What it does

As a centralized key management system, the primary task of CKMS is to provide lifecycle management of cryptographic keys. This includes all the functions related to importing, generating, exporting and renewing keys, as well as enforcing their correct usage. 

CKMS delivers banking grade key lifecycle management for virtually any application throughout a business - from a single platform.


Business process owners are primarily concerned with reducing risk and cost while ensuring compliance with relevant standards. CKMS delivers strong and audit-logged key-management processes to protect from deliberate attacks and human errors, while reducing operational costs and reputational risks.

Technical and security staff are typically concerned about their time performing complex and repetitive manual key-management tasks to maintain the operation of critical systems. CKMS can automate these tasks and liberate skilled staff for higher value tasks.

Easily integrated with both legacy systems and new-build applications, CKMS provides a strong and extensible platform for the protection of high-value keys critical to the safe operation of your business.

Key functions of Cryptomathic CKMS

  • Generation / back up / restore / update
  • Distribution - automated or in key shares
  • Import or export in key shares
  • Enforce security controls
  • Provide audit and usage logs
  • Encryption using Key Encryption Keys (KEKs) / Zone Master Keys (ZMKs)
  • Certification (e.g. using X.509 or EMV certificates)



New Call-to-action
New Call-to-action
New Call-to-action

Cryptomathic CKMS
Versatile Key Management

Typical Use Cases

CKMS adds value where high-value keys are used by business-critical processes. Some typical and proven use-cases include:

  • EMV keys for card issuance and authorization, e.g. BASE24
  • ATM and POS remote key loading (RKL)
  • HSM application keys, e.g. Atalla, Thales, etc.
  • Bring Your Own Key (BYOK) to cloud environments
  • Keys for data protection, e.g PCI DSS & GDPR compliance
  • X.509 certificates for web servers (SSL/TLS), load balancers and more


CKMS provides both out-of-the-box and custom integrations with a wide range of platforms and applications. Integrations are supported in both off-line (manual key exchange) and on-line (automatic, seamless) modes.

Entities that keys can be delivered to include:

  • Java Key Store (JCE), PKCS #11 and Microsoft CAPI applications
  • Hardware Security Modules (HSM)
  • Cloud applications – ‘Bring Your Own Key’ formats
  • Payment Platforms – ATM and POS systems; Base24 and zOS integrations

Integrations with various certificate authorities are also supported.

The flexibility of a key management system can be assessed by the breadth of Key Block formats supported.



Security and Compliance

A system that puts high value keys under management needs to have the strongest security architecture. Prescriptive standards (e.g. PCI-DSS) mandate particular behavior regarding key life cycle management.

CKMS utilizes specialist hardware (HSMs) to ensure the quality of keys generated and the protection of these keys in storage and in transit. CKMS meets or exceeds the requirements specified via use of:

  • PCI-PED compliant PIN-pads
  • FIPS 140-2 Level 3 for HSMs and smart-cards
  • PCI-DSS key management requirements

New Call-to-action

We are always ready to assist you 

It doesn't matter where you are. We can work anywhere in the world! And we would love to hear from you, be sure we will reply asap.



Case Study -   Swedbank 

Learn how one of Europe’s largest acquirers has modernised its cryptographic key management activities through central generation.

  Read Case study

White Paper - EMV Key Management

Lack of overview or trouble understanding EMV key management? EMV as seen from a crypto angle for all involved parties in acquiring and issuing.

Read Whitepaper
 Selecting the Right Key Management System

Selecting the Right Key Management System

This paper describes a variety of systems that exist in the market and provides guidance to narrow down the field to best meet your requirements.

  Read White paper


At the leading edge of security provision within its key markets, Cryptomathic closely supports its global customer base with many multinationals as longstanding clients.