MTG Key Management System

Cryptographic keys are the cornerstone of modern security infrastructure, protecting critical systems, sensitive data, and digital communications. Effective key management ensures these vital security assets remain secure throughout their lifecycle while being readily available for authorized applications and services.

The MTG Enterprise Key Management System (KMS) provides a comprehensive solution for managing cryptographic keys across your organization, preventing security breaches and ensuring regulatory compliance through centralized control and robust security practices.

Key Management Lifecycle

Proper key management involves several essential stages:

Lifecycle Stage	Description
Generation	Creating cryptographic keys using secure algorithms and random number generation
Storage	Protecting keys in secure storage systems, often hardware security modules (HSMs)
Distribution	Securely delivering keys to authorized applications and services
Usage	Employing keys for encryption, signing, and other cryptographic operations
Archival	Securely storing retired keys for potential future access to encrypted data
Destruction	Permanently removing keys when no longer needed

Lifecycle Stage

Description

Generation

Creating cryptographic keys using secure algorithms and random number generation

Storage

Protecting keys in secure storage systems, often hardware security modules (HSMs)

Distribution

Securely delivering keys to authorized applications and services

Usage

Employing keys for encryption, signing, and other cryptographic operations

Archival

Securely storing retired keys for potential future access to encrypted data

Destruction

Permanently removing keys when no longer needed

MTG Enterprise KMS provides the tools and capabilities to manage each of these stages effectively, helping you maintain a strong security posture across your organization.

Key Management Architecture

The MTG KMS architecture is designed for enterprise-grade security and flexibility:

Integrated within the broader MTG ERS® ecosystem
Expandable with additional security components like Certificate Lifecycle Manager
Support for various Hardware Security Modules (HSMs) including Utimaco, Entrust, and Thales
Accessible through standard APIs (KMIP, PKCS#11, REST)
Simplified integration through Java SDK and specialized adapters

This architecture enables applications throughout your organization to access a centralized security system for all cryptographic operations while maintaining strict control over key usage.

Key Management Capabilities

Secure Key Storage

Central key storage is essential for maintaining control of cryptographic assets:

Support for multiple on-premise and cloud HSMs
Database-stored, HSM-encrypted keys for optimized performance
Key import and export through various formats
Secure key generation for modern cryptographic algorithms
Support for post-quantum cryptography

Secure Key Operations

MTG KMS supports a comprehensive range of cryptographic operations:

Complete support for KMIP and PKCS11 operations
REST API for both simple and advanced cryptographic functions
Symmetric and asymmetric encryption
Digital signatures
Hashing
Random number generation

Key Lifecycle Management

Comprehensive lifecycle management ensures keys remain secure and compliant:

Key expiration date management
Support for multiple business domains
Secure key archival and destruction
Strict cryptographic policy enforcement
Enterprise roles and rights system

By implementing MTG Enterprise KMS, organizations can establish centralized control over cryptographic keys, prevent unauthorized access, and ensure that cryptographic operations follow security best practices and compliance requirements.