EJBCA - Open Source PKI Certificate Authority
Search ejbca.org for:
PrimeKey Support, Development and Maintenance services

Free software

To build a successful PKI you can benefit from a lot of tools available. Here are listed some tools and packages that can be used together with PKI to even further improve your PKI experience.

Signserver

Signserver

The SignServer is an application for automatic signatures called by other systems not able to connect to crytographic hardware. It is a framework that can be customized to specific needs using simple plug-in modules. The SignServer have a ready to use TimeStamp Authority (RFC 3161 compliant) and a MRTD Signer. Another usage is to provide a simplified method to provide signatures in different application managed from one location in the company.
The SignServer have been designed for high-availability and can be clustered for maximum reliability.

Syscheck

Syscheck

It's a framework build with shell scripts to make sure a system is working and at good health. It started as checker for EJBCA. Used in high security environments, that can not allow standard probes to be installed. The result is sent out with syslog.

Hard Token Management Framework

Hard Token Management Framework

The hard token management framework is a framework for creating applications to manage to complete life cycle of issuing hard tokens (smart cards, USB PKI dongles, etc) to end users.
The framework is an API that you build a GUI on top of.

CSRTool

CSRTool at sourceforge

A graphical tool for generating RSA and ECDSA cryptographic key-pairs, creating Certificate Signing Requests (CSRs) from them, and combining the key-pair with an issued digital certificate to create a secure portable container (PKCS12, JKS, JCEKS, etc.)

Some features:

  • Generates RSA public and private key-pairs in sizes ranging from 1024 to 8192 bits.
  • Generates Elliptic Curve DSA public and private key-pairs using either the ANSI X9.62 named curves, or custom parameters for your own curve if so inclined.
  • Saves the private-key in a PKCS8 file with Password-Based-Encryption using the SHA1withTripleDES algorithm.
  • Generates a PEM-encoded CSR that can be submitted to a CA either through a web-form or e-mail.
  • Generates keyUsage and/or the subjectAltName extensions (optionally) in the RSA-based CSR.
  • Combines the private-key from the previously-stored PKCS8 file and the newly returned digital certificate, into a PKCS12 file that can be used for importation into desired applications.

Bouncycastle

Bouncycastle website

Using Bouncycastle you can create your own tools and applications, or PKI enable your existing java applications.

Bouncycastle also have a section with complementary packages (under resources) that you should look at.

JMRTD

JMRTD website

JMRTD is a free implementation of the Machine Readable Travel Document (MRTD) standards as specified by the International Civil Aviation Organization (ICAO). The electronic passport (or "ePassport"), which by now has been introduced in many countries, is an implementation of these standards.

ISODL

ISO18013 Electronic Driving License

Implements CVC certificates for driving licenses, using a slightly modified version of cert-cvc.

jSCEP

Java SCEP implementation

jSCEP is an open-source Java implementation of the Simple Certificate Enrollment Protocol (SCEP). It is capable of supporting both client- and server-side operations.

OpenSC

OpenSC project

OpenSC provides a set of libraries and utilities to work with smart cards. You can use OpenSC to support login and authentication using PKI smart cards.

Hardware tokens

Feitian

Feitian is dedicated to being the leading innovator of smartcard and chip operating system based security technologies and applications. Feitian's major business covers Strong Authentication, Software Protection, Smartcard COS and Peripherals. You can get more information about Feitian at www.ftsafe.com.

Gooze

GOOZE is a community shop selling high quality cryptographic tools for GNU/Linux, Mac OS X and Windows, among them the Feitian PKI card.

You can order an EJBCA demonstration package at Gooze.eu

Aventra MyEID

The Aventra MyEID card is a smart card that works on most platforms, including windows and linux. You can order MyEID cards from the Aventra Webshop.

Smartcard 2.0

Smartcard 2.0 is a package with the Hard Token Management Framework, smartcards and readers.

Proprietary software

EJBCA can also be used with numerous products from the non-free world. To be listed here, the software should work flawlessly with EJBCA and the vendor should:

  • provide free and open documentation on how to use the product with EJBCA
  • continuously update the documentation
  • promote EJBCA

GemSAFE Toolbox

GemSAFE toolbox and tokens are developed by Gemalto. Using this product an organization can setup a secure platform for online banking, transaction, identity verification and data exchange. It has been adapted by lots of well known companies and organizations for instant, Cisco, Airbus, BMW, China Construction Bank, Industrial Commercial bank of China (ICBC) and etc.

Some of the GemSAFE features:

  • Email signature and encryption
  • Smartcard logon
  • Strong authentication with SSL
  • Document signature and encryption
  • VB macro signature
  • Support 16 languages
  • Works with MS Outlook, Thunderbird, Lotus Notes, IE, Netscape, FireFox and more

GemSAFE was successfully used together with EJBCA for the ZhuHai Local Taxation Bureau project, listed in the reference installations section.

There is a howto for using GemSAFE with EJBCA in the Howto section.

AET SafeSign IC bundle

A.E.T. Europe B.V. (AET) is a leading global supplier of strong authentication solutions. Our SafeSign Identity Client (IC) is the leading smart card/USB Token middleware available today. It is used by millions of people to securely store their digital certificate on smart cards and USB tokens and gain access to all kinds of applications and systems, like the Industrial Commercial bank of China (ICBC) and the Dutch UZIpas.

SafeSign IC provides strong authentication, smart card logon, encryption and digital signatures on Windows, Linux and MAC. Combined with the CCID compatible steel Marx CrypToken USB token it is a perfect solution to use with an EJBCA PKI infrastructure. AET likes to offer EJBCA users the opportunity to evaluate and use the SafeSign IC software in combination with a steel, CCID compatible USB token for a special price!
Contact AET Europe for more information.

SecMaker NetID

The NetID PKI middleware is a client working on Windows, Linux and Mac OS X. It enables signing, authentication and usage of certificates in various systems. Ditinguishing features of the NetID client is enhanced support in Windows Terminal Server and Citrix Presentation Server, as well as support for a variety of different smart cards.
Contact SecMaker for more information.

Aventra Card Management System

Aventra Ltd is a company specialized in plastic cards, smart cards, and data security. Among it's products are the Aventra Card Management System and the MyEID multifunctional PKI card.
Contact Aventra for more information.

Copyright © 2001-2011 EJBCA team. All rights reserved.