There are two different security levels of our KMF systems. The highest security level is attained by using a separate hardware, a secure device (SA8), for the cryptographic operations. The other system is using a software solution called SMK (Software Master Key) for the cryptographic operations. To fulfil the security requirements of today, all new systems are delivered with the hardware solution. Both the hardware and software solutions are working with the DES algorithm with double length keys.

Typically, the KMF system can be described as an application used for preparing keys, either by entering the component values from the keyboard, by randomize them or by reading them from file. In the security module, the key components are put together to a final key, which is encrypted whit a key encryption key of the security module and stored on a key database. Finally, the keys can be exported to other systems in the desired format, encrypted with an appropriate transport key.

We have implemented two different methods for reporting what the KMF system has fulfilled. The most advanced alternative is the log database that keeps track of every important event in the system. The other alternative is a separate journal file that is created for each program execution and can be printed at the program termination. Of course, both types of reporting methods hold the information about which keys that have been prepared and exported.