nShield Edge

Powerful for a Purpose

Perfect for offline key generation and development / Bring Your Own Key (BYOK) environments, with complete algorithm and API support.

Highly Portable

Small, lightweight design and convenient USB interface supports a variety of host platforms, including portable devices.

Cost Effective

Your entry-point into HSMs, this economical device lets you scale your environment with other nShield models.

Details

Tech Specs

Certifications

nShield Edge USB HSMs are certified to FIPS 140-2 Level 2 and Level 3.

Safety and Environmental Standards Compliance

UL, CE, FCC, RCM, Canada ICES
RoHS2, WEEE

Supported APIs

PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG

Supported Cryptographic Algorithms

Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH, Edwards (X25519, Ed25519ph)
Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES
Hash/message digest: SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160
Full Suite B implementation with fully licensed ECC, including Brainpool and custom curves
Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs
Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11 and nCore APIs

nShield HSMs offers the majority of these cryptographic algorithms as part of the standard feature set. For organizations wishing to use ECC or South Korean algorithms, optional activation licenses are needed.

Operating Systems

Windows and Linux operating systems including distributions from RedHat and SUSE.

Options and Accessories

CipherTools Developer Toolkit

The CipherTools Developer Toolkit is a set of tutorials, reference documentation, sample programs and additional libraries. With this toolkit which is included with our standard nShield Security World Software, developers can take full advantage of the advanced integration capabilities of nShield HSMs. In addition to offering support for standard APIs, the toolkit enables you to run custom applications with nShield HSMs.

Elliptic Curve Cryptography (ECC) Activation

The ECC activation license enables EC-DH, EC-DSA and EC-MQV to be used on an nShield HSMs.

KCDSA Activation

With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED and ARIA algorithms on an nShield HSMs.

FIPS Certification Options

The nShield Edge is available in FIPS 140-2 Level 2 and Level 3 variants. A non-FIPS developer edition is also offered.

Related Resources

Cloud Integration Option Pack Datasheet

The nShield Security World Architecture

Entrust nShield HSM FIPS 140-2 and Common Criteria Security Certifications

Key Isolation for Enterprises and Managed Service Providers

nShield Monitor Datasheet

Web Services Option Pack Datasheet

nShield Connect hardware security module

nShield Connect HSMs

Networked appliances that deliver cryptographic key services to applications distributed across servers and virtual machines.

nShield Solo HSM

PCI-Express card-based HSMs that deliver cryptographic key services to applications hosted on individual servers and appliances.

Square

We have a long history together and we’re extremely comfortable continuing to rely on Entrust solutions for the core of our business. We have used Entrust HSMs for five years and they have always been exceptionally reliable. We’ve layered a lot of code on top of the HSM; it delivers the performance we need and has proven to be a rock-solid foundation.

Neal Harris, Security Engineering Manager, Square, Inc

VIEW CASE STUDY

Verifone

As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected Entrust HSMs to provide robust security, unmatched performance, and superior scalability across our payment security platforms…

Joe Majka, Chief Security Officer, Verifone

VIEW CASE STUDY

Memjet

The Entrust nShield sales team provided excellent local and remote support during this evaluation period and was invaluable to the process. The excellent depth, breadth, and quality of the product documentation gave us confidence that the solution was well though-out and supported.

Robert Fairlie-Cuninghame, QAI Technical Lead/Architect, Memjet

VIEW CASE STUDY

Polycom

Entrust provided the expertise needed to design and implement a tailored, secure VoIP solution.

Marek Dutkiewicz, Polycom

VIEW CASE STUDY

Brochure

nShield Family Brochure

LEARN MORE

Whitepaper

Security World Architecture

LEARN MORE

Digital Certificates

Digital Certificates

Standard OV TLS/SSL

Advantage OV TLS/SSL

Multi-Domain OV TLS/SSL

Multi-Domain EV TLS/SSL

Wildcard OV TLS/SSL

Private TLS/SSL

Qualified Electronic Seal Certificates

QWAC eIDAS Certificates

QWAC PSD2 Certificates

Platinum Services

Entrust Certificate Services

Subscription Plan

Buy Certificates

Renew Certificates

Knowledge Base and Support

Digital Signing

Digital Signing

Signing Automation Service

Remote Signing Service

Document Signing Certificates

Secure Email Certificates

Device Certificates

OV Code Signing Certificates

TrustedX eIDAS

TrustedX Electronic Signatures

Entrust Timestamping Authority

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Certificate Hub

Security Manager

Entelligence Security Provider

Epassport

Validation Authority

Key Recovery Server

Entrust Managed PKI

PKI as a Service

Cryptography as a Service

Managed Microsoft PKI

Managed Offline Root Certificate Authority

Cryptographic Center of Excellence

Internet of Things (IoT) Security

Mobile Device Management BYOD

Products

Identity as a Service

Identity Enterprise

Identity Essentials

Solutions

PIV

Physical / Logical Access

Safeguarding Your VPN

Privileged Users

Workstation Login

Security and Access for Contractors

Zero Trust

Consumer Banking

Customer Portals

Digital Citizen

Digital Onboarding

Consumer Identity and Access Management (CIAM)

Data Breach

Improve User Experience

Support Diverse User Groups

Streamline IT

Transaction Verification

Portfolio Capabilities

ID Proofing

Device Reputation

Secure Device Provisioning

Password Reset

Credential Issuance

Authenticators

Mobile Authentication

Multi-Factor Authentication MFA

Passwordless Login

Adaptive Authentication

Single Sign-On

APIs / SDKs

Fraud Detection