nCipher Security HSMs help secure Tunisia’s digital infrastructure


In 2015, the Tunisian government launched Digital Tunisia 2020, a plan designed to boost the nation’s digital economy by enriching online government services and electronic commerce. Fundamental to the success of the initiative was establishing Tunisia’s citizens’ trust and confidence in the public and private online services and electronic transactions. The National Digital Certification Agency (NDCA), representing the nation’s highest level of trust for electronic transactions, embarked on the cornerstone project of Digital Tunisia 2020 to re-engineer the national public key infrastructure (PKI), that underpins the security of digital transactions.

To succeed, the project would need a smooth and rapid transition from the existing PKI while also providing enhanced trust services once implemented. Additionally, the PKI would need to comply with new stringent regulations for digital certification.


Modernizing Tunisia’s government PKI would require installing up-to-date, best available hardware and software to improve availability, reliability, and quality of services. To protect the root keys used in the PKI, the NDCA knew they needed a hardwarebased solution, as processing sensitive information in softwareonly solutions exposes it to risk.

NDCA selects PrimeKey + nCipher

For optimum function and security, the NDCA chose a solution that combined two crucial components: A new PKI from PrimeKey, and hardware security modules (HSMs) from nCipher. nCipher nShield HSMs would provide security for the PKI by hosting and protecting the private keys of the Certification Authorities (CAs) during the highly sensitive transactions.

The NDCA used two models of nShield HSMs to secure the PKI and protect transactions including the following:

  • Authenticating electronic identities of citizens carrying out e-commerce transactions as well as businesses carrying out B2B and B2G transactions
  • Securing online transactions including online tax payments and returns, electronic submission of customs and foreign trade declarations, electronic invoices, and e-banking services
  • Validating companies responding to government Requests for Proposals using Tunisia’s on-line e-procurement system, TunEPS
  • Creating signatures and authenticating information, such as biometric data and other personal identifying information (PII), stored on chips in documents including e-passports and eID cards

The nShield Edge, nCipher’s USB-connected HSM, is used to generate and manage keys for the offline root CAs. The nShield Connect, nCipher’s network-attached HSM, performs a variety of services such as:

  • Supporting Online Certificate Status Protocol (OCSP) transactions to obtain certificate revocation status
  • Securing keys and transactions using those keys on the government signing server, which issues and signs certificates for biometric and electronic information stored in passport and eID chips.

The NDCA installed their nShield HSMs in two datacenters, one for production and the second for back- up and disaster recovery.

In addition to providing HSMs and integration support, nCipher also delivered training to NDCA’s technical team on how to take full advantange of their nShield HSMs.

Proactive Collaboration

nCipher took the initiative to work directly with PrimeKey and provided them the assets and support they needed to design and test their solution. This direct and proactive collaboration helped the project run smoothly and resulted in an optimally integrated solution.


ncipher republic of tunisia cs image

nCipher HSMs

nCipher nShield HSMs provide a tamper-resistant environment for secure cryptographic processing and key management. nShield HSMs are FIPS 140-2 Level 2 and 3, Common Criteria certified and eIDAS compliant, and meet established and emerging security standards for cryptographic systems while staying highly efficient.

nShield HSMs isolate and protect cryptographic operations and keys for organizations’ most critical applications, and perform encryption, digital signing, and key management for an extensive range of applications including PKIs, SSL/TLS, and code signing. nShield HSMs provide high-assurance solutions, and superior protection over software-only cryptography. nShield HSMs support all leading algorithms and feature world-class transaction rate performance.

With nCipher HSMs and their unique Security World architecture, you buy only the capacity you need and easily scale your solution as your needs evolve.

Key nCipher Solution Benefits

  • Protect cryptographic keys and operations within tamper-resistant hardware to significantly enhance security over software-only solutions
  • Trust your certified solution – nCipher nShield HSMs are certified to stringent standards including FIPS and Common Criteria, and are compliant to eIDAS standards.
  • Maintain control over your keys and build HSM estates that scale with your evolving needs with nCipher’s unique Security World architecture.


nShield HSMs are FIPS 140-2 Level 2 and 3 and Common Criteria certified and eIDAS compliant

nCipher nShield HSMs meets the stringent FIPS, Common Criteria, and eIDAS standards required for the project. nCipher has earned Common Criteria EAL4+ certification for nShield Solo and Connect HSMs through the Italian certification agency, OCSI. Under the 1999/93 EU Directive, this certification grants SSCD (Secure Signature Creation Devices) status to nShield HSMs. This certification also provides compliance with the eIDAS 2014 Regulation.

nCipher nShield HSMs, an NCDA-proven solution

nCipher had previously delivered nShield HSMS to the NDCA that had proven successful. Because nCipher had delivered quality solutions and had been responsive to the agency’s needs, the NDCA didn’t hesitate to select nCipher in the highly competitive bid to secure the nation’s new PKI.


Today’s fast moving digital environment enhances customer satisfaction, gives competitive advantage and improves operational efficiency. It also multiplies the security risks. nCipher Security empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.

Our cryptographic solutions secure emerging technologies – cloud, IoT, blockchain, digital payments – and help meet new compliance mandates, using the same proven technology that global organizations depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure. We deliver trust for your business critical applications, ensuring the integrity of your data and putting you in complete control – today, tomorrow, at all times.

To find out more how nCipher Security can deliver trust, integrity and control to your business critical information and applications, visit