Fortanix Self-Defending Key Management Service (SDKMS) is the world’s first cloud service secured with Intel® SGX. With SDKMS, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with SDKMS using legacy cryptographic interfaces or using the native SDKMS RESTful interface.
SDKMS uses built-in cryptography in Intel® Xeon® CPUs to help protect the customer’s keys and data from all external agents, reducing the system complexity greatly by removing reliance on characteristics of the physical boxes. Intel® SGX enclaves prevent access to customer’s keys or data by Fortanix or any other cloud service provider.
Unlike many hardware security technologies, Intel® SGX is architected to help protect arbitrary x86 program code. SDKMS uses Intel® SGX not only to help protect the keys and data but also all the application logic including role based access control, account set up, password recovery, etc. The result is significantly improved security for a key management service that offers the elasticity of modern cloud software and the hardware-based security of an HSM appliance, all while drastically reducing initial and ongoing costs.
SDKMS is designed to enable businesses to serve key management needs for all their applications, whether they are operating in a public, private, or hybrid cloud.
Cryptographic Operations and Key Management
Fortanix SDKMS enables you to manage the lifecycle of security objects (keys, certificates, etc.), and use them for performing cryptographic operations. The following operations are supported:
- Create symmetric and asymmetric keys
- Import your own keys
- Derive new keys from existing keys
- Role based access control to determine which users, groups, or apps have access to which keys, and what operations on those keys
- Statistics on usage of keys
- Complete audit trail for use of keys
- Encryption and decryption using symmetric and asymmetric keys
- Sign and verify operations