nShield 5s HSMs

nShield 5s HSMs are PCIe cards that perform encryption, digital signing, and key generation for an extensive range of commercial and custom-built applications, including certificate authorities, code signing, and more. With their comprehensive capabilities and quantum crypto-agility, they are 100% compatible with existing nShield HSM deployments and APIs, and they are highly secure, with FIPS-140-3 Level 3 certification (expected Dec ’23)).

Models

 

The nShield 5s HSM series includes the new high-performance nShield 5s High, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.Tech Specs

Certified Hardware Solutions

Entrust has earned a broad set of certifications for nShield HSM products. These certifications help our customers to demonstrate compliance while also helping to give them the assurance that their nShield HSMs meet stringent industry standards.

Safety and Environmental Standards Compliance

  • UL, CE, FCC, Canada ICES, KC, VCCI, RCM, UKCA RoHS, WEEE, REACH

Security Compliance

  • FIPS 140-3 Level 3 (expected Dec ’23)
  • BSI AIS 20/31 compliant

Supported APIs

  • PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG, nCore, and Web Services

Supported Cryptographic Algorithms

  • Full NIST Suite B implementation
  • Asymmetric algorithms: RSA, Diffie-Hellman, ECMQV, DSA, El- Gamal, KCDSA, ECDSA (including NIST, Brainpool & secp256k1 curves), ECDH, Edwards (Ed25519, Ed25519ph)
  • Symmetric algorithms: AES, AES-GCM, Arcfour, ARIA, Camellia, MD5 HMAC, RIPEMD160 HMAC, SEED, SHA-1 HMAC, SHA-224 HMAC, SHA-256 HMAC, SHA-384 HMAC, SHA-512 HMAC, Tiger HMAC, 3DES
  • Hash/message digest: MD5, SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160, RIPEMD160, SHA-3 (224, 256, 384, 512 bit)
  • Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs
  • Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11 and nCore APIs
  • TUAK & MILENAGE algorithm support for mutual authentication and key generation (3GPP)
  • NIST short-listed post-quantum cryptographic algorithms supported using the nShield Post-Quantum SDK with CodeSafe

Supported Platforms

Windows and Linux operating systems including distributions from Red Hat and SUSE.

Reliability

Calculated at 25°C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment” MTBF Standard

  • nShield 5s HSM: 1,702,841 hours