Crypto KMS vs KPMI

Key Management

Sun Microsystems (via the project) released its encryption key management technology as open source. The offered toolkit allows developers and manufacturers of storage devices to write applications which will work together with the Sun Microsystems Crypto KMS (KMS stands for “Key Management System“).

The Crypto KMS is an appliance which help you to manage all your encryption keys and tell the storage devices how to encrypt your data (using the right key). Please note that, even if Sun Microsystems is mentioned here, I do not promote their commercial product nor any others. Several manufacturers already have similar products (example: RSA). It’s just the principle which is interesting.

This technology is a great way to increase confidentiality of stored data. Your backup policy requires to keep the media on a remote site? But there are associated risks:

  • Risks during the transport (loss of tapes, untrusted transport path, theft).
  • Risks on the remote site (how to ensure a safe storage).

With the media encryption, your eliminate those risks and meet your compliance (if your business requires some). But data encryption creates a new risk: the risks of loss or compromized encryption key(s).

The encryption process is easy but to be consistent, the encryption must rely on a strong key management. This is the purpose of the released toolkit: benefit of a strong key management architecture. Check out the project page:

It’s funny to see that another project is also born recently, called KPMI (“Key Management Interoperability Protocol“) and pushed by HP, IBM, RSA and Thales. Read more about KPMI here. As we do not live in a perfect world, both systems are of course incompatible! Who will own the market? No idea and I don’t care. But the good point is that companies plan to encrypt more and more data.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.