2
  1. What is the difference (if any) between a Key Server and an Encryption Engine?
  2. Is a Key Server also the same as a Key Manager?

I've seen the terms Encryption Engine, Key Server and Key Manager used interchangeably and now I'm very confused. Are these the same thing or how do they all interact with each other?

1 Answers1

1

I can see some slight differences.

Encryption engine is just processor (mathematical engine) which takes the data and encrypts/decrypts/hashes them using some keys and given algorithms.

Key server can be a separate server so called Key Vault where encryption keys or other secrets can be stored.

Key manager, form my point of view, is component of key server. Its role is to control access to keys and manage their lifecycle. Both components can be separated so keys can be stored on a different server than where the Key manager is running on.

If keys should be really secure it is good practice to have all these 3 components in single, physically protected box which ensures the keys will never leave the box and will be used just inside for the data encryption/decryption. These boxes are so called Hardware Security Modules (HSM).

Fis
  • 1,200
  • 7
  • 10