Question
Amit Kumar Thakur · Jul 10, 2020

Exporting the Interystems Cache Encryption Key to an External HSM

Hello All,

I am trying to Exporting the InterSystems Cache Encryption Key to an External HSM.

My External HSM supports importing the key.

Is that can be done? or supported.

Regards

Amit Kumar Thakur

+91-9953946465

0
0 162
Discussion (2)1
Log in or sign up to continue

I am assuming you mean Cache database encryption keys, which are stored in files.  If the HSM supports transparently giving the file to Cache when asked, I don't see why this wouldn't work, but I doubt it's been tested. 

If the HSM requires you to enter a passphrase, use a private key to decrypt the file, or other interactive step, you might or might not have a problem.  How are you planning to do the key activation?  Will you be present and able to do those steps?  

I assume your HSM does not support KMIP, which is a communication protocol for sending keys to a central key server.  Cache does support KMIP.

HSM(Fortanix) does support KMIP protocol.

So my customer is already using the local encryption key from Cache i.e. Encrption key from file.. and now he needs to migrate the encryption key file to KMIP Server.

Does Cache supports that ?