Académique Documents
Professionnel Documents
Culture Documents
http://www.bouncycastle.org and
EJBCA
http://www.ejbca.org
BouncyCastle
Set of cryptographic libraries used by developers in Java and C#. Deals with provisioning of cryptography services, also support for certificate handling, secure messaging, SSL/TLS, and time stamping.
EJBCA
PKI Certificate Authority, enterprise java application issuing and managing digital certificates. Uses BouncyCastle library for low level functions.
EJBCA Overview
Website: http://www.ejbca.org Founded in November 2001. Now has around 1500 downloads every month. Originally built because BouncyCastle included certificate generation API, and J2EE was new cool technology. Originally 1 developer, currently 5 main developers plus contributors. Original code around 6000 lines including test code. Provided support for a basic certificate authority with a command line interface. Latest release, 3.8.0, 166.000 lines including test code. Supports same functionality as original release plus multiple CAs, web based Admin-GUI, different algorithms, full list of extensions, support for EAC ePassport PKI, all common PKI interfaces, enterprise features for high-availability, monitoring and security. Strong emphasis on standards compliance, adaptability and integration in organizations application environment and work-flow. Public support facilities include an issue tracker, dev mailing list, forum, IRC chat and a wiki, all available at the website. Commercial support provided at http://www.primekey.se Resources, such as used third party products, references, howtos and documentation available on website.
Standards Bodies need to publish freely available and thorough compliance tests
Having managed to get access to a standard, the next challenge is to produce something that is compatible with other implementations. Most standards are published with few, if any, test vectors, which almost never cover any edge conditions in the document. A considerable amount of time is lost identifying these edge conditions.
Access to certification
Governments generally require cryptography providers to be certified to some level before they can be used. This is fair enough! However the cost of certification is often so high that it effectively eliminates open source projects from being used as they cannot afford to gain certification.
EU funding
Not easy for small open source vendors to get EU funding, system is targeted for large corporations and commercial benefit. Certification costs are high and certified open source products would give both commercial and public benefit.
Interoperability
Users and customers requires interoperability with proprietary products, but obtaining that interoperability is expensive and time consuming. Support from vendors is low and support contracts expensive. Interoperability events restricted to closed groups, where open source project could be invited.
Public procurement in EU governments are often using trademarks discriminating against open source products. This is shown in an OFE study available at www.openforumeurope.org.
Questions?