Echoworx Certificate Key Management is a cloud-based platform for managing S/MIME and PGP certificates and encryption keys in enterprise environments. The platform segregates S/MIME and PGP certificates on a per-tenant basis, giving each organization isolated ownership of its public keys to prevent conflicts and credential mismatches. Administrators can enable or disable specific LDAP directories to control where the system searches for recipient certificates. For S/MIME encryption, the system automatically retrieves valid recipient certificates, generates new keys as needed, and supports automatic renewal of expiring certificates for users on DigiCert or SwissSign integrations. Onboarding supports self-signed credentials, CA-issued credentials, and recipient-uploaded x509 certificates. Signature verification covers both opaque-signed and clear-signed S/MIME messages. For PGP encryption, the platform provides a fully managed cloud-based service that retrieves recipient keys via LDAP lookup or direct upload, auto-generates PGP key pairs for senders, and supports migration of existing PGP keys. Key governance is handled through the Manage Your Own Encryption Keys (MYOK) feature, backed by AWS KMS with FIPS 140-3 Level 3 validated HSMs. Keys are protected with AES-256 encryption. The SwissSign integration stores root key material in Swiss banks and hosts operations in Swiss data centers. The platform supports compliance with GDPR, HIPAA, PCI DSS, DORA, NIS 2, and KRITIS-DachG. It holds certifications including SOC, PCI DSS, and FSQS, and is an AWS Qualified Software product.