External Key Migration

this document explains how to migrate key material from a third party hardware security module (hsm) or key management server to a {{vectera}} hsm or {{k3}} for additional questions related to these devices, see the relevant user guide {{vectera}} overview the {{vectera}} hsm handles cryptographic processing and key management for various general purpose use cases our hsms protect data in transit, in use, and at rest through various physical and logical security measures, and we validate them under fips 140 2 level 3 and pci hsm standards the secure cryptographic device (scd) contained within the {{vectera}} hsm handles all sensitive operations and supports common algorithms such as 3des, aes, rsa, and ecc it also supports a range of key derivation and wrapping methods, message authentication algorithms, and more {{k3}} overview the {{k3}} is a scalable, versatile, and standards compliant cryptographic device used to create, manage, distribute, and revoke keys and certificates the {{k3}} provides a secure, functional platform for conducting full life cycle key and certificate management from a single location you can store and keep track of existing keys and certificates and generate new ones as needed advantages of the {{k3}} include offers management of the certificate life cycle and both full symmetric and asymmetric keys has a permission based user control system with dual control and segregation of roles includes a robust, versatile api for programming automation of repetitive tasks has design templates and print secure key mailers for distributing key components enables remotely and securely injected encryption keys, reducing the logistical burden associated with direct key injection enables you to manage keys from one central location, reducing the cost of traveling to multiple data centers provides centralized operation of both certificate and registration authority functionality has application encryption capabilities provides support for simple certificate enrollment protocol (scep) another essential feature of the {{k3}} is its modular architecture system, built around our proven cryptographic technology we designed this modular architecture system to provide custom solutions to fulfill the unique needs of organizations across a wide range of industries full integration with our hardened enterprise security platform enables the {{k3}} to offer unparalleled functionality expansion options and the scalability necessary to keep pace with even the most rapid and demanding organizational growth integration overview the sections of this guide explore the following external key migration topics key sources key storage methods key transport methods {{futurex}} key storage methods