Keystores in Stream
In Stream, keys are grouped in key containers called Keystores.
Stream handles 3 types of Keystores: Software keystores, PKCS#11 HSMs and Cloud KMS. Note that some restrictions apply regarding the supported key types of the HSMs, namely:
-
The software keystore supports:
-
RSA key sizes above 512 bits (the web administration console only offers RSA 2048, RSA 3072, RSA 4096 and RSA 8192);
-
3 elliptic curves: ECC NIST P-256, ECC NIST P-384 and ECC NIST P-521;
-
2 Edward curves: ED-448 and ED-25519;
-
-
The PKCS#11 keystore crypto capabilities are entirely reliant on the HSM that is used. Generally, RSA keys are all supported, while elliptic curves are not all supported by every HSM vendor. Currently, Edward curves are also not supported by some HSM vendors;
-
Stream can consume the following key types from an AWS KMS instance:
-
RSA 2048, RSA 3072, RSA 4096;
-
ECC NIST P-256, ECC NIST P-384, ECC NIST P-521;
-
The AWS KMS currently does not support Edward Curves;
-
Stream currently does not support the ECC SECG P-256k1;
-
-
Stream can consume the following key types from an AKV instance:
-
RSA 2048, RSA 3072, RSA 4096;
-
ECC NIST P-256, ECC NIST P-384, ECC NIST P-521;
-
Azure Key Vaults (even the Premium ones) currently do not support Edward Curves;
-
Stream currently does not support the ECC SECG P-256k1;
-
-
Stream can consume the following key types from a GCP CKM instance:
-
RSA 2048, RSA 3072, RSA 4096;
-
ECC NIST P-256 and ECC NIST P-384;
-
The GCP CKM currently does not support Edward Curves.
-