000013360 - Can I install RSA Key Recovery Manager without a hardware security module (HSM)?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013360
Applies ToRSA Certificate Manager 6.8
Redhat Linux Advanced Server 4.0
RSA Key Recovery Manager
IssueCan I install RSA Key Recovery Manager without a hardware security module (HSM)?
Is it possible to install KRM without an HSM?
Resolution

It is mandatory to use an HSM to do key recovery as the recovery process implies that

            1. The private key which should be owned by an end user will now also resides somewhere else, on the HSM
            2. That private key can be retrieved by someone which is not the owner, the Key Recovery Operators

Because of those two concepts, the private key must be stored in the most secure way and be also recovered in a secure manner, which the HSM provides.

We do support nCipher nShield and netHSM, and also any PKCS #11-compliant HSM, including the nCipher P11 library. RSA has tested Key Recovery Manager with Safenet Luna SA.

 

Legacy Article IDa43225

Attachments

    Outcomes