Monday, December 30, 2013

EJBCA Community 6.0 is here!

EJBCA, the open source PKI, has been around for quite some time now, since 2001 to be exact. The last major release of EJBCA Community was EJBCA 4, which saw many updates up to the final release 4.0.16 in June 2013. EJBCA 5 was Common Criteria certified, and therefore never released to the public. After a long wait, and much development, EJBCA Community version 6 is now here.

The latest release of EJBCA Enterprise 6.0.3, also marks the release of EJBCA Community 6.0.3. Enjoy! But if you have the means, please help support EJBCA by subscribing to an EJBCA Enterprise support subscription.

EJBCA 6 is the base for future releases of EJBCA Community. This is a good time to Contribute.

More information about EJBCA 6:

EJBCA Enterprise 6.0.3 released

PrimeKey is happy to announce that EJBCA Enterprise 6.0.3 has been released! This is a maintenance release – 21 issues have been resolved.
Running on the latest technology platforms, this PKI is faster, more resource efficient, more secure and more user friendly than ever. EJBCA Enterprise v.6 is so flexible it is suitable for any organization, cloud, social or mobile system.

EJBCA Enterprise 6.0.3 release notes

A maintenance release containing a few new features and improvements. The following are a selection of the most noteworthy changes.
  • New features

    • Support for OCSP extended revoked status compliant with RFC6960.
  • Improvements

    • EJBCA now ensures that OCSP RFC5019 responses with unknown response code are not cached.
    • OCSP now uses archive cutoff date for expired certificates, compliant with RFC6960.
    • Speedups when starting the Command Line Interface.
    • Bug fixes for Internal Key Bindings.

More information

Basic information on EJBCA Enterprise PKI is available here.
For entire technical details view the changelog in the issue tracker.
EJBCA is a registered trademark of PrimeKey Solutions AB in the EU, the United States, Japan and certain other countries.

Friday, December 20, 2013

Possibilities and restrictions with SPOC for EAC

SPOC stands for Single Point of Contact: the standard specified by the EU for exchanging certificates needed to perform EAC (Extended Access Control), between member states.

To analyze the possibilities and restrictions related to implementing SPOC for EAC, a bachelor thesis study has recently been performed at the University of Skövde and at PrimeKey Solutions AB.

Conducted in three steps, the study begins with an analysis of the SPOC standard. The results of that analysis were used as input to the next step in which several people involved in developing SPOC were interviewed. Finally a case study was made, with the attempt to see whether or not it was possible to use elliptic curve cryptography in an interoperable environment.

The study analyses potential shortcomings in the SPOC specification, which are believed to potentially cause lack of interoperability between different implementations of SPOC. Also studied are potential interoperability issues arising from the use of elliptic curve cryptography (ECC) for TLS communication between SPOCs.

An abstract of the thesis is available for download (English version), as well as the full thesis written in Swedish.

More information

For more information about the thesis, contact the author:
Joakim Kävrestad, joakim.kavrestad(at)his.se

For more information about PrimeKey SPOC and ePassport PKI contact:
Tomas Gustavsson, tomas(at)primekey.se

Wednesday, December 18, 2013

EJBCA Enterprise 6.0 released

This is a copy of the product release from PrimeKey.

17 Dec 2013 — Stockholm, Sweden

PrimeKey proudly presents the next generation open source enterprise PKI, EJBCA Enterprise 6.0.
Running on the latest technology platforms, this PKI is faster, more resource efficient, more secure and more user friendly than ever.
EJBCA Enterprise v.6 is so flexible it is suitable for any organization, cloud, social or mobile system.

EJBCA Enterprise *6.0* release notes

Having already passed two maintenance releases, EJBCA Enterprise 6.0 is now ready for production! The following are a selection of the most noteworthy changes.
  • New features

    • New Crypto Token concept, giving complete GUI support for configuring signature and keys, either in software or on hardware security modules. Hardware security modules has never been easier.
    • CMP configuration can now be done in the GUI, and supports multiple different configurations through CMP Aliases. More flexible than ever you can easily set up CMP to talk to any type of device, all with a single instance of EJBCA.
    • The new Internal Key binding concept merges the Certificate Authority and Validation Authority functionality. Use the same instance, or multiple instances, using the same well known admin GUI as a Certificate Authority or Validation Authority or both.
    • Full support for the latest platforms. Java 7 and JBoss 7 are now the default recommended platforms, faster, more secure and more resource efficient.
  • Improvements

    • More than 300 issues have been resolved during the development of EJBCA Enterprise v.6.
More information on EJBCA Enterprise PKI is available here. For entire technical details view the changelog in the issue tracker.

EJBCA is a registered trademark of PrimeKey Solutions AB in the EU, the United States, Japan and certain other countries.

Wednesday, December 4, 2013

Bouncy Castle establishes not-for-profit association, accepts donations. FIPS or bust!

Finally there is an actual legal entity established for Bouncy Castle. Legion of the Bouncy Castle Inc., is a not-for-profit association based in Australia. Bouncy Castle is glad to announce that as of the 7th November this year (2013), Legion of the Bouncy Castle Inc. ABN 84 166 338 567 is now officially recognised by the Australian Government as a charity established for the benefit of education and the benefit of the public in general.

Support contracts are handled through Crypto Workshop Pty Ltd, however the recognition of the charity does mean two important things, you can stop worrying about something weird happening in corporate life affecting the availability of the APIs as everything is getting signed over to the charity, and also importantly, Bouncy Castle is actually authorised to start fund raising for things like FIPS.

So in honor of this, and the upcoming 50th Java release, we're launching our 2013 "FIPS or bust!" Fund Raiser.

Click this donations link!
https://www.bouncycastle.org/donate/index.cgi

It's using paypal so if anyone wants to chip in a large amount, direct transfer would be a better option, but you are still recommended to look at the page due to the graphics!

Bouncy Castle currently see over 10000 downloads a week, and gets lots of "When will you be FIPS certified?" emails. The Java API is now over 300,000 lines, the C# one well past 140,000. There are more standards being published every day, and most of the old ones are getting revised. Further on there is trying to constantly monitor for and identify vulnerabilities, as well as taking time out to review contributed code so that the project continues to be a community based effort as well as an Open Source one.

PrimeKey, and me Tomas, supports Bouncy Castle. You should to!