Migrate from KeySecure Classic Firmware

If you have a legacy KeySecure k450 or k460 appliance, it may be running KeySecure Classic firmware.

To access CipherTrust Manager firmware if you are starting from KeySecure classic, you must either:

• Upgrade your legacy appliance to CipherTrust Manager firmware or

• Migrate your data to a new CipherTrust Manager appliance

If your appliance is running NextGen KeySecure or CipherTrust Manager firmware, you can perform a standard upgrade to deploy the latest CipherTrust Manager firmware.

CipherTrust Managers Changes from SafeNet KeySecure Classic

• No hypervisor limitation - so it can run on any cloud

• Improved User Interface

• Addition of a RESTful interface

• Addition of a full-featured, remote CLI interface

• Backward compatibility with the KeySecure Classic NAE-XML interface and the suite of existing connectors

• Key policies (time of day and rate limits) are no longer supported.

• RC4, 56-bit DES, 112-bit Triple DES, and 168-bit Triple DES in ECB mode (CBC mode is okay) are not supported.

• FPE is only supported with 256-bit keys. 128 and 192 are not supported.

• RSA Export formats supported are PKCS 1 and 8 only.