nShield 5s

nShield 5s is a PCIe card that perform encryption, digital signing, and key generation for an extensive range of commercial and custom-built applications, including certificate authorities, code signing, and more.


With their comprehensive capabilities, quantum crypto-agility, and 100% compatibility with existing nShield HSM deployments and APIs, tthese HSMs have a high degree of security and are certified according to the FIPS 140−3 standard. Each nShield 5s hardware security module comes with an external smart card reader for local use.
Advantages
Tech Specifications

Advantages

  • Powerful architecture
Our Security World architecture integrates nShield HSMs into a unified ecosystem, delivering scalability, load balancing, and more.

  • Faster Dara Processing
nShield 5s HSMs are ideal for enterprise retail, IoT 5G, and other environments where throughput is critical.

  • Protection of sensitive business and application logic
Execute code within nShield boundaries, protecting your applications and the data they process.

Tech Specifications

Certified Hardware Solutions
Entrust has earned a broad set of certifications for nShield HSM products. These certifications help our customers to demonstrate compliance while also helping to give them the assurance that their nShield HSMs meet stringent industry standards.

Safety and Environmental Standards Compliance
  • UL, CE, FCC, Canada ICES, KC, VCCI, RCM, UKCA RoHS, WEEE, REACH

Security Compliance
  • FIPS 140-3 Level 3 eIDAS and Common Criteria EAL4 + AVA_VAN.5 and ALC_FLR.2 certification against EN 419 221-5 Protection Profile, under the Dutch NSCIB scheme
  • Can form the basis of an EN 419 241-2 certified remote signing system for eIDAS
  • Compliant with BSI AIS 31 for true and deterministic random number generation

Supported APIs
  • PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG, nCore, and Web Services

Supported Cryptographic Algorithms
  • Full NIST Suite B implementation
  • Asymmetric algorithms: RSA, Diffie-Hellman, ECMQV, DSA, El- Gamal, KCDSA, ECDSA (including NIST, Brainpool & secp256k1 curves), ECDH, Edwards (Ed25519, Ed25519ph)
  • Symmetric algorithms: AES, AES-GCM, Arcfour, ARIA, Camellia, MD5 HMAC, RIPEMD160 HMAC, SEED, SHA-1 HMAC, SHA-224 HMAC, SHA-256 HMAC, SHA-384 HMAC, SHA-512 HMAC, Tiger HMAC, 3DES
  • Hash/message digest: MD5, SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160, RIPEMD160, SHA-3 (224, 256, 384, 512 bit)
  • Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs
  • Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11 and nCore APIs
  • TUAK & MILENAGE algorithm support for mutual authentication and key generation (3GPP)
  • NIST short-listed post-quantum cryptographic algorithms supported using the nShield Post-Quantum SDK with CodeSafe

Supported Platforms
Windows and Linux operating systems including distributions from Red Hat and SUSE.

Reliability
Calculated at 25°C operating temperature using Telcordia SR-332 “Reliability Prediction Procedure for Electronic Equipment" MTBF Standard
  • nShield 5s HSM: 1,702,841 hours
Made on
Tilda