Crypto Complete - Key Management
Crypto Complete includes an integrated and comprehensive Key Management System to meet stringent compliance standards such as PCI DSS. The encryption keys can either reside on the same IBM i system (or partition) as the data or can be managed and stored on a different system/partition.
Within Crypto Complete, Data Encryption Keys can be generated up to 256 bit lengths to provide a high level of protection.
Crypto Complete's Key Management System allows organizations to:
- Establish policy settings on how Data Encryption Keys can be created and utilized
- Indicate which users can create and manage Keys
- Randomly generate strong Key values up to 256 bits in length
- Option to import or link to Data Encryption Keys from other Key Management Systems
- Protect Data Encryption Keys using Master Encryption Keys
- Dual Control - Protect the recreation of a Master Encryption Key by requiring passphrases from 2 to 8 users
- Organize Data Encryption Keys into one or more Key Stores
- Restrict the retrieval of the actual Data Encryption Key values
- Provide separation of duties (i.e. the creator of a Key can be restricted from using the Key to encrypt and/or decrypt data)
- Control which users can utilize Keys to encrypt and decrypt data
- Produce detailed audit logs of all Key Management activity
Crypto Complete provides a multi-level security architecture to protect Data Encryption Keys on IBM i.
The IBM i is also referred to as iSeries, AS/400, AS400 and i5