Generic
External Key Migration (Genera...
Key sources
8min
you can migrate key material to a {{vectera}} or {{k3}} from the following sources general purpose hsms key management servers payment hsms software this section covers the specifics related to general purpose hsms and key management servers migrating from software sources see the external key migration (financial) administrative guide for details on migrating key material from a third party payment hsm to the {{futurex}} excrypt ssp enterprise v 2 or excrypt plus general purpose or key management server sources most, if not all, major third party general purpose hsms and key management servers provide a method for exporting key material, which you can then migrate to another hsm or key management server, such as a {{vectera}} refer to the documentation specific to each third party hsm or key management server for details software sources this section covers software sources, including key management software and data structures for storing keys in software key management software the following list identifies some products in the key management software space openssl aws key management service google cloud key management azure key vault windows certificate stores types of data structures for storing keys the following list describes the data structures you can use to store keys in software data structure description pkcs #12 pkcs #12 defines an archive file format for storing many cryptographic objects as a single file you can use it to bundle a private key with its x 509 certificate or bundle all the members of a chain of trust pkcs #12 is the successor to microsoft pfx, but the terms pkcs #12 file and pfx file are sometimes used interchangeably pkcs #8 pkcs #8 is a standard syntax for storing private key information you can encrypt the pkcs #8 private key with a passphrase by using the pkcs #5 standards, which support multiple ciphers pkcs #8 private keys are typically exchanged in the pem base64 encoded format ecb electronic code book (ecb) is a simple mode of operation with a block cipher often used with symmetric key encryption it processes a series of sequentially listed message blocks the data encryption standard (des) became an official federal information processing standard (fips) in 1977 des can use five modes to encrypt data, including ecb, which is the simplest and weakest because repeating plaintext generates repeating ciphertext