ORCA - The Secured all-in-one solution for Offline Root CA
ORCA solves the common challenges of the Offline Root CA: the Hardware, the Software,the HSM, the Backup storage and the Integration of those four elements.
With ORCA you don’t have to spend valuable time integrating bits and bytes in a functional solution. RNTrust has built ORCA as an off-the-shelf turnkey solution.
ORCA runs on a state-of-the-art Mini PC with Intel Atom x5-Z8500 1.44Ghz CPU Quad Cores Quad Threads (up to 2.24Ghz), 4GB RAM and 64 GB SSD storage.
With ORCA, you will be able to create and manage multiple CA Certificates and CRLs, making your key ceremonies smooth and easy.
ORCA supports all the standards including:
- RSA, DSA and EC private keys.
- All x509v3 extensions.
- PKCS#1 unencrypted RSA key storage format.
- PKCS#7 Collection of public certificates.
- PKCS#8 Encrypted private key format for RSA DSA EC keys.
- PKCS#10 Certificate signing request.
- PKCS#11 Security token / Smart card / HSM access.
- PKCS#12 Certificate, Private key and probably a CA chain.
To ensure strong protection of the private keys, ORCA uses an nShield Edge hardware security module.
The nShield Edge hardware security module (HSM) is a full-featured, portable USB HSM designed for low-volume transaction environments. It’s capable of encryption and key protection and is ideally suited for off-line key generation for certificate authorities (CAs).
nShield Edge Features:
- Certifications: nShield Edge USB HSMs are certified to FIPS 140-2 Level 2 and Level 3.
- Supported APIs: PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG.
Supported Cryptographic Algorithms:
- Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH, Edwards (X25519, Ed25519ph).
- Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES.
- Hash/message digest: SHA-1,
- SHA-2 (224, 256, 384, 512 bit),
- Full Suite B implementation with fully licensed ECC, including Brainpool and custom curves.
- Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs.
- Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11 and nCore APIs.
To ensure maximum security of your Root CA, ORCA includes a PIN-authenticated, AES-XTS 256-bit hardware encrypted flash drive that securely encrypts, stores and protects data to military standards.
The Apricorn Aegis Secure Key 3NX allows you to securely store ORCA Backups to ensure compliance with stringent data protection and confidentiality regulations and directives, such as GDPR, HIPAA, SOX, CCPA and more.
Get the benefits of a Bundle Offline Root CA for the lifetime of your PKI, without the need for a specialized environment or additional complexity.
All ORCA components comply with the following safety and Environmental Standards: CE, FCC, RoHS2.