Black Box ET0010A User Manual
EncrypTight Overview
24
EncrypTight User Guide
Secure Communications Between Devices
Each node in the distributed key system, the EncrypTight management station, the ETKMSs, and the
PEPs, communicate policy and status information with other nodes. Given the distributed nature of
networks, much of this communication occurs across public networks.
PEPs, communicate policy and status information with other nodes. Given the distributed nature of
networks, much of this communication occurs across public networks.
EncrypTight uses Transport Layer Security (TLS) to encrypt management traffic between EncrypTight
components. This protocol allows secure communication between the devices in the system while
providing information about the secure stream to EncrypTight. You can enhance that security by
authenticating the management communications between EncrypTight components using certificates. To
learn more about certificates and strict authentication, see
components. This protocol allows secure communication between the devices in the system while
providing information about the secure stream to EncrypTight. You can enhance that security by
authenticating the management communications between EncrypTight components using certificates. To
learn more about certificates and strict authentication, see
.
Secure Key Storage within the ETKMS
Key generation and key storage on the ETKMS are critical to maintaining security in EncrypTight. The
ETKMS uses the following mechanisms to protect the keys:
ETKMS uses the following mechanisms to protect the keys:
●
Generates keys using known secure algorithms
●
Encrypts keys that are distributed and stored locally
●
Limits access to keys to authorized administrators
●
Prevents external probing to access or modify keys
●
Optionally generates and stores keys in a hardware security module