Perl Developer Solutions
Encryption Key Management for Compliance
A variety of compliance regulations now require that Enterprise customers separate encryption keys from the data that they protect. For Perl developers this means storing encryption keys on an external appliance designed for this purpose, and securely retrieving encryption keys in Perl applications as they are needed for encryption and decryption tasks. Alliance Key Manager is an affordable solution that meets all compliance regulations for the secure creation, management, storage, and distribution of encryption keys. Alliance Key Manager is FIPS-140-2 certified (certificate number 1449) and is perfect for use in Perl applications.
Encryption can be a challenge for Perl developers. The Alliance AES Encryption libraries for Linux and Unix platform provide the Perl developer a way to incorporate NIST-certified AES encryption into their Perl applications.
Perl Encryption Key Retrieval
Any application that can create a secure and authenticated TLS connection to the Alliance Key Manager can request and receive encryption keys for use in their applications. Perl directly supports TLS communications and can retrieve keys from AKM. You can store the client side certificate and private key files on your local system and reference them in your Perl application, make the TLS connection, format the key retrieval request, and retrieve an encryption key for use in your applications. A technical HOWTO document provides sample code that you can use as a starting point in your applications.
Wire Protocol Eliminates Software Libraries
The interface to the Alliance Key Manager is a “wire” protocol. This means that there is no client side software required for key retrieval. You will not need to write wrapper code around shared libraries, or use similar techniques for key retrieval. The Perl language has all of the required features needed to retrieve keys. This also means that you will not have complex package update requirements for your Linux or Unix operating environment.
Documentation and Sample Code
The Alliance Key Manager product CD contains documentation on the use of the Alliance Key Manager from Perl and sample application code that you can use to get started.
Encryption Key Management APIs
Most Enterprise customers use the Linux security administrator’s command line application, or the Alliance Windows key management application, to create and manage encryption keys on the Alliance Key Manager appliance. However there are certain applications that need to perform key management functions under program control. Through the Linux command line console application, Alliance Key Manager provides commands to enable all of the normal encryption key management functions including creating encryption keys, rotating keys, revoking keys, and so forth. More than 80 commands are provided for every aspect of key management. You can create your own Perl interfaces to the command line application to manage keys.
AES Encryption Libraries
Townsend Security provides NIST-certified AES encryption libraries on a wide variety of platforms including Linux and Unix. On Linux and UNIX systems the software is delivered as a shared library in the package format appropriate for the OS. You can use DynaLoader or P5NCI from CPAN to access the encryption APIs. These AES libraries are NIST certified through the AES Validation program, and interoperate with Townsend AES libraries on a variety of other platforms including Linux, Unix, IBM i (AS/400, iSeries), and IBM System z Mainframe platforms. You can encrypt on one platform and decrypt on a different platform without exposing the data during transport.
Tokenization for Perl Developers
Tokenization is an alternative data protection method that preserves the format of the original data. The Townsend Alliance Token Manager solution provides tokenization services to Perl applications and applications on all over major operating systems.
