RNTrust Empowers Innovation Through Interdata Middle East Acquisition

What is orca?

ORCA solves the common challenges of the Offline Root CA: the Hardware, the Software, the HSM, the Backup storage and the Integration of those four elements. 

With ORCA you don’t have to spend valuable time integrating bits and bytes in a functional solution. RNTrust has built ORCA as an off-the-shelf turnkey solution. 

ORCA runs on a state-of-the-art Mini PC with Intel Atom x5-Z8500 1.44Ghz CPU Quad Cores Quad Threads (up to 2.24Ghz), 4GB RAM and 64 GB SSD storage. 

ORCA uses an OpenSSL based CA on top of a hardened SuSE Linux with encrypted file system and stores its status in a SQLite database. 

ORCA supports all the standards including:

  • RSA, DSA and EC private keys.
  • All x509v3 extensions.
  • PKCS#1 unencrypted RSA key storage format.
  • PKCS#7 Collection of public certificates.
  • PKCS#8 Encrypted private key format for RSA DSA EC keys.
  • PKCS#10 Certificate signing request.
  • PKCS#11 Security token / Smart card / HSM access.
  • PKCS#12 Certificate, Private key and probably a CA chain.

To ensure strong protection of the private keys, ORCA uses an nShield Edge hardware security module.

WHY CHOOSE orca appliance?

No Extra Time 

Ready Built 

Dedicated Hardware

Mini PC
Intel Atom
x5-Z8500, 4GB RAM and 64 GB SSD 

HSM Integrated 

nShield Edge

Maximum Security 

AES-XTS 256-bit hardware-encrypted flash drive 

No Surprises 

Out of the Box
Fully Tested and Controlled Solution 


The nShield Edge hardware security module (HSM) is a full-featured, portable USB HSM designed for low-volume transaction environments. It’s capable of encryption and key protection and is ideally suited for off-line key generation for certificate authorities (CAs). 


  • Certifications: nShield Edge USB HSMs are certified to FIPS 140-2 Level 2 and Level 3.
  • Supported APIs: PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG.


  • Asymmetric public key algorithms: RSA, Diffie-Hellman, ECMQV, DSA, KCDSA, ECDSA, ECDH, Edwards (X25519, Ed25519ph).
  • Symmetric algorithms: AES, AES-GCM, ARIA, Camellia, CAST, RIPEMD160 HMAC, SEED, Triple DES.
  • Hash/message digest: SHA-1,
  • SHA-2 (224, 256, 384, 512 bit),
  • HAS-160
  • Full Suite B implementation with fully licensed ECC, including Brainpool and custom curves.
  • Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs.
  • Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11 and nCore APIs.

All ORCA components comply with the following safety and Environmental Standards: 

CRM form will load here


Whether it's for assistance, or inquiries. We will do our best to provide you with an answer promptly.​

RNTrust headquarter is located in Dubai, UAE, and has global offices in Abu Dhabi, Bangalore, Belgrade, Boston, California, Italy, Paris, Riyadh and Zagreb. 

(Head Quarter)

  • Address: 1905, 19th floor, Tower A, Business Central Towers, Dubai Media City, Dubai, UAE, PO Box 503012

request a demo
request rfp - pki
request datasheet


©2024 RNTrust. All rights Reserved