The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI enabled application development. The library provides the developer with all the needed functionalities to manage certificates, from generation to validation.
The LibPKI Project enables developers with the possibility to implement complex cryptographic operations with a few simple function calls by implementing an high-level cryptographic API.
Here are some key features of "LibPKI":
XML Parsing and XKMS Support:
· To provide even more advanced services to developers, the libPKI implements XML parsing capabilities and XKMS support. The XML capabilities will implement both extensions and profile management (for requests/certs creation and management) and XKMS support. Extensions to the XKMS protocol will be investigated and proposed as part of the work in order to add PKI management capabilities to the standard.
Protocol Independent Data Retrieval API:
· Another interesting feature included in the design of LibPKI is to provide a protocol-independent data retrieval API (e.g. LDAP, HTTP, FTP, FILE, etc...). Developers can use the libPKI provided data retrieval functions without the need to know the details about the used protocol implementation.
Direct Cryptographic Hardware Support:
· Part of the libPKI added value is the direct integration with HSMs. At the moment most cryptographic libraries provide integration with HSM by using specific functions and drivers. By introducing the concepts of PKI_TOKEN and PKI_HSM, the library provides abstraction for usage of HSMs for key operations. For example this interface enables a software to store private keys in different devices, e.g. smart cards, usb tokens or TPM.
What's New in This Release: [ read full changelog ]
· Added pki-cert tool to view/manipulate certificates
· Added pki-crl tool to view/generate CRLs
· Added PKI_ALGORITHM data structures for initializing X509 algorithm identifiers
· Fixed name comparison for certificate profile loading
· Fixed URL input management for stdin, stdout, stderr file stream
· Added pki-cert tool to manage certificate format conversion (pem,der,txt,xml)
· Fixed rpath config on Solaris/OpenSolaris
· Added PKI_KEYPARAMS structure to pass key generation parameters to HSMs
· Added compressed/uncompressed encoding options for EC keys
· Fixed default validity in pki-tool
· Added profile/keyParams section parsing in profiles configuration files(PKI_TOKEN)
· Updated default key min/suggested sizes
· Improved pki-tool command line tool (added params for EC key generation,better -batch handling)
· Extended no-case keyUsage and extendedKeyUsage extension parsing in profiles
· Fixed return code in PKI_NET_Listen(). Now it returns PKI_ERR in case of errors or the socket number (e.g., int > 2 ).
· Fix i...