Instant Key Management Servers

Professional key management
with ultimate hardware security 

Ultimate cloud security


We have turned a world-leading PKI system into a product that you can launch and get it all setup and ready for the first certificate without any hassle.


Secure and Trusted

Enigma Bridge provides physical security for your private keys. The protection is provided with FIPS140-2 Level 3 certified hardware that makes your keys untouchable.

Driven by your policies

Complete Control

EB PKI gives you a complete control for your key management. From the number of CAs and sub-CAs to certificate profiles.

PKI Key Security

The keys used by the PKI system are only available in secure hardware. They neither leave it nor get stored on disk or memory.

Access Control

Dynamic user authentication with strong encryption via HTTPS security or PKI’s virtual private network

Operation Audit

Logs of PKI private keys are available for audit and inspection. 

KeyChest expiry monitoring

Auto-discovery for 100% HTTPS uptime 

KeyChest is a scalable and easy to use service helping you achieve 100% HTTPS/TLS uptime. We keep deploying certificate-based servers and it is easy to lose track of those we can’t see on a daily basis. The hard thing about monitoring is the setup – adding all we need to monitor before incidents impacting our business. does this for you. It automatically discovers new servers as they are created and shows them in your monitoring dashboard.

Start Now at

Start Your certification authority in
18 Minutes and 39 Seconds

EB PKI is designed for internal public key management and you can start issuing your own certificates within 20 minutes. Fast, cost efficient, and secure PKI system for everyone.

Certificates are signed by secure hardware to ensure high-level of security while you get all the benefits of the cloud.

Enigma Bridge brings you a fully featured and simple PKI system with a certification authority and an OCSP responder supported with FIPS140-2 Level 3 hardware-protected keys. Includes an out-of-the-box HTTPS with a browser trusted certificate.

7 Day Free Trial on Amazon AWS

7 day free trial on Amazon AWS.

We recommend the "t2.small” AWS EC2 instance or larger.

Do you need help with Amazon AWS setup? See instructions in our support system.


Agile (cloud only)

  • Full-featured PKI system

  • FIPS 140-2 protection of keys

  • Dynamic domain name

  • Low OCSP load*

  • Operation Support

  • £199 / month

All prices are exclusive of VAT.

* we guarentee only up to 100,000 OCSP verifications in 24 hours.


  • Full-featured PKI system

  • FIPS 140-2 protection of keys

  • Dynamic domain name

  • Real-time certificate validation (OCSP) 

  • Solution support

  • Common Criteria EAL4+ for PKI

  • Enterprise Management

  • Pricing upon request 

Superior Security - on-premise and in the cloud

The main threat to key management systems is loss or compromise of management keys.

You significantly limit your exposure to this threat if you use secure hardware providing secure environment with strong physical security.

You can decide whether the security appliance is in your datacenter, or in a cloud. Our systems ensure that your keys are always protected.

Specialised security hardware is far superior to software solutions from the security point of view. The downside is the cost - capital as well as operational.

The Enigma Bridge technology solves the cost problem of key management, including its scaling. The service is multi-tenancy while still physically separating user secrets. It features a native web service API and an enrolment process that can be fully automated.

"Enigma Bridge has developed an innovative capability providing powerful, resilient, scalable and comprehensive cryptographic functionality."

Steve Marshall
Former Head of Security Architecture at Barclaycard 

Technical Features

The key management system is powered Enigma Bridge hardware encryption platform and the EJBCA PKI application from PrimeKey (an enterprise PKI system).

  • Certificate Authority – an X.509 certificate authority supporting a wide range of protocols including X.509, PKIX (RFC5280), SCEP, or CMP (RFC4210 and RFC4211).

  • Registration Authority – a front-end for manual approvals of certificate requests.

  • OCSP Responder – on-line certificate validation according to RFC2560, RFC6960 and RFC5019.

  • Physical security of PKI keys – keys for issuing certificates are protected with secure hardware with FIPS140-2 Level 3 and Common Criteria EAL4+ or EAL5 certifications.

  • Domain Name with HTTPS – out-of-the-box HTTPS to your new PKI system with DNS records instantly and securely updated each time you restart the EC2 instance.

For a full of the features of EJBCA PKI application, please visit the PrimeKey website.

Hardware Security Pros and Costs

Easiest way to demonstrate security

Everyone trusts their own software applications because, well - they are ours and we “know” we got them right. The issue is how to make others trust our applications, especially if the sole purpose of those applications is to protect data.

Security validations and how to conduct them is one of the problems with no simple solution. Secure hardware has been the main answer for more than 20 years.

Understand Security Evaluations

While there is no perfect solution for verifying security, the best current benchmark is an independent validation of the quality of a cryptographic product or application. There are currently two main standards suitable for validation of critical key management functions.


Cryptographic Product Security Standard

Federal Information Processing Standard (FIPS) 140-2 - implemented by National Instituted of Standards and Technology (NIST), a US government agency, to validate security of cryptographic products.

A successful validation results in compliance with:
Level 1 - lowest level of security
Level 2 - shows evidence of tampering (hosting provider detects)
Level 3 - responds to attempts at physical access (users detect)
Level 4 - highest level of security

Common Criteria (CC)

Computer Security Certification Standard

An international standard, where compliance is demonstrated by national authorities in Canada, US, UK, Germany, and Spain

A successful validation results in an assurance level (EAL):
EAL1, EAL2 - functionally tested, structurally tested
EAL3 - methodically tested and checked
EAL4 - methodically designed, tested, and reviewed
EAL5 - semiformally designed and tested
EAL6 - semiformally verified designed and tested
EAL7 - formally verified designed and tested

Enigma Bridge cloud platform is built with secure hardware processors with evaluations of FIPS140-2 Level 3+ and Common Criterial EAL5+

Cyber criminals can tell how you manage your keys

HTTPS/TLS protocol used by all secure websites points at vulnerabilities. It leaks sensitive information about cyber security management and can help hackers or government agencies extract sensitive data.

Until now, it has been widely believed that use of HTTPS:// on web sites does not provide any sensitive information that would endanger the security of the web service. No one expected that it could leak internal information about security management.

I am puzzled why people are not all over this - enormous implications. I discussed it in my organization yesterday.

Daniel Bilar - Information Security Specialist at VISA

This work on fingerprinting the software that generated RSA keys (from public keys!) is a must read.

Co-founder of CBX Group, co-founder of TrueCrypt audit project.

Our co-founder, Petr Svenda, published research results of his team's discovery that SSL public keys leak information on how they were generated  at USENIX Security Symposium and it received the best paper award. Their suprising results imply that freely available public encryption keys can put companies at risk. This public information provides details on their cybersecurity management, which to date has been considered a safe secret.

"It's striking that despite 30 odd years of cryptographic research and security conferences, no-one noticed this problem  – which has been in plain sight all along."

Ross Anderson, professor of security engineering
at the University of Cambridge 

Contact Enigma Bridge

Contact Us

Support system

Follow Us


Small Print

Terms of usePrivacy