Home > Products > Bloombase KeyCastle

Bloombase KeyCastle - Enterprise Key Life-Cycle Management

Overview | Specifications

Technical Specifications


Bloombase KeyCastle offers extensive enterprise key management and protection with rich cryptographic capabilities to secure your corporate sensitive data.

Download Specifications

You need Adobe Acrobat Reader to read our digital product brochure.


  • NIST FIPS 197 AES encryption and decryption (NIST certificate #1041)
  • RSA public key cryptography (NIST certificate #496)
  • SHA-1, SHA-256, SHA-384, SHA-512 hash generation (NIST certificate #991)
  • Proven keyed-hash message authentication code generation (NIST certificate #583)
  • Japan NTT/Mitsubishi Camellia encryption and decryption
  • Chinese National SCB2(SM1), SSF33, SSF28 encryption and decryption
  • Korean Data Encryption Standard (SEED) and ARIA block ciphers
  • NIST FIPS 46-3 3DES and DES encryption and decryption
  • RC2, RC4, RC5 and RC6 encryption and decryption
  • CAST5 encryption and decryption
  • Twofish and Blowfish encryption and decryption
  • IDEA encryption and decryption
  • Serpent and Skipjack encryption and decryption
  • DSA public key cryptography
  • MD5 and Chinese National SCH(SM3) hash generation
  • Pluggable cipher architecture for future cipher upgrade or custom cipher support
  • Hardware ASIC cryptographic acceleration (optional)

Key Generation

  • Accredited random number generator (RNG) (NIST certificate #591)
  • ID Quantique Quantis true random number generator support (optional)

Key Management

  • Multiple certificate authority (CA) support
  • Hardware true random (optional) or software pseudo-random key generation, inquiry and deletion
  • No limitation on number of cryptographic keys managed or scales with system storage infrastructure
  • Built-in certificate request and revocation check (CRL/OCSP)
  • X.509 and PKCS#12 DER and PEM Key Import and Export
  • Key Usage Profiling
  • RDBMS and Generic LDAP Support and Integration
  • Industry Standard PKCS#11
  • NIST FIPS-140-1 level 2 cryptographic module support (optional)
  • Automatic Certificate Retrieval via HTTP or LDAP
  • Certificate Validity Check
  • Certificate Revocation Check via HTTP or LDAP
  • Certificate Revocation List (CRL)
  • Certificate Revocation List Distribution Point (CRLDP)
  • Online Certificate Status Protocal (OCSP)
  • CRL scheduled download, caching and automatic retry
  • OCSP scheduled request, caching and automatic retry

Hardware Security Module Support

  • AEP Networks Keyper
  • Oracle Sun Crypto Accelerator
  • Sophos Utimaco SafeGuard CryptoServer
  • Thales nShield
  • HP Atalla
  • IBM 4758 Cryptographic CoProcessor
  • IBM eServer Cryptographic Accelerator
  • IBM Crypto Express2
  • IBM CP Assist for Cryptographic Function
  • Cavium NITROX XL
  • Other PKCS#11 compliant hardware security modules

Standard Support and Certification

  • OASIS Key Management Interoperability Protocol (KMIP) compliant
  • NIST FIPS 140-2 compliant Bloombase Cryptographic Module


  • Web based management console
  • Central administration and configuration
  • User security
  • Serial console
  • SNMP v1, v2c, v3
  • syslog, auto log rotation and auto archive
  • Heartbeat and keep alive

Client Accessibility

  • PKCS#11
  • OpenSSL
  • Java JCA/JCE
  • Web services
  • Plain socket
  • Java HTTP tunneling
  • Java Remote Method Invocation (RMI)
  • Native language support: C, C++, Java
  • PKI-based client authentication and identity management
  • PKI-based network channel encryption

Disaster Recovery

  • Configurations backup and restore
  • FIPS-140 hardware security module recovery key or software recovery key vault for settings restoration
  • Customer-defined recovery quorum (e.g. 2 of 5)
  • FIPS-140 hardware security module operator key or operator pin for daily Bloombase KeyCastle operation
  • High-availability option for active-active or active-standby operation
  • Stateless active-standby failover

Platform Support

  • Solaris, HP-UX, OpenVMS, IBM AIX, Linux, Microsoft Windows and Mac OS X
  • VMware (vSphere, ESXi, Server), Oracle VM, Sun VirtualBox, Citrix XenServer, Microsoft Virtual Server
  • Supports all x86, PowerPC, UltraSPARC, PA-RISC and Itanium architecture hardware

The specification and outlook of the model may vary and is for reference only

Secure Your Data Now

Protect your data with Bloombase transparent encryption.

Bloombase Demonstrations

See how Bloombase protects your digital assets.

Bloombase SupPortal

Get technical support from Bloombase Supportal and Knowledgebase.