Free software
To build a successful PKI you can benefit from a lot of tools available. Here are listed some tools and packages that can be used together with PKI to even further improve your PKI experience.
Signserver
The SignServer is an application for automatic signatures called by other systems not able to connect
to cryptographic hardware.
It is a framework that can be customized to specific needs using simple plug-in modules.
The SignServer have a ready to use TimeStamp Authority (RFC 3161 compliant) and a MRTD Signer.
Another usage is to provide a simplified method to provide signatures in different application
managed from one location in the company.
The SignServer have been designed for high-availability and can be clustered for maximum reliability.
CRL Publish Perl script
CRL Publish perl script by Kevin Cody-Little.
CRL Publish pushes newly generated CRLs to your distribution web servers. It can be installed from CPAN as module EJBCA::CrlPublish.
CSRTool
A graphical tool for generating RSA and ECDSA cryptographic key-pairs, creating Certificate Signing Requests (CSRs) from them, and combining the key-pair with an issued digital certificate to create a secure portable container (PKCS12, JKS, JCEKS, etc.)
Some features:
- Generates RSA public and private key-pairs in sizes ranging from 1024 to 8192 bits.
- Generates Elliptic Curve DSA public and private key-pairs using either the ANSI X9.62 named curves, or custom parameters for your own curve if so inclined.
- Saves the private-key in a PKCS8 file with Password-Based-Encryption using the SHA1withTripleDES algorithm.
- Generates a PEM-encoded CSR that can be submitted to a CA either through a web-form or e-mail.
- Generates keyUsage and/or the subjectAltName extensions (optionally) in the RSA-based CSR.
- Combines the private-key from the previously-stored PKCS8 file and the newly returned digital certificate, into a PKCS12 file that can be used for importation into desired applications.
Bouncycastle
Using Bouncycastle you can create your own tools and applications, or PKI enable your existing java applications.
Bouncycastle also have a section with complementary packages (under resources) that you should look at.
JMRTD
JMRTD is a free implementation of the Machine Readable Travel Document (MRTD) standards as specified by the International Civil Aviation Organization (ICAO). The electronic passport (or "ePassport"), which by now has been introduced in many countries, is an implementation of these standards.
ISODL
ISO18013 Electronic Driving License
Implements CVC certificates for driving licenses, using a slightly modified version of cert-cvc.
jSCEP
jSCEP is an open-source Java implementation of the Simple Certificate Enrollment Protocol (SCEP). It is capable of supporting both client- and server-side operations.
Hardware tokens
SecureMetric
SecureMetric has over 13 years experience in serving clients across the world and the market leader in the Smart Card and Cryptographic Token industry for the Southeast Asian region. Our flagship SecureToken ST3 is a lightweight PKI token that is cost effective and has been proven to work better than other well known international brands.
When deployed together with our Token Management and Registration Authority (TMS-RA) system, we are able to unify the separated Certificate and Token life cycles into a single management system which allows operators to better manage their clients and reduce support complexity. Besides that, our TMS-RA readily fits into most CA's business models. This feature empowers our partners and customers. The business model and branding strategy technically streamlines a value-adding, outstanding solution provider.
Visit SecureMetric for more information.
Feitian
Feitian is dedicated to being the leading innovator of smartcard and chip operating system based security technologies and applications. Feitian's major business covers Strong Authentication, Software Protection, Smartcard COS and Peripherals. You can get more information about Feitian at www.ftsafe.com.
Aventra MyEID
The Aventra MyEID card is a smart card that works on most platforms, including windows and linux. You can order MyEID cards from the Aventra Webshop.
Token Management
EJBCA can also be used with numerous products (free or non-free) for token management. Some software supported by the respective vendors, and used in production with EJBCA, are listed below.
SecureMetric
SecureMetric has over 13 years experience in serving clients across the world and the market leader in the Smart Card and Cryptographic Token industry for the Southeast Asian region. Our flagship SecureToken ST3 is a lightweight PKI token that is cost effective and has been proven to work better than other well known international brands.
When deployed together with our Token Management and Registration Authority (TMS-RA) system, we are able to unify the separated Certificate and Token life cycles into a single management system which allows operators to better manage their clients and reduce support complexity. Besides that, our TMS-RA readily fits into most CA's business models. This feature empowers our partners and customers. The business model and branding strategy technically streamlines a value-adding, outstanding solution provider.
Visit SecureMetric for more information.
AET SafeSign IC bundle
A.E.T. Europe B.V. (AET) is a leading global supplier of strong authentication solutions. Our SafeSign Identity Client (IC) is the leading smart card/USB Token middleware available today. It is used by millions of people to securely store their digital certificate on smart cards and USB tokens and gain access to all kinds of applications and systems, like the Industrial Commercial bank of China (ICBC) and the Dutch UZIpas.
BlueX eID Management is a complete token management system that provides a clear set of workflows for every step in the lifecycle of an eID.
Contact AET Europe for more information.
SecMaker Net iD Card Portal
The Net iD Card Portal is a complete card management system for issuing, activating, unblocking and renewing smart cards. Lost, blocked or forgotten cards are quickly and easily handled in the portal.
Net iD Enterprise is a client working on Windows, Linux and Mac OS X. It enables signing, authentication and usage of certificates in various systems. Distinguishing features of the Net iD client is enhanced support in Windows Terminal Server and Citrix Presentation Server, as well as support for a variety of different smart cards.
Contact SecMaker for more information.
Aventra Card Management System
Aventra Ltd is a company specialized in plastic cards, smart cards, and data security. Among it's products are the Aventra Card Management System and the MyEID multifunctional PKI card.
Contact Aventra for more information.
Versasec vSEC:CMS
The vSEC:CMS product portfolio includes everything from easy to use end-user applications, downloadable tools, ready to go appliances... all the way to complete integration platforms - all with the same purpose, simplify lifecycle management of PKI enabled devices. To learn more and to download the software today, visit versasec.com.
Gemalto IDAdmin 200
Gemalto IDAdmin 200 is the leading smart card management system for managing Gemalto's impressive portfolio of smart cards, converged badges and other access enabling tokens. For more information visit the IDAdmin 200 product page.
GemSAFE Toolbox
GemSAFE toolbox and tokens are developed by Gemalto. Using this product an organization can setup a secure platform for online banking, transaction, identity verification and data exchange. It has been adapted by lots of well known companies and organizations for instant, Cisco, Airbus, BMW, China Construction Bank, Industrial Commercial bank of China (ICBC) and etc.
Some of the GemSAFE features:
- Email signature and encryption
- Smartcard logon
- Strong authentication with SSL
- Document signature and encryption
- VB macro signature
- Support 16 languages
- Works with MS Outlook, Thunderbird, Lotus Notes, IE, Netscape, FireFox and more
GemSAFE was successfully used together with EJBCA for the ZhuHai Local Taxation Bureau project, listed in the reference installations section.
There is a howto for using GemSAFE with EJBCA in the Howto section.