cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DHerrmann
Contributor II

Encryption key management software - what do you like?

What do people like for Encryption Key Management software?    Have you implemented a single solution for your firm, or is a departmental/business-line choice?

 

Thanks in advance

6 Replies
denbesten
Community Champion

Thales N-shield HSM.  Only our "security department" is sufficiently "paranoid" to worry about this.  The "lines of business" depend upon us to provide the tools and procedures.  This is one of those few areas where hardware is better than software.

Early_Adopter
Community Champion

HSMs, always about secure key storage for me, for the most part, it's been either Thales NCipher or Gemalto SafeNet.  One contender you could consider is Utimaco, I came across them at a stand last year and Sophos had spun them out. They would need to operate a very tight ship being German. Of course, all HSM providers have some sort of management solution.

 

Another solution for storage might be on smart cards - as required for 'Qualified Digital Signatures'*.

 

Specifically, with regards to software, Venafi is the key management beast and covers everything if you have a broad use case I've not seen anyone beat them. 

 

Though a lot depends on what kinds of keys and where Digicert(spun out of Symantec) has a managed PKI that works for certificates, Tectia can do SSH, Cyberark can do some of these plus privileged user management and secret injection into containers.

 

OP, What sort of 'keys' are we talking about here?

 

*These are really a thing, big in Europe and, nope sadly are not hashes encrypted with private keys that studied at university... 😛

 

 

 

 

DHerrmann
Contributor II

To be honest, I was actually thinking more of software encryption key management when I asked the question.    

Early_Adopter
Community Champion

Another good approach is to look at who implements Key Managment Interoperability Protocol(KMIP) and is recognized by OASIS. There is probably a days research contained in that list for you.

 

https://wiki.oasis-open.org/kmip/KnownKMIPImplementations

 

 

 

silvermk4
Viewer

If you are a VMware user with Vsphere 6.5 you could look at the QuintessenceLabs qCrypt KMS VM software version.

 

https://www.quintessencelabs.com/wp-content/uploads/2018/04/qCrypt_200V_Spec-Sheets_2018.pdf

 

Regards

Rob

Flyslinger2
Community Champion

If you are supporting a U.S. Federal agency only HSM's meet the standards established by NIST. This is a hardware implementation.

 

Most software implementations are not secure enough to make me want to ever store the "keys to the kingdom" in them.