Public Key Infrastructure
PKI Resources

Contact Us
{Content Item 6}
{Content Item 7}


Public Key Infrastructure is too expensive, today, for what customers get in return for deploying it.

Reed-Matthews, Inc. is determined to change that.

On this page, we document some of the PKI resources we've found. Perhaps they'll be of use to you, too. This is by no means complete. But it's a useful start.

Open Source CAs

There are several open source code bases under active development today.

  • EJBCA - JAVA Enterprise Java Beans Certificate Authority: Looks like a very interesting project. Would integrate it with something like WebSphere or WebLogics to create the customer-located services
  • OpenSSL - includes a command-line CA capability for minting certificates. Probably the most widely deployed SSL implementation in the Linux / Open Source space

  • OpenCA - is a suite of wrapper scripts and web interfaces for the OpenSSL CA code, to fill out the CA offering to include an OCSP responder, integration with a directory, Apache web server, etc.

  • Cryptlib - from Peter Gutmann - that includes CA, OCSP, etc. client and responder functions as well as signers, etc. implemented with a security-monitor architecture to govern key usage and other policies associated with the crypto. It looks like it's something you could create a CA product from.

PKI Toolkits

In addition to OpenSSL and Cryptlib, here are some useful SDKs and frameworks for working with PKI stuff:

  • Intel's CDSA - their open source crypto middleware framework that's the basis of many of the Unix and standards bodies efforts to organize such things.
  • SNACC - ASN.1 compiler originally developed at the Univiersity of British Columbia, as updated by the folks at Getronics for the NIST Federal Bridge CA project
  • CML - the certificate management library, which is a cert chain verification sdk that knows how to interoperate with several tested products, and with the BridgeCA, from Getronics
  • ACL - the Access Control Library, used to implement MISSI SDN.801 "Access Control Concept and Mechanisms" for label-based data handling policies (ala Defense Messaging Services - DMS, and its S/Mime equivalent), from Getronics
  • SFL - S/Mime Free Library, which is what it says, an S/Mime library for implementing DMS, really, from Getronics

ASN.1 Tools

X.509v3 Extensions