====== Infrastructure de Gestion de Clefs ====== En anglais: Public Key Infrastructure (PKI). Voir : * [[glossaire:IGC|/glossaire/IGC]], [[/informatique/openssl|/informatique/openssl]], [[informatique/crypto|informatique/crypto]] * [[http://www.commentcamarche.net/contents/crypto/crypto.php3|Introduction à la cryptographie]] sur commentcamarche.net. ===== Softs ===== * [[http://www.ejbca.org/complimentary.html]] ==== PKIF & Webcullis ==== The PKI Framework http://pkif.sourceforge.net Webcullis, Simple PKI-based access control for the Web. Webcullis is a security plug-in formultiple https servers. It is designed to strengthen the web server’s ability to limit access to files based on certificate policy or name constraints when the server implements X.509 PKI-based authorization schemes http://pkif.sourceforge.net/webcullis.html ==== EJBCA ==== http://www.ejbca.org/ The LGPL (GNU LESSER GENERAL PUBLIC LICENSE) applies to all releases of EJBCA. ==== OpenCA ==== https://www.openca.org/ ====OpenSSL==== [[/informatique/openssl|/informatique/OpenSSL]] ====XCA==== [[http://xca.hohnstaedt.de|http://xca.hohnstaedt.de]] [[http://salpers.de/index.php?id=270|une p'tite doc]] XCA is a graphical user interface for creating RSA/DSA/ECC keys, certificates, signing requests and revokation lists. With XCA certificate signing and managing becomes an easy task. It supports keys on SmartCards via the PKCS#11 library interface. Usually the manufacturer of your card provides an appropriate PKCS#11 library. By default it uses the OpenSC library. Supported Operating systems: * Linux * Windows * MAC OSX * other Unix variants ===== Time Stamping ===== ==== OpenTSA ==== http://www.opentsa.org The aim of the OpenTSA project is to develop an RFC 3161 compliant, stable, secure, open source and free time stamping authority client and server application. The following deliverables have already been produced: * Time Stamp patch for OpenSSL: The time stamp request creation, response generation and response verification functionality is implemented as an extension to the latest stable version of OpenSSL. This patch adds a new ts command to OpenSSL with which the time stamping operations can be carried out. This patch and the time stamp client have been merged into the official version of OpenSSL and will be available from openssl-0.9.9 onwards. * Time Stamp client: A simple command-line driven TSA client that can be used for creating and sending time stamp requests over HTTP or HTTPS to a TSA and for receiving and verifying the responses. The utility is distributed with the OpenSSL Time Stamp patch. * Time Stamp module for Apache: This package is an extension module for the latest stable version of the Apache HTTP server. Using the functionality of the OpenSSL Time Stamp patch this module functions as an RFC 3161 compliant time stamp server over HTTP and HTTPS transport protocols, issued time stamp tokens can be stored in a MySQL or a FireBird database. * ===== Tools ===== ==== Avec le SDK Microsoft ==== - Création du certificat X509, avec **makecert.exe**. On spécifie d’exporter la clé privée (*.pvk), et surtout il faut marqué le certificat X509 comme exportable, ce qui permet pour l’étape suivante d’inclure la clé privée. - On utilise l'outil **pvk2pfx.exe** qui inclut la clé privée dans le certificat, pour générer le fichier pfx ou p12 (c’est la même chose maintenant). D:\projs> makecert.exe -r -pe -n "CN=TOTO-SSO" -b 01/04/2010 -e 01/04/2020 -sky signature -sv TOTO-SSO.Private.pvk TOTO-SSO.cer Succeeded D:\projs> pvk2pfx.exe -pvk TOTO-SSO.pvk -spc TOTO-SSO.cer -pfx TOTO-SSO.pfx ==== Avec le JDK (Java SDK) ==== Avec l'outil **keytool** http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html