AZL verifies primes, RSA / ECC / DH parameters, and full keypairs independently of any HSM, KMS provider, or certificate authority — and generates certified primes on request. A supplier, not just an auditor. Every output is a deterministic, HMAC-SHA256 signed certificate suitable for audit and regulator-facing evidence.
Submit a candidate integer for deterministic primality verification, or request a certified prime at a specified bit length. Every result is a signed certificate.
Validate RSA moduli, elliptic-curve parameters (P-256, P-384, secp256k1, Curve25519), and Diffie-Hellman groups against published security bounds. Returns the security-bit assessment and any deviations.
Operated independently of every key-generation vendor. Portable, externally verifiable certificates — resilient to a single-vendor common-mode flaw.
| RSA modulus | Security bits | NIST status | Recommended action |
|---|---|---|---|
| 1024 | 80 | DEPRECATED | Rotate to 2048+ immediately |
| 2048 | 112 | ACCEPTABLE | Valid through 2030 per NIST SP 800-57 |
| 3072 | 128 | RECOMMENDED | Current best practice for new keys |
| 4096 | 152 | RECOMMENDED | High-assurance use |
| 15360 | 256 | 256-BIT TIER | Maximum-assurance tier |
Operated separately from the vendor that generated the key — separate codebase, separate compute.
A signed certificate per key, externally verifiable with the public key.
An independent operator removes the single-vendor point of failure (cf. ROCA, 2017).
Third-party signed certificate suitable for examiner and audit-committee review.
Drive AZL directly. Paste your key, then press SEND on an endpoint. Responses come back raw.