Encryption machine
The host encryption machine is a domestically independently developed host encryption device that has been authenticated and approved for use by the national commercial encryption authority. The TCP/IP protocol is used between the encryption machine and the host. Communication, so the encryption machine does not have any special requirements for the type of host and host operating system.
The encryption machine mainly has four functional modules
Hardware encryption component
The main function of the hardware encryption component is to implement various cryptographic algorithms and securely store keys. For example, the root key of the CA, etc.
Key management menu
Use the key management menu to manage the keys of the host encryption machine and manage the password cards of the key administrator and operator.
Encryption machine background process
The encryption machine background process receives information from the front-end API and provides security services such as encryption and digital signatures for the application system. The background process of the encryption machine adopts background startup mode and starts automatically after booting.
Encryption machine monitoring program and background monitoring process
The encryption machine monitoring program is responsible for controlling the background process of the encryption machine and monitoring the hardware encryption components. If there is an error in the encryption component, it will immediately alarm.
Encryption machine front-end API
The encryption machine front-end API is an encryption development interface provided to the application system. The application system uses the encryption machine front-end API to use the encrypted encryption service. The encryption machine front-end API It is provided in the form of a standard C library. Currently, the standard interfaces supported by the encryption machine front-end API include: PKCS#11, Bsafe, CDSA, etc.
The encryption machine supports a variety of cryptographic algorithms commonly used internationally
The supported public key algorithms are
RSA DSA elliptic curve cryptographic algorithm Diffe Hellman
The supported symmetric algorithms are
SDBI DES IDEA RC2 RC4 RC5
The supported symmetric algorithms are
SDHI MD2 MD5 SHA1