Go To Content Go To Menu


MTG Enterprise Key Management System

The MTG Enterprise Key Management System (MTG KMS) offers state-of-the-art secure storage, operations and lifecycle management for all cryptographic keys within an organization.


Cryptographic keys are the cornerstone of almost all security applications and protection mechanisms. It is essential that they are protected and used with the outmost care, so that all the infrastructures, services and business critical applications remain secure. The MTG KMS enables different applications in a company to access a remote, central security system that can perform all necessary crypto operations.

MTG Enterprise Key Management System Architecture

MTG Enterprise Key Management System Architecture (© MTG)

The MTG KMS  architecture is part of the overall MTG ERS® system. This means that the system can be expanded with further important security components whenever required. This includes the  MTG Certificate Lifecycle Manager, MTG Certificate Authority and the appropriate  Hardware Security Module.

The targeted solutions which are based on KMS (e.g., BYOK, Code & Document Signing, Time Stamping, etc.) can be optimally accessed and managed via standard APIs (KMIP, PKCS#11, REST). The MTG KMS includes a specific Java SDK that provides a simple, user-friendly Java interface for easy client integrations. MTG-specific services and adapters are available for specific use cases, like IoT, Secure Boot or Smart Metering for example. 


MTG KMS manages the complete Key Management Lifecycle

MTG KMS verwaltet den gesamten Key Management Lifecycle

Key Management Lifecycle (© MTG AG)

Security at Rest

Secure Key Storage

Central key storage is essential to keep control of all keys in a well-protected location. This prevents keys from being distributed nontransparent across the entire company.

  • Support for multiple on-premise and cloud Hardware Security Modules (HSM)

    • Utimaco

    • Entrust (nShield)

    • Thales (Luna)

  • Support for database-stored, HSM-encrypted keys for better performance
  • Support for key import and export through various formats
  • Secure Key Generation for all modern cryptographic algorithms
  • Support for Post-Quantum Cryptography

Secure Key Operations

  • Support for all KMIP 2.x and PKCS11 operations
  • Generic Cryptographic REST API that enables both simple and advanced cryptographic operations
  • Symmetric & Asymmetric encryption
  • Digital Signatures
  • Hashing
  • Random Number Generation

Key Lifecycle Management

  • Support for Key Expiration Dates
  • Support for multiple business domains
  • Secure Key Archival & Destruction
  • Strict cryptographic policy enforcement about allowed algorithms and parameters for different use cases
  • Enterprise Roles & Rights System

Key Management
Interoperability Protocol

The OASIS Standard Key Management Interoperability Protocol (KMIP)  was developed as an interoperable protocol that defines the standard communication between key management servers and clients.

MTG KMS already supports all cryptographic functions from the KMIP standard

MTG KMS already supports all cryptographic functions from the KMIP standard (© MTG AG)

KMIP specifies all management operations for objects (e.g., digital certificates, private keys) stored and managed by a cryptographic key management system. The KMIP standard includes operations for symmetric and asymmetric cryptographic keys,  digital certificates and templates that simplify the creation and control the usage of objects.

Scope KMIP Operations

KMIP has already been implemented by leading companies (e.g. Dell, HP, IBM, Oracle, SafeNet) and is specifically supported in the Internet of Things (IoT). The KMS services (microservices) and adapters from MTG that are plugged in above the KMIP interface simplify the connection of the applications even further.

Downloads & Links

What can we do for you?

For further information feel free to contact us!

Lädt …