HSM for Dummies specific algorithms (as is the JCA). The JCE can use a Service Provider Interface (SPI) to link different implementations from different suppliers into the Java runtime environment simultaneously. From Version 1.4, Java has a JCE and JCA implementation. The provider can subsequently load other implementations both statically and dynamically. The JCE Provider from the Institute for Applied Information Processing and Communication Technology (IAIK) at the Technical University of Graz (Austria) is one of the most widely known JCE implementations. Microsoft Cryptography API: Next Generation Lastly, we take a look around in the Microsoft world. The current interface here is: Cryptography Next Generation (CNG). It was introduced in Windows VistaTM and supersedes CryptoAPI. CNG supports currently popular symmetric and asymmetric algorithms, as well as random number generation and all popular hash functions. Microsoft is aligning itself with Suite B. In 2005, the National Institute of Standards and Technology (NIST) in America published a list (Suite B) of cryptographic algorithms. This collection is a recommendation from the NSA for the deployment of cryptographic methods and their key strengths. In parallel, the NSA also put together the Suite A list, to represent the algorithms for deployment in highly sensitive areas. The Suite A list wasn’t released. But what would IT be without its exceptions? Microsoft has another interface for HSMs in the field of database servers. This is a SQL server data encryption function Extensible Key Management (EKM). This function interface makes it possible to use an HSM to realize database encryption stipulated in many application areas. The EKM interface is essentially another standard Microsoft interface. Other Standard Interfaces The interfaces introduced in this guide are the most widely used APIs for HSMs at the time of print. Other interfaces to add to the list are either supplier specific but represent an ‘industry’ standard, or are other defined interfaces such as the integration of HSMs into the OpenSSL library. OpenSSL is a library for Secure Socket Layer (SSL) and Transport Layer Security (TLS). Many other products, such as OpenCA, use OpenSSL in the backend. The engine concept of OpenSSL enables developers to link in smartcards and hardware security modules for all cryptographic processes, meaning OpenSSL also represents a good alternative to the interfaces we mentioned earlier in this section. 24
HSM_for_Dummies
To see the actual publication please follow the link above