Spitfire Operator Key

Operations of Spitfire security appliances are secured by Spitfire operator key(s). Spitfire operator key can be in form of pin, software key vault, PKCS#11 compliant hardware security module (HSM) token or card.

Spitfire servers/appliances require at least one operator key to be present for successful initialization. There is no maximum limit on the number of operator keys. Authenticated administrative users accessing Spitfire in its normal production mode of operation can issue new operator key(s) or revoke existing operator key(s) via the web-based management console.

Power-up of Spitfire servers/appliances only starts the management modules for local and remote administration. Actual cryptographic processes are started only when a valid operator key is presented remotely via the web-based management console or locally/physically at the hardware appliance.

Spitfire operator key is protected by pin. Spitfire operator key automatically blocks by itself on 3 successive pin failure. Spitfire administrators can unblock Spitfire operator key with their own unblock pin assigned during initialization sequence.

In worst case scenario where unblock pin is forgotten, administrator can reformat a Spitfire operator key with transport key supplied by Bloombase as a last resort. Care should be taken because on format of Spitfire operator key, all contents are to be erased and there is no known procedure where erased contents can be recovered and unformatted.