Technical Specifications

UKCClosedUnbound Key Control - The name of Unbound's key management product. servers provide two independent and concurrently operating cryptography engines:

FIPS 140-2 Certified Cryptography

FIPSClosedFederal Information Processing Standards - standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors certificates FIPS 140-2 Certificate #3378 and FIPS 140-2 Certificate #3453 summarize UKCClosedUnbound Key Control - The name of Unbound's key management product. crypto certificates by crypto type. The relevant certificates are listed in the corresponding line.

AES Certs. #5443 and #5444 CKG vendor affirmed CVL Certs. #1884, #1885, #1886, #1887, #1888 and #1889 DRBG Cert. #2126 ECDSA Certs. #1447 and #1448 HMAC Certs. #3600 and #3601 KAS SP 800-56Arev2 with CVL Cert. #1887, vendor affirmed KTS AES Cert. #5444 KTS SP 80056B vendor affirmed RSA Certs. #2918 and #2919 SHS Cert. #4362

To obtain a specific certificate:

  1. Open FIPS 140-2 Certificate #3378 or FIPS 140-2 Certificate #3453.
  2. Find the required crypto element
  3. To open its certificates, click the #<cert number> link.For example,

For example, to examine ECDSAClosedElliptic Curve Digital Signature Algorithm - A variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography.-related certificates, in the ECDSAClosedElliptic Curve Digital Signature Algorithm - A variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. row,

  1. To list the certified functions and elliptic curves, click the #1447 and #1448 tags.
  2. Compare the list with the one supported by the default crypto engine. Refer to Default Cryptography Key Types.

Default Cryptography Key Types

In addition to the FIPSClosedFederal Information Processing Standards - standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors 140-2 certified cryptography engine, UKCClosedUnbound Key Control - The name of Unbound's key management product. servers contain a constantly evolving MPCClosedMultiparty computation - A methodology for parties to jointly compute a function of their inputs while keeping those inputs private. crypto engine that provides the following functionality.

Asymmetric

Symmetric

HASH

Message Authentication

To use the AES and HMACClosedHash-based Message Authentication Code - A MAC involving a cryptographic hash function and a secret cryptographic key. keys by the UKCClosedUnbound Key Control - The name of Unbound's key management product. software, equip the UKCClosedUnbound Key Control - The name of Unbound's key management product. cluster with an Auxiliary server.
However, if these keys are specified as exportable and UKCClosedUnbound Key Control - The name of Unbound's key management product. only stores them, an Auxiliary server is not required.

Supported Crypto Clients and Security Frameworks

Applications interact with the UKCClosedUnbound Key Control - The name of Unbound's key management product. solution in one of the following ways:

Supported External Keystores

UKCClosedUnbound Key Control - The name of Unbound's key management product. allows generation, storing, linking to, and use of keys that are stored in the following external keystores.

Keystore SDK name Version UKC Specification
AWS KMSClosedKey Management System aws-java-sdk-kms 1.11.682 AWS KMS
Azure Key Vault azure-keyvault 1.2.4 Azure Key Vault