DSM-Accelerator Clients Deployment

DSM-Accelerator PKCS#11 Deployment Process

  • The DSM-Accelerator client (PKCS11) is deployed locally on the application client machine.
  • DSM-Accelerator client authenticates with Fortanix DSM using an API key.
  • Applications make crypto calls to the DSM-Accelerator client to perform Crypto operations (encrypt, decrypt, tokenize, detokenize).
  • When a key is used for the first time, it is fetched from Fortanix DSM and then gets cached in the DSM-Accelerator.
  • For subsequent calls, the cached key is used
  • The key will stay cached until the DSM-Accelerator is restarted, if the host is restarted, or until the clear cache API is called.
NOTE
  • When you create a security object, ensure it has the “Export” permission enabled to use it with DSM-Accelerator.
  • The DSM-Accelerator client supports AES 256 CBC mode only.
  • The DSM-Accelerator client supports non-Format Preserving Encryption only.
  • The DSM-Accelerator does not support SGX mode.

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful