Data Security and Key Management - Thales e-Security

Datacryptor IP Network Encryption


Datacryptor IP Network Encryption (IPsec) Platforms

A proven, flexible way to secure high-value IP networks

FIPS 140-2    

Datacryptor IP (DCAP-IP) standalone network encryption products from Thales e-Security are proven, high assurance platforms for encrypting data in motion over IP networks. With Datacryptor IP, organizations can take full advantage of cost-effective public IP networks for voice, video, and data communications—and know their most sensitive information will be fully protected. Designed to meet the highest security standards, Datacryptor IP devices are delivered with the strongest commercially available encryption algorithms or government ciphers, incorporate sophisticated key lifecycle management techniques, and are certified to meet FIPS standards.

Datacryptor IP devices are full of features such as reverse tunneling and hot standby that will benefit your network. Offered in a choice of form factors and speeds, Datacryptor IP deploys easily and is field upgradeable, so your encryption solution can adapt as your requirements evolve. Datacryptor IP also provides maximum configuration flexibility, allowing you to set up security policies and security associations to suit your network architecture. Deploy Datacryptor IP to provide flexible and granular protection of inter-site communications or to protect an individual workstation or network segment. 


  • Proven, certified, and trusted to protect the world’s most sensitive networks.
  • Designed to meet the highest security standards for voice, video, and data communications (FIPS, UK CAPS, NATO).
  • Expands the organization’s ability to utilize cost-effective IP networks—even for sensitive traffic.
  • Reduces cost of ownership with remote management and configuration, minimal routine handling, and field upgradeability.

Datacryptor IP Network Encryption (IPsec) Products: Features

Security Features

  • A choice of commercially available, government, or custom algorithms makes Datacryptor IP ideal for many different types of organizations.
  • The ability to customize algorithms and software facilitates use by governments and others with highly specialized requirements.
  • Physical and logical separation of network administration and security responsibilities enforces policy and reduces opportunity for insider attacks.
  • Certificate-based key material makes it easier to manage keys and respond to changes in network topology. Flexible options make Datacryptor IP suitable for a broad range of requirements:
    • Install Datacryptor IP anywhere in the network, bringing protection as close to the source of information as security policy requires.
    • Choose between Tunnel and Transport modes to suite your application.
    • Configure security policies and security associations in a variety of ways to suit the architecture of your network.

Operational Features

  • A commercial, off-the-shelf (COTS) platform that can be customized as needed enables you to reduce cost and accelerator deployments.
  • Remote management capability -including re-key- reduces time, effort and cost of managing and configuring devices.
  • The ability to upgrade firmware, algorithms, and speed in the field helps organizations adapts more easily to evolving requirements.
  • Hot standby capability makes Datacryptor IP devices suitable for high availability environments.
  • A choice of form factors - a 19" rack-mounted version and a Small Form Factor version- provides maximum flexibility, especially in space-constrained environments.

Datacryptor IP Network Encryption (IPsec) Products: Options & Accessories


Datacryptor IP Models (Speed and Form Factor)

Datacryptor IP platforms are available in the following models:

  • Datacryptor AP IP 19” Rack Mountable 10 Mbps
  • Datacryptor AP IP 19” Rack Mountable 10/100 Mbps
  • Datacryptor AP IP Small Form Factor 10 Mbps
  • Datacryptor AP IP Small Form Factor 10/100 Mbps

Software and Installation Packs

Each Datacryptor product is delivered with fully functional software that requires Certificate Manager software for commissioning. Only one Certificate Manager is required to commission all Datacryptor devices and therefore is sold separately. Additionally, management software and new release upgrade software can be ordered separately.

Power Supplies and Metal Keys

Datacryptor power supplies are designed for long life and continuous operation. Replacement and backup power supplies can be ordered separately, meeting the same specifications as the power supplies shipped with the original units. Some Datacryptor models require physical keys for operation.  Replacement keys are available based on the model purchased.

Wiring and Cables

A large selection of host and network cables including RS-232, RS-530, X.21, V.35, and E1 (RJ48C and BNC) are available to meet any of your networking and host management requirements.  

Custom Services

Custom algorithms can be developed for Datacryptor products including algorithm upgrades and re-loads. Custom training and consulting are also available. 

Datacryptor IP Network Encryption (IPsec) Products: Specifications


  • ESP Modes:
    • Tunnel
    • Transport (IPv4)
  • Encryption Algorithms
    • Triple DES
    • AES (128, 192, 256-bit key lengths)
    • Custom algorithms also available
  • Encryption Modes
    • CFBB, CBC, GCM

Certifications (check latest software version for certification compliance)

  • FIPS 140-2 Level 3
  • CAPS
    • Baseline Grade
    • Enhanced Grade (up to UK Secret)
  • Common Criteria EAL4

Key Management Support

  • Device Authentication
    • X.509 Certificates
  • Key Agreement
    • Diffie-Hellman 
    • National and/or Custom algorithms are also supported

Host Connectivity

  • Network Ports: 10BASE-T/100BASE-TX Ethernet (RJ45)
  • Management Port: 10BASE-T Ethernet (RJ45)
  • Control Port: RS-232 Serial (DE9)

Additional Security Features

  • Data Integrity
    • Galois Counter Mode (GCM)
    • Extended Sequence Numbers
  • Encrypted Management Traffic (HMAC authenticated)
  • Hardware Random Number Generator
  • Firmware Signing (DSA, SHA-1)
  • Tamper Detection and Tamper Resistance

Datacryptor AP IP Data Sheet

Datacryptor AP SFF Multiprotocol Data Sheet