Crypto API

Predominant token scope: any. You do not have to specify a scope. The grant is automatically available when you specify any valid scope, such as agent, certificate, or ssh.

The Crypto interface provides limited access to the cryptography configuration.

Trust Protection Foundation installs with two encryption keys, the default CyberArk Trust Protection Foundation - Self-Hosted software encryption key, which is an AES-256 bit symmetric key generated using the Windows Data Protection API, and the Null key which is the equivalent of no encryption. You can add additional encryption keys from the CyberArk Configuration Console, including those accessible from PKCS#11-compatible hardware security modules (HSMs).