Acala Benefits Acala Emulates a Hardware Security Module to Protect X.509 Certificates and Private Keys. It Provides a Secure En

Acala emulates a hardware security module to protect Information Security CORPORATION X.509 certificates and private keys. It provides a secure environment for cryptographic operations that nearly +1-847-405-0500 all security-enabled applications can access. [email protected] www.infoseccorp.com

infoseccorp Overview

Acala affords an organization’s servers the functionality of a physical @infoseccorp hardware security module (HSM) for a fraction of the cost. It stores each servers’ credentials in a single encrypted file on any designated storage /infsec.us device (e.g., local hard drive, network share, or removable memory device), and provides cryptographic operations to security-enabled programs through a PKCS#11 application programming interface. Acala Benefits

• Lowers cost CSfC Applications • Enhances security In some instances, Acala may be used in a CSfC solution as the PKCS#11 • Enforces strict password cryptographic provider for CertAgent, ISC’s Certificate Authority. quality requirements Acala also includes a key generation feature to generate • Audits all private key operations symmetric keys for use in CSfC solutions that don’t use a PKI. • May be easily deployed and managed • Appropriate for oganizations of any size • Uses NIST CMVP-validated FIPS 140-2 cryptography and today’s proven standards, including ANSI X.509 and IETF PKIX, TLS, and S/MIME Use Cases for Acala TECHNICAL SPECIFICATIONS • Complies with NIST FIPS Safeguarding Keys in a Low Assurance CertAgent Deployment 140-2 Level 1 requirements Acala’s software protection of a CA’s sensitive keys, combined with sufficient protection of the • Exports a PKCS#11 version system on which both Acala and the certificate authority reside, enables a low cost solution for a 2.20 compliant API low assuarance certificate authority • Imports and exports PKCS#12, PKCS#7, and ASN.1 DER- Generating Pre-shared Keys for a IKEv1 VPN encoded X.509 certificates Acala supports the generation of symmetric keys in an IPSEC VPN using IKEv1 deployment • Generates up to 8192-bit RSA and up to 571-bit ECDSA PKCS#10 requests Securing Keys in a Prototype, Test, or Development CertAgent Effort • Supports SHA-256, Acala allows the quick establishment of a certificate authority for prototype, test, or development SHA-384, and SHA-512 purposes without the expense of a true hardware security module • Employs password-protected PKCS#15 PDUs for key storage on local, removable, or network-attached drives, using AES-256 for confidentiality and HMAC-SHA-512 for integrity checking

SUPPORTED PLATFORMS • Windows Server 2012 R2 or above • Windows 7, 8, 8.1, 10, or above • CentOS 6.7 (Linux Kernel 2.6) or above (x64)

EXPORT INFORMATION Acala may be freely exported to all but a handful of embargoed countries and denied Information Security CORPORATION parties under License Exception ENC: ©2019 Information Security Corporation. All rights reserved. CertAgent, CSPid, SecretAgent, and SpyProof! are registered trademarks of Information Security Corporation and may not be used without permission. All other trademarks, service marks, and product or service names ECCN 5D002 (C.1); CCATS: Pending are trademarks or registered trademarks of their respective owners. Specifications quoted herein are subject to change without notice.