Skip to main content
This integration guide outlines the process for remotely managing Payment Cloud Hardware Security Modules (HSMs) using the Excrypt Touch device (version 2.0.3.2+). It provides step-by-step instructions for the following tasks:
  • Generating PKI key pairs and Certificate Signing Requests (CSRs).
  • Importing TLS certificates
  • Configuring secure connections by using the Bring Your Own Key (BYOK) application.
  • Accessing the web portal of VirtuCrypt Cloud HSMs to perform tasks such as key management, certificate handling, and user administration.
The guide emphasizes secure mutual authentication and is designed to help if you need scalable, remote cryptographic operations in cloud environments.

Managing keys with the BYOK app

We created the Bring Your Own Key (BYOK) application to enable you to manage keys on multiple VirtuCrypt Cloud HSMs simultaneously from a single Excrypt Touch interface. Using the BYOK app, you can perform tasks such as managing major keys, working keys, certificates and requests, and smart cards. The architecture for a BYOK use case has the following components:
  • An Excrypt Touch device, which you used to send and receive secure data to and from VirtuCrypt.
  • The VirtuCrypt cloud, which receives data from the Excrypt Touch, sends it to one or more VirtuCrypt Cloud HSMs, receives a response from the HSMs, and passes the secure data back to the Excrypt Touch.
  • One or more VirtuCrypt Cloud HSMs to handle your data requests.

Managing application partitions, identities, and function settings through the HSM Web Portal

The BYOK application is designed for managing keys either on a single HSM or a group of HSMs. In contrast, the HSM Web Portal serves as a one-to-one configuration, providing you with the means to manage application partitions, identities, function settings, and other features for a single HSM.