Across all industries the requirements for managing cryptographic keys are becoming ever-more complex. Ensuring that the right key is in the right place at the right time is mandated by many organisations, i.e. major card payment scheme providers. This is a complicated requirement as most businesses need to manage an ever-increasing number of keys, while reducing the risk of internal and external fraud, as well as keeping costs at a minimum.

The Crypto Key Management System (CKMS) streamlines administration and reduces costs associated with traditional key management. Through its flexible and automated protocols, CKMS gives users the flexibility to manage a very large number of keys - throughout their entire life cycle - without drowning in work. Using Cryptomathic CKMS, administrators can uniformly and centrally manage the life cycle of all cryptographic keys across a range of encryption platforms.

Key Management Functions of Cryptomathic CKMS

  • Generation / back up / restore / update
  • Distribution - automated or in key shares
  • Import or export in key shares
  • Enforce security controls
  • Encryption using Key Encryption Keys (KEKs) / Zone Master Keys (ZMKs)
  • Certification (e.g. using X.509 or EMV certificates)

Key Life Cycle

CKMS manages all aspects of cryptographic keys during their life cycle

Keys can be securely generated and pushed to any key distribution target as and when required, and key custodians can use asynchronous log-on to projects for adding components securely - reducing the need for manual key ceremonies, while vastly improving workflows.

Based on industry standards, CKMS ensures compliance and simplifies internal and external audits.

CKMS Features

  • At your desk key ceremonies
  • Automated key distribution and updating
  • Centralised life cycle key management
  • Compliance 
    • Authorities: FIPS, Internal audit, PCI, Payment schemes and S/O
    • Domains: Physical (e.g. tamper) & logical security (crypto/SW/system design)
  • Configurable role-based access
  • Flexible key attributes eliminate paperwork
  • High availability and scalability
  • Searchable tamper evident audit log
  • Support for all major HSM brands
  • Trusted path using secure PIN pads

Click here for specifications.


CKMS customers range from medium size enterprises to multinational companies in technology manufacturing and finance. Our key management customers include global players such as First Data, Infineon Technologies and MasterCard.


Read White Paper