INDEPENDENT CRYPTOGRAPHIC VERIFICATION

Independent verification of
cryptographic key material.

AZL verifies primes, RSA / ECC / DH parameters, and full keypairs independently of any HSM, KMS provider, or certificate authority — and generates certified primes on request. A supplier, not just an auditor. Every output is a deterministic, HMAC-SHA256 signed certificate suitable for audit and regulator-facing evidence.

Inquire Open console
Contact form is live on the published site.
Two engines, one verification surface

Prime verification & generation

Submit a candidate integer for deterministic primality verification, or request a certified prime at a specified bit length. Every result is a signed certificate.

Parameter coherence

Validate RSA moduli, elliptic-curve parameters (P-256, P-384, secp256k1, Curve25519), and Diffie-Hellman groups against published security bounds. Returns the security-bit assessment and any deviations.

Independent layer

Operated independently of every key-generation vendor. Portable, externally verifiable certificates — resilient to a single-vendor common-mode flaw.

RSA parameter assessment
RSA modulusSecurity bitsNIST statusRecommended action
102480DEPRECATEDRotate to 2048+ immediately
2048112ACCEPTABLEValid through 2030 per NIST SP 800-57
3072128RECOMMENDEDCurrent best practice for new keys
4096152RECOMMENDEDHigh-assurance use
15360256256-BIT TIERMaximum-assurance tier
Why an independent verification layer

Independent verifier

Operated separately from the vendor that generated the key — separate codebase, separate compute.

Portable audit trail

A signed certificate per key, externally verifiable with the public key.

Common-mode resilience

An independent operator removes the single-vendor point of failure (cf. ROCA, 2017).

Regulator-facing

Third-party signed certificate suitable for examiner and audit-committee review.

Console

Drive AZL directly. Paste your key, then press SEND on an endpoint. Responses come back raw.

Your key is held in memory only — never stored in this file, sent only to the base URL above. Paste your key, then press SEND on an endpoint.
Calls go to the base URL with your X-API-Key. If a call is blocked by CORS, run it from a page served by the same origin as the base URL, or use the curl equivalent.