Search:
|
Browse by category:
|
Articles
|
||||
Bloombase KeyCastle Security Server 2 Release Notes
Bloombase KeyCastle Security Server 2 is a feature release of the industry renowned cryptographic key full life cycle management security solution. It contains new functions and features for many security and key storage areas.
Operating Systems and Hardware Platforms
&nbs...
|
||||
|
||||
Why hardware appliances?
Most enterprises have invested in hardware and software systems which are mission-critical and operate in full capacity. Cryptographic operations like digital signature generation and encryption are computational and resource intensive tasks that normally are not welcomed by busi...
|
||||
|
||||
What are the benefits of ASIC-powered appliances?
Application specific integrated circuit (ASIC) is dedicated electronic hardware purpose-built for specific applications. ASIC differs from central processing unit-based hardware in a sense that it adapts easily to parellel and streamlined processing which are the core design prin...
|
||||
|
||||
How well Bloombase Security Servers are prepared for disasters?
Selected models of Bloombase appliances are fault-tolerant by design. Other Bloombase appliances can be configured to run in high-availability mode such that when the active appliance fails, backup takes over and act as active node.
Bloombase system settings and security configu...
|
||||
|
||||
What cryptographic ciphers are supported by Bloombase Core Cryptographic processor?
Bloombase Core Cryptographic processor currently supports the following industry-standard encryption ciphers
AES 128, 192 and 256-bit cipher
Camellia 128, 192 and 256-bit cipher
3DES cipher
DES cipher
CAST5 cipher
CAST6 cipher
IDEA ciphe...
|
||||
|
||||
What if our Bloombase appliance is lost?
Bloombase hardware appliances contain high performance cryptographic processors that are generally considered strategic commodities. Such goods are under strict import and export controls in many nations. In any case an appliance is considered lost, you should report to your loca...
|
||||
|
||||
Does Bloombase Security Server support PKCS#11-compliant hardware security modules (HSM)?
Yes. Bloombase Security Servers are PKCS#11 ready and support all PKCS#11-compliant hardware security modules (HSM) out-of-the-box. For compliance concern, customers may consider the use of PKCS#11 compliant HSMs for key generation, storage and security.
|
||||
|
||||
Bloombase Administration and Operation Roles and Responsibilities
Roles
Role
Description
Hold
Duty
...
|
||||
|
||||
Bloombase KeyCastle Installation and Configuration Checklist
System
Parameter
Value
Server Name
...
|
||||
|
||||
Bloombase KeyCastle Security Server 2 Update Release Notes
Current Version
Changes in 2.2.0.0
Bug Fixes
Bug ID
Category
Description
...
|
||||
|
||||
How to alter log level Bloombase loggers
Sign in Bloombase web management console
Navigate main menu
Expand System menu
Start Registry tool
Navigate to System -> LogHelper -> Loggers sub-tree
Select the logger that needs log level change
Change Level to any ...
|
||||
|
||||
How to change default Bloombase system status
Sign in Bloombase web management console
Navigate main menu and expand System
Select Registry tool
Locate System -> SpitfireApplication -> DefaultStatus and change to below values
-1 (Down)
0 (Standby)
...
|
||||
|
||||
Where can I obtain technical literature, administration and usage guides for Oracle Sun Crypto Accelerator 6000?
For more information about Oracle Sun Crypto Accelerator 6000, please refer to http://docs.sun.com/app/docs/prod/accel.600.brd?l=en&a=view
For configuration and integration of Oracle SCA 6000 with Bloombase family of data encryption products, please refer to Bloomba...
|
||||
|
||||
Does Bloombase family of data encryptors support IBM 4758 PCI Cryptographic Coprocessor (4758 Coprocessor)?
Bloombase family of data encryptors support IBM 4758 PCI Cryptographic Coprocessor (4758 Coprocessor) http://www-03.ibm.com/security/cryptocards/pcicc/overview.shtml
|
||||
|
||||
What other IBM hardware cryptographic modules are supported by Bloombase Security Infrastructure?
Bloombase line of data encryptors support the following IBM hardware security modules
IBM 4758 Cryptographic CoProcessor
IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p)
IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z)
IBM CP...
|
||||
|
||||
How to add PKCS#11 providers to Bloombase Crypto Module?
Sign in Bloombase web management console
Expand System menu
Launch Registry tool
Locate /System/SunPKCS11/Providers
Add subtree 'ock' for openCryptoki
Under 'ock', add
'Library' -> /usr/lib/pkcs11/PKCS11_API....
|
||||
|
||||
How to configure Bloombase backup archive repository at a remote location?
Sign on Bloombase web based management console
Expand 'System' menu
Launch 'Registry' tool
Locate /System/Spitfire/BackupConfiguration/RemoteArchiveRepository and configure the following attributes
Enabled: 'true' or 'false'
...
|
||||
|
||||
How to request for certificate contents of a certificate authority (CA) off Bloombase KeyCastle?
Bloombase KeyCastle supports retrieval of certificate contents of a named distinguished name (DN) of a certificate by use of HTTP method
https://<bloombase>:<port>/certificate/
For example, to inquire for certificate contents of certificate of distinguished na...
|
||||
|
||||
How to download certificate revocation list (CRL) of a Bloombase KeyCastle managed certificate authority (CA)?
Certificate revocation list (CRL) of a certificate authority (CA) managed by Bloombase KeyCastle can be accessed by HTTP over the following URL
https://<bloombase>:<port>/crl/
For example, to access CRL of a CA of distinguished name (DN) 'CN=Acme CA, O=Acme Corp...
|
||||
|
||||
How to validate the revocation status of a certificate managed by Bloombase KeyCastle by Online Certificate Status Protocol (OCSP)?
To check for validity of a certificate managed by Bloombase KeyCastle, one can make use of the Online Certificate Status Protocol (OCSP) service access via HTTP of the following URL
https://<bloombase>:<port>/ocsp
One can follow standard OCSP to compose client OCS...
|
||||
|
||||
What symmetric block cipher algorithms are supported by Bloombase Crypto Module?
The following symmetric block cipher algorithms are supported
AES
AESWrap
Blowfish
Camellia
CamelliaWrap
CAST5
CAST6
DES
DESede
GOST28147
IDEA
Noekeon
RC2
RC5
...
|
||||
|
||||
What symmetric stream cipher algorithms are supported by Bloombase Crypto Module?
Bloombase Crypto Module supports the following symmetric stream cipher algorithms
RC4
HC128
HC256
Salsa20
VMPC
Grainv1
Grain128
|
||||
|
||||
What block asymmetric cipher algorithms are supported by Bloombase Crypto Module?
The following block asymmetric cipher algorithms are supported by Bloombase Crypto Module
RSA
Elgamal
|
||||
|
||||
What digest algorithms are supported by Bloombase Crypto Module?
The following digest algorithms are supported by Bloombase Crypto Module
GOST3411
MD2
MD4
MD5
RipeMD128
RipeMD160
RipeMD256
RipeMD320
SHA1
SHA-224
SHA-256
SHA-384
SHA-...
|
||||
|
||||
What MAC algorithms are supported by Bloombase Crypto Module?
The following MAC algorithms are supported by Bloombase Crypto Module
VMPC-MAC
HMac-MD2
HMac-MD4
HMac-MD5
HMac-RipeMD128
HMac-RipeMD160
HMac-SHA1
HMac-SHA224
HMac-SHA256
HMac-SHA384
H...
|
||||
|
||||
What digital signature algorithms are supported by Bloombase Crypto Module?
Bloombase Crypto Module supports the following digital signature algorithms
GOST3411withGOST3410 (GOST3411withGOST3410-94)
GOST3411withECGOST3410 (GOST3411withGOST3410-2001)
MD2withRSA
MD5withRSA
SHA1withRSA
RIPEMD128withRSA
...
|
||||
|
||||
What are possible values of extended key usage?
1.3.6.1.5.5.7.3.1 - id_kp_serverAuth
1.3.6.1.5.5.7.3.2 - id_kp_clientAuth
1.3.6.1.5.5.7.3.3 - id_kp_codeSigning
1.3.6.1.5.5.7.3.4 - id_kp_emailProtection
1.3.6.1.5.5.7.3.5 - id-kp-ipsecEndSystem
1.3.6.1.5.5.7.3.6 - id-k...
|
||||
|
||||
How X.509v3 key usage is constructed?
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment ...
|
||||
|
||||
Bloombase KeyCastle Security Server Product Roadmap
Accreditations
NIST FIPS 140-2 accreditation
Common Criteria accreditation
Ministry of Public Security accreditation
Interoperability
PKCS#11 hardware security module (HSM) integration
IBM Tivoli Key Lifecycle Manager
RSA Key Manager / Data ...
|
||||
|
||||