SSH Tectia

Connection Broker

The Connection Broker is a shared component included in SSH Tectia Client and SSH Tectia Connector. All cryptographic operations and authentication-related tasks for SSH Tectia Client and Connector are handled by the Connection Broker.

Connection Broker architecture

Figure 4.3. Connection Broker architecture

The Connection Broker replaces SSH Accession as the authentication agent in 5.0 and later versions. The connection of the agent to other applications is shown in Figure 4.4.

Connection Broker connections

Figure 4.4. Connection Broker connections

Supported key and certificate providers:

  • MSCAPI: Microsoft Crypto API, a standard cryptographic interface in Microsoft Windows-based systems.

  • PC/SC: A standard for integrating smart cards and smart card readers. It is defined by the PC/SC Workgroup. For more information, see

  • PKCS#11: Connection Broker supports cryptographic tokens based on PKCS#11 (v2.x).

    The PKCS#11 Public-Key Cryptography Standard specifies an API called Cyptoki to devices that hold cryptographic information and perform cryptographic functions. For more information, see the RSA Laboratories web page at

  • Entrust: By using the Entrust provider, SSH Tectia can utilize keys and certificates stored in an Entrust profile file (.epf). The initialization file includes the basic Entrust PKI configuration (for example the certification authority (CA) address).