SAKA is a Jakarta Enterprise Edition 10 application encapsulated within an appliance, and provides secure web services to perform many different kinds of cryptographic functions. It consists of the following components:

• A Jakarta EE 10 application server that hosts multiple web service applications

• A relational database that stores ciphertext along with metadata about the ciphertext

• A cryptographic TPM or HSM that performs cryptographic functions

• A replication architecture that automatically replicates all transactions to every SAKA node defined within a cluster

• A Lightweight Directory Access Protocol (LDAP) server for authenticating and authorizing requesters of web services. In the event a site already has an LDAP directory server—such as Active Directory—SAKA can authenticate requesters against this directory server

• A FIDO-enabled web application that enables end-users to encrypt/decrypt files while storing cryptographic keys in the KA module of SAKA

Versions of underlying components supported by SAKA in the current release are shown here:

In the current release, SAKA supports the cryptographic algorithms and sizes shown below. StrongKey has chosen to restrict the algorithms and key sizes to the the strongest available. As guidelines from PCI and/or NIST evolve, so will SAKA to support the recommended algorithms and key sizes.