KeyMan
A tool for managing keys, certificates, certificate revocation lists (CRLs), and the respective repositories for storing and retrieving these items.
Date Posted: June 30, 2000
|
|
 |
|
|
Update: February 7, 2007
Version 1.69 contains bug fixes for access to certificate chains on remote SSL/TLS servers as well as work-arounds for some JVMs.
What is KeyMan?
KeyMan is a tool for managing keys, certificates, certificate revocation lists (CRLs), and the respective repositories for storing and retrieving these items. The full life cycle of certificates is supported, as are processes involved in handling user and server certificates.
Users can create self-signed certificates or other certificates by processing certificate requests. Certificates can be imported from different file formats and via different protocols. The signing and verification of JAR archives is also supported.
Certificate details show the contents of extensions and the presence of other extensions. Further details on extensions are available at RFC 3280.
This technology runs on any JavaTM platform, including Linux®.
How does it work? KeyMan features include the following:
- Full support of user certificate life cycle
- Management of various key/certificate repositories
- Support of cryptographic tokens via PKCS#11 interface
- Access to Windows certificate repositories
- Support of X.509/PKIX (certificates V3, CRLs V2)
- Creation of self-signed certificates
- Signing of certificate requests (PKCS#10,SPKAC)
- Importing certificates via LDAP/HTTPS protocols
- Signing/verification of JAR archives
- Compliance with PKCS standards (#7, #10, #11, #12)
- Integration with VeriSign and other CAs
- 100% Java, runs on JDK 1.1 or above
- Easy-to-use GUI.
KeyMan has built-in, software-based cryptographic functions, but it also supports hardware tokens to perform these functions and to securely store key material and certificates. Cryptographic tokens can be smart cards or PC cards. KeyMan can talk to tokens that expose a PKCS#11 interface or to those that are accessible via Microsoft Cryptogrpahic API.
|
|
|
| | About the technology author(s):
Thomas Eirich is a research staff member in the Secure Systems Group at IBM Zurich Research Laboratory, where he develops advanced security software based on cryptographic algorithms and secure tokens. Dr. Eirich received a Ph.D. in computer science at the University of Erlangen, Germany. He can be reached through e-mail.
Martin Clausen is an IT specialist working in the IBM Crypto Competence Center located in Copenhagen, Denmark. He has been with IBM since mid-2003. Mr. Clausen has been involved with the development of cryptographic toolkits designed to run on all kinds of platforms; these toolkits are used extensively within IBM. He has recently been on an assignment at IBM Research in Zurich. In 2003, he received an M. Sc. in engineering from the Technical University of Denmark (DTU), where he worked extensively with cryptology. Mr. Clausen's areas of expertise include PKI solutions, programming, and Linux.
|
|
|
| |
