Acala emulates a hardware security module to protect X.509 certificates and private keys. It provides a secure environment for cryptographic operations that nearly all security-enabled applications can access.
Acala affords an organization’s servers the functionality of a physical hardware security module (HSM) for a fraction of the cost. It stores each servers’ credentials in a single encrypted file on any designated storage device (e.g., local hard drive, network share, or removable memory device), and provides cryptographic operations to security-enabled
programs through a PKCS#11 application programming interface.
In some instances, Acala may be used in a CSfC solution as the PKCS#11cryptographic provider for CertAgent, ISC’s Certificate Authority. Acala also includes a key generation feature to generate symmetric keys for use in CSfC solutions that don’t use a PKI.
Use Cases for Acala
Safeguarding Keys in a Low Assurance CertAgent Deployment
Acala’s software protection of a CA’s sensitive keys, combined with sufficient protection of the system on which both Acala and the certificate authority reside, enables a low cost solution for a low assuarance certificate authority
Generating Pre-shared Keys for a IKEv1 VPN
Acala supports the generation of symmetric keys in an IPSEC VPN using IKEv1 deployment
Securing Keys in a Prototype, Test, or Development CertAgent Effort
Acala allows the quick establishment of a certificate authority for prototype, test, or development purposes without the expense of a true hardware security module.