Frequently Asked Questions

Updated: May 17, 2017

What is SmartKey™?

SmartKey™ is a cloud service that enables you to securely generate, store, and use cryptographic keys and certificates, as well as passwords, API keys, tokens, or any blob of data.

Why should I use SmartKey™?

SmartKey™ provides HSM-grade security at the cost of software. SmartKey is built to be highly-available, fault tolerant, and horizontally scalable.

If you use HSMs for your encryption needs in your organization, you can use SmartKey to get similar security at the fraction of the cost, but with much better manageability, and with much better capabilities to scale and recover from faults and disasters.

If you use software based solutions for your encryption needs, you can use SmartKey to drastically increase the security of your key management and encryption solutions.

How do I get started with SmartKey?

You can sign up for a free account at https://www.smartkey.io/#/?signup. Once signed in, you can add your applications to use SmartKey.

SmartKey is also available for on-premises deployment. Please contact Smartkeybeta@equinix.com for more details.

What languages and interfaces are supported by SmartKey?

SmartKey currently provides PKCS#11, JCE, CNG interfaces, a RESTful interface, and a command-line client. SmartKey also provides a web based UI for management and monitoring.

What key management features are available in SmartKey?

The following key management features are provided by SKDMS:

  • Create symmetric and asymmetric keys
  • Import your own keys
  • Derive new keys from existing keys
  • Role based access control to determine which users, groups, or apps have access to which keys, and what operations on those keys
  • Temporarily disable keys
  • Delete keys which are compromised or no longer in use
  • Statistics on usage of keys
  • Complete audit trail for use of keys

What cryptographic operations are available in SmartKey?

The following cryptographic operations are provided by SmartKey:

  • Generation of symmetric (AES, DES, 3DES, HMAC) and asymmetric (RSA, EC) keys
  • Encryption and decryption using symmetric and asymmetric keys
  • Sign and verify operations
  • MAC-generate and MAC-verify operations
  • Key derivation using symmetric encryption

How does SmartKey work?

SmartKey allows you to manage, store, and use your keys and secrets. You can generate keys in SmartKey or import your own keys. You can use these keys to perform cryptographic operations on your data that you can provide to SmartKey using the REST APIs, the PKCS#11, JCE, or CNG providers, or the command-line client. All requests to SmartKey are logged and may be reviewed and monitored using the SmartKey web UI.

Where do my keys live if I use SmartKey?

The keys, as well as other types of secrets stored in SmartKey, are held in an encrypted database when not in use. When in use, the keys are only available inside a secure enclave created using Intel® SGX technology, which ensures that the key material is never available in plaintext to any software component on the node other than SmartKey itself. This includes the OS, hypervisor, BIOS, co-tenant VMs, etc. SmartKey-managed key material is also never exposed in plaintext on the system memory bus or on any other physical interface outside the processor package.

Can Equinix or Fortanix employees access my keys?

Equinix or Fortanix does not have access to customer keys. The keys, including the key material and the related metadata, are encrypted both in use and at rest using an encryption key which is derived by the SmartKey process and the Intel® SGX processor, and is unknown to Equinix.

Where is encryption and decryption done if I use SmartKey?

The encryption and decryption operations are done inside an Intel® SGX enclave created by SmartKey.

Can I import keys into SmartKey?

Yes, keys can be imported into SmartKey using the web UI, using the PKCS#11, JCE, CNG, or CLI interfaces, or using the REST API.

How will I be charged and billed for using SmartKey?

SmartKey is currently in beta and free to use.

How does SmartKey compare with AWS KMS and Azure Key Vault?

SmartKey is the first cloud service built using the Intel® SGX technology. This enables SmartKey to provide HSM-grade security in software. SmartKey is distributed software, written to scale on demand, and is built to be fault tolerant and highly available. AWS KMS and Azure Key Vault rely on HSMs to derive master keys, but the cryptographic operations are done outside the trust boundary of an HSM. in SmartKey, all cryptographic and key management operations are done inside the trust boundary of an Intel® SGX enclave.