Complimentary software

Signserver

Signserver

The SignServer is an application for automatic signatures called by other systems not able to connect to crytographic hardware. It is a framework that can be customized to specific needs using simple plug-in modules. The SignServer have a ready to use TimeStamp Authority (RFC 3161 compliant) and a MRTD Signer. Another usage is to provide a simplified method to provide signatures in different application managed from one location in the company.
The SignServer have been designed for high-availability and can be clustered for maximum reliability.

Hard Token Management Framework

Hard Token Management Framework

The hard token management framework is a framework for creating applications to manage to complete life cycle of issuing hard tokens (smart cards, USB PKI dongles, etc) to end users.
The framework is an API that you build a GUI on top of.

CSRTool

CSRTool website
or
CSRTool at sourceforge

A graphical tool for generating RSA and ECDSA cryptographic key-pairs, creating Certificate Signing Requests (CSRs) from them, and combining the key-pair with an issued digital certificate to create a secure portable container (PKCS12, JKS, JCEKS, etc.)

Some features:

• Generates RSA public and private key-pairs in sizes ranging from 1024 to 8192 bits.
• Generates Elliptic Curve DSA public and private key-pairs using either the ANSI X9.62 named curves, or custom parameters for your own curve if so inclined.
• Saves the private-key in a PKCS8 file with Password-Based-Encryption using the SHA1withTripleDES algorithm.
• Generates a PEM-encoded CSR that can be submitted to a CA either through a web-form or e-mail.
• Generates keyUsage and/or the subjectAltName extensions (optionally) in the RSA-based CSR.
• Combines the private-key from the previously-stored PKCS8 file and the newly returned digital certificate, into a PKCS12 file that can be used for importation into desired applications.

Bouncycastle

Bouncycastle website

Using Bouncycastle you can create your own tools and applications, or PKI enable your existing java applications.

Bouncycastle also have a section with complimentary packages (under resources) that you should look at.

GemSAFE Toolbox

GemSAFE toolbox and tokens are developed by Gemalto. Using this product an organization can setup a secure platform for online banking, transaction, identity verification and data exchange. It has been adapted by lots of well known companies and organizations for instant, Cisco, Airbus, BMW, China Construction Bank, Industrial Commercial bank of China (ICBC) and etc.

Some of the GemSAFE features:

• Email signature and encryption
• Smartcard logon
• Strong authentication with SSL
• Document signature and encryption
• VB macro signature
• Support 16 languages
• Works with MS Outlook, Thunderbird, Lotus Notes, IE, Netscape, FireFox and more

GemSAFE was successfully used together with EJBCA for the ZhuHai Local Taxation Bureau project, listed in the reference installations section.

There is a howto for using GemSAFE with EJBCA in the Howto section.

AET SafeSign IC bundle

A.E.T. Europe B.V. (AET) is a leading global supplier of strong authentication solutions. Our SafeSign Identity Client (IC) is the leading smart card/USB Token middleware available today. It is used by millions of people to securely store their digital certificate on smart cards and USB tokens and gain access to all kinds of applications and systems, like the Industrial Commercial bank of China (ICBC) and the Dutch UZIpas.

SafeSign IC provides strong authentication, smart card logon, encryption and digital signatures on Windows, Linux and MAC. Combined with the CCID compatible steel Marx CrypToken USB token it is a perfect solution to use with an EJBCA PKI infrastructure. AET likes to offer EJBCA users the opportunity to evaluate and use the SafeSign IC software in combination with a steel, CCID compatible USB token for a special price!
See AET EJBCA promotion for more information.