Default banner

Developer APIs for Key Management and Encryption

CipherTrust Application Data Protection

CipherTrust Application Data Protection offers simple-to-use, powerful software tools for application-level key management and encryption of sensitive data. The solution is flexible enough to encrypt nearly any type of data passing through an application. Applicate-layer data protection can provide the highest level of security, as it can take place immediately upon data creation or first processing and can remain encrypted regardless of its data life cycle state – during transfer, use, backup or copy.?CipherTrust Application Data Protection can be deployed in physical, private or public cloud infrastructure to secure data even when it is migrating from one environment to another, without any modifications to existing encryption or data processing policies.

CipherTrust Application Data Protection is deployed with CipherTrust Manager, an architecture that centralizes key and policy management across multiple applications, environments, or sites. The combined solution provides granular access controls that separate administrative duties from data and encryption key access. For example, a policy can be applied to ensure that no single administrator can make a critical configuration change without additional approval.

  • Benefits
  • Features
  • Specifications

Centralized key management

Centralized key management enables developers to add security to applications, free from complex and risky alternative key management stores.

Accelerate Secure Application Development

With APIs for both PKCS#11 and KMIP and bindings for Java, C/C++, .NET and REST, more developers gain a faster start and can leverage the solution for more data protection use cases.

Leverage the cloud with utmost security

Architecture is both IaaS- and PaaS friendly, with keys that cloud administrators cannot access.

Offload crypto processing from application hosts

Leveraging CipherTrust Manager power cryptographic performance, simple configuration tells the archtecture to encrypt there, saving application server CPU cycles.

Broad Key Support

The solution offers both symmetric and asymmetric keys to cover a vast range of use cases.

Many Architecture Choices

The solution offers development flexibility, provided with a range of architecture and API choices. Developers can choose RESTful APIs to limit deployment footprint, leveraging both key management and crypto operations occurring on CipherTrust Manager. In addition, installable development libraries and APIs are available. Finally, another lightweight deployment option is to install the encryption and key management libraries on a web server and access them from an application server using SOAP or REST APIs.

Automated Key Rotation

CipherTrust Application Data Protection features built-in, automated key rotation, and offers a wide range of cryptographic operations including encryption, decryption, digital signing and verification, secure hash algorithms (SHA), and hash-based message authentication code (HMAC).

Rich Ecosystem of Solutions

CipherTrust Application Data Protection provides key management and/or encryption services for a formidable ecosystem of solutions including Linux Unified Key Management (LUCKS) and key management for Transparent Database Encryption (TDE) vendors including Oracle, Microsoft SQL Server, and HashiCorp Vault, among many others.

Development Libraries and APIs

  • Java, C/C++, .NET
  • XML open interface, KMIP standard
  • Web services: SOAP and REST

Encryption Algorithms

  • Including 3DES, AES-256, SHA-256, SHA-384, SHA-512, RSA-1024, RSA-2048, RSA-3072, RSA-4096

Web Application Servers

  • Apache Tomcat, IBM WebSphere, JBoss, Microsoft IIS, Oracle WebLogic, SAP NetWeaver, Sun ONE, and more

Cloud and Virtual Infrastructures

  • Works with all major cloud platforms, including AWS, Azure, IBM Cloud, Google and VMware

Supported Platforms for ICAPI Provider

  • Red Hat Enterprise Linux 5.4 and above
  • Microsoft Windows 2003, 2008 R2, and 7 in both 32-bit and 64-bit