View mode Auto Dark Light

Why use the Cosmian KMS

The Cosmian KMS is a high-performance, open-source, FIPS 140-3 compliant server application written in Rust that presents some unique features, such as:

• the ability to confidentially run in a public cloud — or any zero-trust environment — using Cosmian VM. See our cloud-ready confidential KMS on the Azure, GCP, and AWS marketplaces and our deployment guide
• support of state-of-the-art authentication mechanisms (see authentication)
• out-of-the-box support of Google Workspace Client Side Encryption (CSE)
• out-of-the-box support of Microsoft Double Key Encryption (DKE)
• support for HSMs (trustway Proteccio, Utimaco general purpose) with KMS keys wrapped by the HSM
• Veracrypt and LUKS disk encryption support
• FIPS 140-3 mode gated behind the feature fips
• a JSON KMIP 2.1 compliant interface
• a full-featured client command line and graphical interface
• a high-availability mode with simple horizontal scaling
• a support of Python, Javascript, Dart, Rust, C/C++, and Java clients (see the cloudproof libraries on Cosmian Github)
• integrated with OpenTelemetry

The Cosmian KMS is a Key Management System, an Encryption Oracle and a Public Key Infrastructure.

• As a key management system, it is designed to manage the lifecycle of keys and provide services such as on-the-fly key generation and revocation, including in connected HSMs.
• As en encryption oracle, it provides high-availability, high-scalability, encryption, and decryption operations. This is the Cosmian KMS strong point, offering millions of operations in seconds while providing high security for keys when backed by an HSM.
• As a PKI it can manage root and intermediate certificates, sign and verify certificates, use their public keys to encrypt and decrypt data. Certificates can be exported under various formats including PKCS#12 modern and legacy flavor, to be used in various applications, such as in S/MIME encrypted emails.

The Cosmian KMS supports all the standard NIST cryptographic algorithms as well as advanced post-quantum cryptography algorithms such as Covercrypt. Please refer to the list of supported algorithms.

Easy to deploy

The Cosmian KMS is packaged as:

• Debian or RPM package
• Docker image and FIPS image
• Pre-built binaries for multiple operating systems (Linux, Windows, MacOS)

Client CLI

The Cosmian KMS has an easy-to-use client command line interface built for many operating systems. The Cosmian CLI can manage the server, and the keys and perform operations such as encryption or decryption.

The Cosmian CLI is packaged as:

• Debian or RPM package
• Pre-built binaries for multiple operating systems (Linux, Windows, MacOS)

Note: ckms has been replaced by Cosmian CLI to manage other Cosmian products.