The following Entrust solutions support a Hardware Security Module (HSM) for cryptographic operations.
- Certificate Authorities (CAs)
- Timestamping Authority (TSA)
- Entrust Validation Authority (EVA)
See the following table for supported versions.
Provider | Hardware | Client drivers | Firmware | CA | TSA | VA |
|---|---|---|---|---|---|---|
Entrust nShield | nShield Connect XC (Security World V3) | 12.60.3 (FIPS 140-2 Level 3 mode supported) | 12.60.15 or 12.60.2 |
|
|
|
Entrust nShield | nShield 5c | 13.6.3 | 13.2.4 |
|
|
|
Thales | Safenet - LunaSA 7.2.02.0 | Luna HSM 10.7.0 (FIPS 140-2 Level 3 mode supported) | 7.7.1-20 |
|
|
|
Thales | Thales DPoD | Luna HSM 10.7.0 (FIPS 140-2 Level 3 mode supported) | 7.7.1-20 |
|
|
|
When integrating a Hardware Security Module (HSM):
- You cannot use HSMs from different providers simultaneously, meaning that nShield and Thales HSMs cannot coexist within the same deployment.
- You can only use 1/N card sets. A card set of, for example, 2/5 cards is not supported.
You do not need to install the client drivers because the solution already includes this software. However, these client drivers cannot be updated.