•   SUPPORT +49 89 420447-30
  •   This email address is being protected from spambots. You need JavaScript enabled to view it.   |
  •   SALES +49 89 420447-20
  •   This email address is being protected from spambots. You need JavaScript enabled to view it.


SafeNet Luna SA Product Brief

Datasheet - PDF

SafeNet Luna SA

Award-Winning Hardware Security Module


Luna SA is the choice for enterprises requiring strong cryptographic security for paper-to-digital initiatives, digital signatures, DNSSEC, hardware key storage, transactional acceleration, certificate signing, code or document signing, bulk key generation, data encryption, and more. 

Scalable Security for Virtual and Cloud Environments

  • Virtual Platform Support- vSphere, Microsoft Hyper-V, and Citrix XenServer
  • Digital Certificate Authentication

Market Leading Performance

  • The only HSM on the market that delivers high performance implementations for the full range of Suite B cryptographic algorithms.
  • First HSM to integrate with Microsoft SQL Server 2008 & integration with SQL Server 2008 R2 for optimal SQL Encryption.
  • Cryptographic acceleration up to 6,000 1024-bit RSA tps; 400 384-bit ECC tps 

Management and Operational Cost Savings

  • Central Administration -Remote PED
  • Cost Savings - PKI Bundle

High Assurance Trust HSM

  • FIPS 140-2 Level 3 validated 
  • CC  EAL 4+ certified cryptographic module
  • Dual, hot-swappable power supply ensuring consistent performance and no down-time
  • Ethernet connectivity for flexible deployment/communication with other network devices

Secure Hardware Key Management and Cryptographic Processing 

SafeNet Luna SA HSM ensures the integrity and security of cryptographic operations in a robust, high- availability appliance. Luna SA is capable of up to 6,000 RSA and 400 ECC transactions per second and offers optional standalone authentication to protect the most demanding security applications. 

Remote Central Administration

The Remote PED  (PIN entry device) is an authentication device that connects to a remote Windows workstation via USB, and communicates over a secure network connection to a Luna SA. Full PED functionality facilitates management of security administration functions by offering the security administrator to centrally manage administration rights remotely by simply inserting the required key, and entering the secret PIN into the PED. 

Cost Savings with PKI Bundle

With the SafeNet Luna SA PKI Bundle solution, product and maintenance costs are dramatically reduced by combining HSM functionality that usually requires 2 or more HSMs into a single HSM "bundle" of modular functions. For CAs with certificates and root keys, for example, rather than requiring separate HSMs for key generation and key export for offline and online root CAs respectively, the requirements can be fulfilled by only 1 Luna SA HSM which stores keys in hardware achieving FIPS 140-2 L3 security. 

Luna SA 5.0 Diagram

For Solution Partners/Integrators/Developers

As a component of a multi-part solution, the success of a SafeNet HSM relies on global partners integrating with the HSM as quickly and easily as possible, all for an attractive price. SafeNet remains at the forefront of global interoperability, offering integrations with latest technologies from the following to name a few. To request specific integration guides, or search for one of our more than 600 partners, access the Partner Search page or click on the partner of your choice:

Adobe  Apache Microsoft 
 IBM  Entrust  Red Hat
Oracle  Gemalto ActivIdentity
Sun                       VeriSign                 RSA 


Operating Systems

  • Windows 2003, 2008 R2
  • Solaris 9 (SPARC), 10 (SPARC and x86)
  • Linux E4, E5
  • SuSE 10, 11
  • AIX 5.3, 6.1
  • HP-UX 11i (PA-RISC and Itanium)
  • VM Ware
  • Hyper-V
  • Xen

Cryptographic APIs

  • PKCS#11, Microsoft CAPI, and CNG
  • OpenSSL

Cryptographic Functions

  • True hardware accelerated random number generation (Annex C of ANSI X9.17)
  • Symmetric and asymmetric key pair generation
  • Encryption and decryption
  • RSA
  • Digital signing

Industry Regulatory Standards

  • Includes a FIPS 140-2 Level 3 validated cryptographic module
  • Includes a CC EAL 4+ certified cryptographic module
  • U/L 1950 (EN60950) & CSA C22.2 compliant
  • FCC Part 15 - Class B
  • RoHS compliant
  • BAC and EAC ePassport certification

Features & Benefits


  • PKI Bundle
  • Multi-level access control
  • Intrusion-resistant, tamper-evident hardware
  • Strongest cryptographic algorithm
  • Suite B Algorithm Support
  • Keys in hardware
  • Cryptographic SSL acceleration of up to 6,000 1024-bit RSA tps; 400 384-bit ECC tps in test environments
  • Allows up to 20 unique partitions
  • Remote PED
  • Software upgradeable
  • Dual, hot-swappable power
    supply ensuring consistent
    performance and no down-time
  • Secure transport mode


  • Compliant: meets industry regulatory standards
  • Customizable: wide range of configurations
  • Future-proof: software is upgradeable

Our Philosophy

Our goal is to assist you in solving specific security problems on the Internet, IT networks and in telecommunications.

We achieve this goal by the quality and actuality of our security products, as well as competence and commitment of our team.

Contact Options

Contact Sales (inquiries,
licenses, orders, ...)
  • +49 89 420447-20
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
Contact Support (settings, ...)
  • +49 89 420447-30
  • This email address is being protected from spambots. You need JavaScript enabled to view it.

Company Details

CyProtect AG - Internet Security


Schatzbogen 58
81829 Munich
  • +49 89 420447 79

Contact Form

How many hours are in a day?