Create a cryptographic module
-
- UpdatedAug 1, 2024
- 2 minutes to read
- Xanadu
- Now Platform Security
Create a cryptographic module to define the mechanisms used for cryptographic operations. After you create the module, you create a cryptographic specification, where you define an algorithm for encryption and generates a key.
Before you begin
If you're supplying your own keys, go to Configure and upload your customer supplied key.
Role required: sn_kmf.cryptographic_manager
About this task
This procedure describes options that are available with KMF in the ServiceNow platform base system. Column Level Encryption Enterprise functionality is available only when the com.glide.now.platform.encryption plugin is active. See Activate Column Level Encryption Enterprise for more information on obtaining Column Level Encryption Enterprise. See Create cryptographic module for Column Level Encryption.
Procedure
What to do next
Related Content
- Cryptographic module overview
Cryptographic modules are the centerpiece of (KMF). They define the specific cryptographic mechanisms used for cryptographic operations for a given use case.
- Module access policy overview
Module access policies (MAPs) are access controls that you apply to your cryptographic modules. Use these access policies to decide which users and scripts can access data encrypted by a cryptographic module.
- Instance level keys in the Key Management Framework
The Key Management Framework (KMF) architecture introduces a key structure built with security in mind. Using a Hardware Security Module (HSM), KMF uses envelope encryption to ensure that all platform keys under KMF management are protected through a chain of keys. Customer Data Encryption Keys (CDEKs) created by KMF are also included.
- Cryptographic specification
The Cryptographic specification is the component that defines aspects of your cryptographic module, including its cryptographic purpose and which encryption algorithm to use.
- Key Management Framework key lifecycle states
KMF supports several cryptographic key lifecycle states through the enforcement of specific allowable actions. For example, only keys that are in the active state can be used fully for their intended cryptographic purpose. The following table provides further detail on the varying key lifecycle states.
- Roles installed with Key Management Framework
The Key Management Framework (KMF) introduces specific roles for cryptographic module and key management-related configurations.
- Configure field encryption settings to select key type
Configure your field encryption settings to use ServiceNow supplied keys or your own customer-supplied keys (CSK) for encryption on the ServiceNow AI Platform.
- Create a module access policy
Create module access policies to decide which users and scripts can access data encrypted by a cryptographic module.
- Module access policy visualization
Use module access policy visualization to view all relevant cryptographic module information on a single UI page.
- Module access policy debugger
Use the module access policy debugger to review logging information and understand why your users are or aren’t granted access to an encryption context.
- Create a cryptographic module life-cycle policy
Create a cryptographic module life-cycle policy to place limits on cryptographic modules, such as how long the key is good for. Create policies to safeguard cryptographic modules by limiting their exposure.