When you apply for a Digital Signature Certificate, (i.e. when you generate your 'Certificate Request'), a unique cryptographic key pair is generated. This key pair, along with your certificate, forms the basis of your digital identity and allows you to digitally sign and encrypt information.

Given the criticality of these cryptographic keys, it is extremely important to store them in a secure location that can be accessed only by you. Controller of Certifying Authorities vide order no CCA/DC(T)/2013 -98 (pt.) dated 25th October 2013 has made it mandatory that no Class 2 or Class 3 DSCs are issued where the key pair is not generated on a FIPS 140-1/2 Level 2 validated hardware Cryptographic Token.

Kyrah Tech promotes the usage of the following tokens:

  • ePass 3003
  • ePass 2003 Auto
ePass2003 is the world's foremost cryptographic identity verification module. ePass by FEITIAN provides a host of indispensable protective measures for digital communication and transaction. As a two factor authentication solution ePass2003 can secure local and remote desktop and network log-on. Key cryptography and the digital signing of emails, documents, and transactions are performed onboard in the secure token framework which is impervious to after-market modification and manipulation.
Supported Operating System 32bit and 64bit Windows XP SP3, Server2003 , Vista, Server2008, 7
32bit and 64bit Linux
Middleware Microsoft Windows MiniDriver
Windows middleware for Windows CSP
Direct-called library for PKCS#11 under Windows, Linux and MAC
Standards X.509 v3 Certificate Storage, SSL v3, IPSec, ISO 7816 1-4 8 9 12, CCID
Cryptographic Algorithms RSA 512/1024/RSA 2048 bit
ECDSA 192/256 bit
AES 128/192/256 bit
SHA-1 / SHA-256
Cryptographic Functions Onboard key pair generation
Onboard digital signature and verification
Onboard data encryption and decryption
Cryptographic APIs Microsoft Crypto API (CAPI), Cryptography API: Next Generation (CNG)
Microsoft Smart Card MiniDriver
Processor 16 bit smart card chip (Common Criteria EAL 5+ certified)
Memory Space 64KB (EEPROM)
Endurance At least 500,000 write/erase cycles
Data Retention More than 10 years
Connectivity USB 2.0 full speed, Connector type A
Interface ISO 7816
Power Consumption Less than 250mW
Operating Temperature 0°C ~ 70°C
(32°F ~ 158°F)
Storage Temperature -20°C ~ 85°C
(-4°F ~ 185°F)
Humidity 0% ~ 100% without condensation
Water Resistance IPX8 with glue injection (under evaluation)
Built-in high-performance secure smart card chip
  • Smart card chip certified by Common Criteria EAL 5+
  • On board RSA, AES, DES/3DES, SHA-1, SHA-256 algorithms approved by NIST FIPS CAVP
  • Hardware random number generator
  • 64KB EEPROM memory to store private keys, multiple certificates and sensitive data
FEITIAN Card Operating System with proprietary IP
  • Design according to FIPS 140-2 level 3 standard, FIPS 140-2 level 2 certified
  • Secure messaging ensures confidentiality between the device and the application
  • Support X.509 v3 standard certificate. Support storing multiple certificate on one device
  • Onboard RSA2048 key pair generation, signature and encryption
  • 64 bit universal unique hardware serial number
Tamper evident hardware USB Token
  • USB full speed device
  • Compliant with ISO 7816 1-4 8 9 12, PC/SC and CCID device
  • Water resistant with glue injection (under evaluation)
  • Flexible hardware customization options such as logo, colour and casing
Reliable middleware supports multiple operating systems
  • Supports Windows, Linux and Mac OS
  • Compliant with Windows mini driver standard, work with Microsoft Base Smart Card CSP, supports Microsoft smart card enrollment for windows smart card user and smart card logon
  • Support PKCS #11 standard API, Microsoft CryptoAPI and Microsoft CryptoAPI : Next Generation (CNG)
  • Work with PKCS#11 & CSP compliant software like Netscape, Mozilla, Internet Explorer and Outlook
Easy integration with various PKI applications
  • Ideal device to carry digital certificates and works with all certificate related applications
  • Highly security ensured device for computer and network sign-on
  • Easy-to-use web authentication, Plug & Play under Windows systems
  • Support document, email and transaction signature and encryption
copyrigts © kyrah