryptographic keys, m of n key administrators must approve. A single person alone cannot obtain access. If an individual key administrator is unavailable, key access is still possible, provided at least m key administrators are available. This means that your keys are always protected, even in large and changing teams. Key administrators can either authenticate themselves using their own Nitrokey HSM (required for m-of-n access protection) or by means of a password. Remote access is possible, so key administrators do not have to be physically present in the same location.