Abstract: A system disclosed herein may receive, from an application associated with a client identification, a request to perform a cryptographic operation with a specified application key, identify a gateway associated with the client identification, identify a respective characteristic of each self-encrypting key management service of a plurality of self-encrypting key management services that correspond to the gateway, identify a self-encrypting key management service with a characteristic satisfying a threshold criterion, and send the request to the identified self-encrypting key management service.

Abstract: Authentication information at a first portion of encrypted data may be identified. A cryptographic key may be derived based on a combination of an identification of the first portion of the received encrypted data and a master key. Additional authentication information may be generated based on a combination of the derived cryptographic key and another portion of the received encrypted data. The encrypted data may be verified by comparing the authentication information at the first portion of the received encrypted data with the generated additional authentication information. In response to verifying the received encrypted data, a second cryptographic key may be derived based on a combination of an identification of the another portion of the encrypted data and the master key. The other portion of the received encrypted data may be decrypted by using the second cryptographic key.

Abstract: A request may be received from an application provided on a server associated with a self-encrypting key management application. The request may be to establish a connection between the self-encrypting key management application and the other application. In response to receiving the request, a hash value associated with the self-encrypting key management application and a digital signature associated with a processing device may be generated. A message may be provided based on the digital signature and the hash value to the other application. The connection may be established between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.

Abstract: A cryptographic key may be received or generated at a self-encrypting key management service application where the cryptographic key is received from another application provided on a server associated with the self-encrypting key management service application. The cryptographic key may be stored at a secure enclave corresponding to the self-encrypting key management service application. A request for a performance of a cryptographic operation associated with the cryptographic key may be received from the other application provided on the server. The cryptographic key at the secure enclave corresponding to the self-encrypting key management service application may be retrieved. The cryptographic operation may be performed with the cryptographic key to generate an output that is provided to the other application.

Abstract: Authentication information at a first portion of encrypted data may be identified. A cryptographic key may be derived based on a combination of an identification of the first portion of the received encrypted data and a master key. Additional authentication information may be generated based on a combination of the derived cryptographic key and another portion of the received encrypted data. The encrypted data may be verified by comparing the authentication information at the first portion of the received encrypted data with the generated additional authentication information. In response to verifying the received encrypted data, a second cryptographic key may be derived based on a combination of an identification of the another portion of the encrypted data and the master key. The other portion of the received encrypted data may be decrypted by using the second cryptographic key.

Abstract: A cryptographic key may be received or generated at a self-encrypting key management service application where the cryptographic key is received from another application provided on a server associated with the self-encrypting key management service application. The cryptographic key may be stored at a secure enclave corresponding to the self-encrypting key management service application. A request for a performance of a cryptographic operation associated with the cryptographic key may be received from the other application provided on the server. The cryptographic key at the secure enclave corresponding to the self-encrypting key management service application may be retrieved. The cryptographic operation may be performed with the cryptographic key to generate an output that is provided to the other application.