Livoa LogoLivoa
1. Client Layer
Client Applications
KMS Services
Certificate-Manager Service


• Manages Certificate Lifecycle

• CAdES Signing/Verification

• Timestamp/OCSP Handling

Key-Manager Service


• Manages Key Lifecycle

• Orchestrates Cryptographic Operations

Crypto-Provider-BC


• Software Provider

• BouncyCastle Library

Crypto-Provider-PKCS11


• Hardware Provider

• PKCS#11 Library

3. Data Layer
PostgreSQL


Certificate-Manager DB


CA Certificates


Certificates


Certificate Template
PostgreSQL


Key-Manager DB


Providers Config


Clusters Config


Keyrings Config


Key Metadata
PostgreSQL


Crypto-BC DB


Encrypted Keys


Key Storage
Hardware Security Module


==============

• Key Storage

• Crypto Operations

Hardware Device
Cache Layer
Redis Cache


PKCS#11/BC Cache


Wrapped Session Keys
2. Application/Service Layer
4. Hardware Security Module (HSM) and Cache Layer
Hardware Security Module (HSM)


• Key Storage

• Crypto Operations

1
2
3
4
5
6
7

cyshield

by nariman

0
0 uses