Generating the Root Key
SafeNet's Luna CA3 is a hardware security module (HSM) that is used to generate the root key in a PKI system and keep the private key secure. It uses a pin entry device (PED), EEPROM-based data keys and a PC Card reader that attaches to the server via an LVDS cable and PCI adapter. Containing a processor, firewall, flash memory and RAM, the PC Card is built with extra epoxy and secured with triple DES encryption. The card will destroy its contents if compromised.
The PED combines and transfers information from the data keys to the PC Card. The blue key is inserted into the PED by the security officer who sets up administrative rights, configures the HSM and determines how many people must use green keys. All parties must insert their green keys to activate the system. The black keys are used by administrators to generate and delete key pairs, and the red keys are used for grouping HSMs in domains. (Image courtesy of SafeNet, Inc., www.safenet-inc.com)
Learn more about PKI