Outils pour utilisateurs

Outils du site


informatique:igc

Infrastructure de Gestion de Clefs

En anglais: Public Key Infrastructure (PKI).

Voir :

Softs

PKIF & Webcullis

The PKI Framework

http://pkif.sourceforge.net

Webcullis, Simple PKI-based access control for the Web. Webcullis is a security plug-in formultiple https servers. It is designed to strengthen the web server’s ability to limit access to files based on certificate policy or name constraints when the server implements X.509 PKI-based authorization schemes

http://pkif.sourceforge.net/webcullis.html

EJBCA

http://www.ejbca.org/

The LGPL (GNU LESSER GENERAL PUBLIC LICENSE) applies to all releases of EJBCA.

OpenCA

OpenSSL

XCA

http://xca.hohnstaedt.de

une p'tite doc

XCA is a graphical user interface for creating RSA/DSA/ECC keys, certificates, signing requests and revokation lists.

With XCA certificate signing and managing becomes an easy task.

It supports keys on SmartCards via the PKCS#11 library interface. Usually the manufacturer of your card provides an appropriate PKCS#11 library. By default it uses the OpenSC library.

Supported Operating systems:

  • Linux
  • Windows
  • MAC OSX
  • other Unix variants

Time Stamping

OpenTSA

http://www.opentsa.org

The aim of the OpenTSA project is to develop an RFC 3161 compliant, stable, secure, open source and free time stamping authority client and server application. The following deliverables have already been produced:

  • Time Stamp patch for OpenSSL: The time stamp request creation, response generation and response verification functionality is implemented as an extension to the latest stable version of OpenSSL. This patch adds a new ts command to OpenSSL with which the time stamping operations can be carried out. This patch and the time stamp client have been merged into the official version of OpenSSL and will be available from openssl-0.9.9 onwards.
  • Time Stamp client: A simple command-line driven TSA client that can be used for creating and sending time stamp requests over HTTP or HTTPS to a TSA and for receiving and verifying the responses. The utility is distributed with the OpenSSL Time Stamp patch.
  • Time Stamp module for Apache: This package is an extension module for the latest stable version of the Apache HTTP server. Using the functionality of the OpenSSL Time Stamp patch this module functions as an RFC 3161 compliant time stamp server over HTTP and HTTPS transport protocols, issued time stamp tokens can be stored in a MySQL or a FireBird database.

Tools

Avec le SDK Microsoft

  1. Création du certificat X509, avec makecert.exe. On spécifie d’exporter la clé privée (*.pvk), et surtout il faut marqué le certificat X509 comme exportable, ce qui permet pour l’étape suivante d’inclure la clé privée.
  2. On utilise l'outil pvk2pfx.exe qui inclut la clé privée dans le certificat, pour générer le fichier pfx ou p12 (c’est la même chose maintenant).
D:\projs> makecert.exe -r -pe -n "CN=TOTO-SSO" -b 01/04/2010 -e 01/04/2020 -sky signature -sv TOTO-SSO.Private.pvk TOTO-SSO.cer
Succeeded
D:\projs> pvk2pfx.exe -pvk TOTO-SSO.pvk -spc TOTO-SSO.cer -pfx TOTO-SSO.pfx

Avec le JDK (Java SDK)

informatique/igc.txt · Dernière modification: 12/09/2014 17:33 par cyrille