The BlackVault CA (Certificate Authority) is a fully functional CA application. It is utilized to provide a strong assurance of identity by issuing and managing public-key certificates. Certificates are generated within secure software and trusted hardware with private keys stored in the tamper reactive cryptographic boundary of the integrated HSM.
The BlackVault CA ensures both maximum security and operational simplicity.
MAIN FUNCTIONS
The BlackVault CA is ready to deploy purpose-built FIPS level 3 CA appliance that performs:
• X.509 certificate generation
• CSR and CRL processing
• OCSP and EST servers
• Key generation & management
Applications
| Root CA | Subordinate CA | RA | Database Encryption |
Features
| Secure Boot | Tamper Reactive Die Shield | Secure Authentication / Access |
| Solid State Design | Suite B Accelerators | Enrollment over Secure Transport |
| Certified Security Architecture | Support for NIST ECC Curves | High Availability |
| Commercial Solutions for Classified (CSfC) | IoT (Internet of Things) |
Benefits
| CA Appliance - Eliminates Complex Software Installation | Out of Box Ultimate Level of Security - Integrated HSM with truly Private Keys |
| Overcomes Vulnerabilities of Soft Crypto | Integrated Trusted Path Authentication |
| Protects Intellectual Property | Expedites Regulatory Compliance Audits |
| Compact Size Fits in Safe Deposit Box | Embeddable: Ethernet Attached - Hard Drive Form Factor |
| Secure Key Management: - Generation, Storage, and Backup |
Technical Specification
| CA Instantiation | Root CA (Self-Signed) |
| Subordinate CA (Chain of Trust to Root CA) | |
| Certificate Generation | Certificate Signing Request (CSR) and X.509 Generation |
| Certificate Types (Web, CA, Self-Signed, VPN / Email) | |
| Certificate Extensions | |
| Certificate Endpoint Delivery | Enrollment over Secure Transport (EST) |
| Simple Certificate Enrollment Protocol (SCEP) | |
| Manage Certificates | NTP time stamps |
| Online Certificate Status Protocol (OCSP) | |
| Certificate Revocation List (CRL) | |
| Certificate Assignment | |
| Export and Directory Publishing | |
| Cryptography | Asymmetric public key algorithms: - RSA (2048, 3072, 4096) - ECDH, ECDSA |
| Symmetric algorithm: AES 128, 192, 256 bit | |
| Hash/message digest: SHA-2 (256, 384, 512bit) | |
| Full Suite B implementation with Elliptic Curve Cryptography (ECC) EC curves P-256, P-384, P-521 | |
| Key Exchange | With Key: Personal Information Exchange PKCS #12, Base-64 (PEM) with password PKCS #8 |
| Without Key: DER encoded (.CER), Base-64 (PEM) encoded (.PEM), Cryptographic Message Syntax Standard PKCS #7 (.P7B) |
|
| Protocols | SSH, TLS |
| EST: Enrollment over Secure Transport | |
| X.509: Certificate Revocation Lists (CRLs) | |
| OCSP: Online Certificate Status Protocol | |
| Connectivity | 10/100 Ethernet with Transport Layer Security (TLS) and Optional SFP |
| USB 2.0 | |
| Mounting | Desktop (Portable) |
| 19” rack mount (1U height) | |
| Server Hard Drive Slot Embeddable | |
| Power | DB9 Connector: Dual Hot Standby 5 to 30 VDC |
| Power consumption: 4W | |
| Physical | Portable (Server Hard Drive Mechanics) Wall and Din Rail Mounting |
| Dimensions 102 x 153 x 26 mm (4 x 6 x 1in) | |
| Weight: 454 grams; 1 pound | |
| Temperature: operating -20 to 60°C | |
| Humidity: operating 10 to 90% storage 0 to 95% | |
| Redundancy | Optional Dual Power, Hot Standby |
| Environmental | Operating Temperature: -10° to 50° C (0° to 132° F) |
| Operating Humidity: Up to 90% (Non-Condensing) | |
| Optional Extended Temperature Range Available | |
| Certification | FIPS 140-2 Level 3 |
| Regulatory | CE |
| Safety: IEC 60950 | |
| EMC: CFR 47 Part 15 Sub Part B: 2002, EN55022: 1994+A1&A2, EN55024, ICES-003 1997, CISPR22 Level A |
Data Sheet Download
Support
Forum
Download