What secure devices or HSM does "Trembita" support?

According to the regulations of the system (clause 5.2.) and the Law of Ukraine "On electronic trust services", signing of messages in electronic format should be carried out only with the use of QES (secure media). In the test environment of the system, the use of a file key is allowed. When deploying components in a cloud environment, a network HSM (Network Crypto Module) must be used.

  • For the test environment an electronic key (file), token (secure media) or network HSM (Network Crypto Module) can be used. Usually, only file media is used for quick connection and testing.
  • For the production environment - only token or network HSM (Network Crypto Module).

If a large number of interactions are planned (heavy load), it is recommended to use network HSM. Tokens are not intended for heavy workloads.

The electronic key is a stamp of a legal entity in the Key-6.dat format with two certificates ("Signature, non-irrefutability" certificate and "Encryption" certificate).

Secure private key (token) - a hardware device that meets the requirements for cryptographic protection of confidential information and is used to store private keys (for electronic stamps) of signing and encryption issued by qualified providers of electronic trust services.

"Trembita" supports the following secure devices and HSM:

  • Secure devices:
    • “Almaz-1К”
    • “Crystal-1”
    • Author “Secure Token 337”
    • Efit EfitKey
  • HSM:
    • ІІТ Hryada-301