SafeNet Luna CA4 Product Brief
SafeNet Luna CA4
Strongest Protection of the PKI Root Key
Maintain PKI Integrity
The SafeNet Luna CA4 addresses the security and operational needs required to maintain the integrity of PKIs with true hardware key management, trusted path multi-person authentication, and direct hardware-to-hardware backup.
Optimal Root Key Protection
The SafeNet Luna CA4 offers the strictest hardware security for Certificate Authorities (CAs) issuing digital identities in PKIs. Luna CA4 protects the PKI root key and performs all key management, key storage, and key operations (such as digital signing) exclusively within hardware.
Comprehensive security policies, split user roles, and two-factor, trusted path authentication prevent unauthorized access to critical root keys. Direct hardware-to-hardware backup permits auditable backups of key material for backup and disaster recovery.
Integrates with Leading Certificate Authority Software
Tight integration with leading Certificate Authority software makes it easy to add security and integrity to enterprise PKIs:
- RSA; and more
• Microsoft Windows 2003 (32 & 64-bit)
• Microsoft Windows 2008 (64-bit)
• Solaris 10 (32 & 64-bit)
• Linux E4, E5 K 2.6 (32 & 64-bit) cryptographic performance
• 25 1024-bit RSA digital signatures per second
Asymmetric Key Encryption and Key Exchange
RSA (512-4096 bit), PKCS #1 v1.5, OAEP PKCS#1 v2.0
Diffie-Hellman (512-1024 bit) Suite B Algorithm
RSA (512-4096-bit), DSA (512-1024-bit), PKCS #1 v1.5
Symmetric Key Algorithms
DES, TDES (double & triple key lengths), RC2, RC4, RC5, CAST-3, CAST-128, AES, ARIA Hash Digest Algorithms
SHA-1, MD-2, MD-5, SHA256, SHA512 , SHA-224, SHA-384
Message Authentication Codes
HMAC-MD5, HMAC-SHA-1, SSL3-MD5-MAC, SSL3-SHA-1-MAC
ECC Brainpool Curves (named and user-defined) Object Limit
1280 object limit
Features & Benefits
- Secure Key Storage
- Keys are 3DES encrypted, encoded with M of N encryption, and stored on a tamper-proof hardware security token to ensure integrity.
- Two-factor Trusted Path Authentication - true two-factor, trusted path, multi-person authentication of HSM administrative users to prevent unauthorized access to sensitive HSM administration functions
- Common Criteria at EAL 4+ (in process)
- FIPS 140-2, Level 3 Validated
- Easy Hardware Key Management - hardware-based key life cycle management from generation, verification, storage, and backup. All key operations are performed exclusively within hardware to prevent unauthorized access to keys.
- Easy Integration
- Support for PKCS#11 Open API and Microsoft CryptoAPI allow easy integration with your custom solutions. In addition, existing Luna CA3 models can be easily migrated to the Luna CA4
- Satisfies government and industry mandates for key management
- First HSM to achieve support with Microsoft SQL Server
- Integrates with leading certificate authority software – including Microsoft Certificate Services, Entrust Authority, VeriSign, RSA and more