SmartKey powered by Fortanix is the world’s first cloud service secured with Intel® SGX. With SmartKey, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with SmartKey using legacy cryptographic interfaces or using the native SmartKey RESTful interface.
SmartKey uses built-in cryptography in Intel® Xeon® CPUs to help protect the customer’s keys and data from all external agents, reducing the system complexity greatly by removing reliance on characteristics of the physical boxes. Intel® SGX enclaves prevent access to customer’s keys or data by Equinix, Fortanix or any other cloud service provider.
Unlike many hardware security technologies, Intel® SGX is designed to help protect arbitrary x86 program code. SmartKey uses Intel® SGX not only to help protect the keys and data but also all the application logic including role based access control, account set up, and password recovery. The result is significantly improved security for a key management service that offers the elasticity of modern cloud software and the hardware-based security of an HSM appliance, all while drastically reducing initial and ongoing costs.
SmartKey is designed to enable businesses to serve key management needs for all their applications, whether they are operating in a public, private, or hybrid cloud.
How SmartKey Works
SmartKey allows you to manage, store, and use your keys and secrets. You can generate keys in SmartKey or import your own keys. You can use these keys to perform cryptographic operations on your data that you can provide to SmartKey using the REST APIs, the PKCS#11, KMIP, JCE, Microsoft CAPI, or Microsoft CNG providers, or the command-line client. All requests to SmartKey are logged and can be reviewed and monitored using the SmartKey web UI.
Cryptographic Operations and Key Management
SmartKey™ enables you to manage the lifecycle of security objects (keys, certificates, etc.), and use them for performing cryptographic operations. The following operations are supported:
- Create symmetric and asymmetric keys
- Import your own keys
- Derive new keys from existing keys
- Role based access control to determine which users, groups, or apps have access to which keys, and what operations on those keys
- Statistics on usage of keys
- Complete audit trail for use of keys
- Encryption and decryption using symmetric and asymmetric keys
- Sign and verify operations