XiPKI 开源 PKI 实现

程序名称:XiPKI

授权协议: Apache

操作系统: 跨平台

开发语言: Java

XiPKI 介绍

XiPKI (e X tensible s I mple P ublic K ey I nfrastructure)
是一个高度可伸缩和高性能的开源 PKI 实现(CA and OCSP responder).

要求:

  • OS: Linux, Windows, MacOS
  • JRE / JDK 8 (build 162+), 9, 10, 11, 12, 13
  • Database: DB2, MariaDB, MySQL, Oracle, PostgreSQL, H2, HSQLDB

特性:

  • CA (Certification Authority)

    • X.509 Certificate v3 (RFC 5280)
    • X.509 CRL v2 (RFC 5280)
    • EdDSA Certificates (RFC 8410, RFC 8032)
    • Diffie-Hellman Proof-of-Possession Algorithms (RFC 6955)
    • SCEP (draft-gutmann-scep-00, draft-nourse-scep-23)
    • EN 319 411 (eIDAS)
    • EN 319 412 (eIDAS)
    • Supported databases: DB2, MariaDB, MySQL, Oracle, PostgreSQL, H2, HSQLDB
    • Direct and indirect CRL
    • FullCRL and DeltaCRL
    • Customized extension to embed certificates in CRL
    • CMP (RFC 4210 and RFC 4211)
    • API to specify customized certificate profiles
    • Support of JSON-based certificate profile
    • API to specify customized publisher, e.g. for LDAP and OCSP responder
    • Support of publisher for OCSP responder
    • Public key types of certificates
    • RSA
    • EC
    • DSA
    • Ed25519, Ed448
    • X25519, X448
    • SM2
    • Signature algorithms of certificates
    • Ed25519, Ed448
    • SM3withSM2
    • SHA3-*withRSA: where * is 224, 256, 384 and 512
    • SHA3-*withRSAandMGF1: where * is 224, 256, 384 and 512
    • SHA3-*withECDSA: where * is 224, 256, 384 and 512
    • SHA3-*withDSA: where * is 224, 256, 384 and 512
    • SHA*withRSA: where * is 1, 224, 256, 384 and 512
    • SHA*withRSAandMGF1: where * is 1, 224, 256, 384 and 512
    • SHA*withECDSA: where * is 1, 224, 256, 384 and 512
    • SHA*withPlainECDSA: where * is 1, 224, 256, 384 and 512
    • SHA*withDSA: where * is 1, 224, 256, 384 and 512

    • Native support of X.509 extensions (other extensions can be supported by configuring it as blob)

    • AdditionalInformation (German national standard CommonPKI)

    • Admission (German national standard CommonPKI)
    • AuthorityInformationAccess (RFC 5280)
    • AuthorityKeyIdentifier (RFC 5280)
    • BasicConstraints (RFC 5280)
    • BiometricInfo (RFC 3739)
    • CertificatePolicies (RFC 5280)
    • CRLDistributionPoints (RFC 5280)
    • CT Precertificate SCTs (RFC 6962)
    • ExtendedKeyUsage (RFC 5280)
    • FreshestCRL (RFC 5280)
    • InhibitAnyPolicy (RFC 5280)
    • IssuerAltName (RFC 5280)
    • KeyUsage (RFC 5280)
    • NameConstraints (RFC 5280)
    • OcspNoCheck (RFC 6960)
    • PolicyConstrains (RFC 5280)
    • PolicyMappings (RFC 5280)
    • PrivateKeyUsagePeriod (RFC 5280)
    • QCStatements (RFC 3739, eIDAS standard EN 319 412)
    • Restriction (German national standard CommonPKI)
    • SMIMECapabilities (RFC 4262)
    • SubjectAltName (RFC 5280)
    • SubjectDirectoryAttributes (RFC 3739)
    • SubjectInfoAccess (RFC 5280)
    • SubjectKeyIdentifier (RFC 5280)
    • TLSFeature (RFC 7633)
    • ValidityModel (German national standard CommonPKI)
    • GM/T 0015 IdentityCode (个人身份标识码, Chinese Standard GM/T 0015-2012)
    • GM/T 0015 InsuranceNumber (个人社会保险号, Chinese Standard GM/T 0015-2012)
    • GM/T 0015 ICRegistrationNumber (企业工商注册号, Chinese Standard GM/T 0015-2012)
    • GM/T 0015 OrganizationCode (企业组织机构代码, Chinese Standard GM/T 0015-2012)
    • GM/T 0015 TaxationNumber (企业税号, Chinese Standard GM/T 0015-2012)
    • Management of multiple CAs in one software instance

  • Support of database cluster

  • Multiple software instances (all can be in active mode) for the same CA

  • Native support of management of CA via embedded OSGi commands

  • API to specify CA management, e.g. GUI

  • Database tool (export and import CA database) simplifies the switch of databases, upgrade of XiPKi and switch from other CA system to XiPKI CA

  • Client to enroll, revoke, unrevoke and remove certificates, to generate and download CRLs

  • All configuration of CA except those of databases is saved in database

  • OCSP Responder

    • OCSP Responder (RFC 2560 and RFC 6960)
    • Support of Common PKI 2.0
    • Management of multiple certificate status sources
    • Support of certificate status source based on the database of XiPKI CA
    • Support of certificate status source based on the OCSP database published by XiPKI CA
    • Support of certificate status source CRL and DeltaCRL
    • Support of certificate status source published by EJBCA
    • API to support proprietary certificate sources
    • Support of both unsigned and signed OCSP requests
    • Multiple software instances (all can be in active mode) for the same OCSP signer and certificate status sources.
    • Supported databases: DB2, MariaDB, MySQL, Oracle, PostgreSQL, H2, HSQLDB
    • Database tool (export and import OCSP database) simplifies the switch of databases, upgrade of XiPKi and switch from other OCSP system to XiPKI OCSP.
    • Client to send OCSP request

    • SCEP

    • Supported SCEP versions

    • draft-gutmann-scep-00
    • draft-nourse-scep-23

    • Toolkit (for both PKCS#12 and PKCS#11 tokens)

    • Generating keypairs of RSA, EC and DSA in token

    • Deleting keypairs and certificates from token
    • Updating certificates in token
    • Generating CSR (PKCS#10 request)
    • Exporting certificate from token

    • For both CA and OCSP Responder

    • Support of PKCS#12 and JKS keystore

    • Support of PKCS#11 devices, e.g. HSM
    • API to use customized key types, e.g. smartcard
    • High performance
    • Support of health check
    • Audit with syslog and slf4j

    • For CA, OCSP Responder and Toolkit

    • API to resolve password

    • Support of PBE (password based encryption) password resolver
    • All passwords can be encrypted by the master password
    • Support of OBF (as in jetty) password resolver

XiPKI 官网

https://github.com/xipki/xipki

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

安全相关框架

相关推荐

BlazeDS
BlazeDS 是一个基于服务器的Java 远程控制(remoting)和Web消息传递(messaging)技术, 它能够使得后端的Java应用程序和运行在浏览器上的Adobe
OVal
OVal 是一个可扩展的Java对象数据验证框架,验证的规则可以通过配置文件、Annotation、POJOs 进行设定。可以使用纯 Java
Volta
Volta 是一套开发工具,专为开发分布式、实时系统应用。它包括级联,控制流分析工具,
OpenDDS
OpenDDS 是一个开源的 C++ 实现的 对象管理组织 OMG 的 数据分布式服务 (DDS) 。OpenDDS利用自适应通信环境(ACE)提供一个跨平台的环境。
JADE
JADE (Java Agent DEvelopment Framework) 是一个完全用Java语言实现的软件框架。它通过一个兼容 FIPA
FastMM
FastMM ,在D2006和2007中已代替了原来的内存管理器。
WebRTC
WebRTC 是一项在浏览器内部进行实时视频和音频通信的技术,是谷歌于2010年以6820万美元收购VoIP软件开发商 Global IT
gwtwiki
gwtwiki - The Java Wikipedia API (Bliki engine),是一个 Wikipedia/Mediawiki 语法解析器,可以把 wiki 的文本转换成 HTML。它支持 wiki 标签,例如 bold, italic, headers, nowiki,
Esper
Esper 是一个复杂事件处理组件(CEP - Complex Event Processing),它有 Java 版本和 .NET 版本(NEsper)。
luaTinker
LuaTinker 的作者是Kwon-il Lee韩国人写的,最新的版本是0.2.C,这个C++ wrapper For Lua能够方便和
gitignore
各种语言环境下gitignore文件的一个集合。
ContentExtractor
简介 ContentExtractor 是一个开源的网页正文抽取工具,用JAVA实现,具有非常高的抽取精度。
SwiftRandom
SwiftRandom 是一组函数集合,可以从不同的分布生成伪随机变量。 使用示例: //Single pseudorandom normal variable
java-linq-examples
java-linq-examples 是 101 个 LINQ 示例的 Java 移植版本。Android 兼容 Java 1.7. 此外还有以下语言移植版本:
mal
mal,Make a Lisp,顾名思义,用图灵完备的编程语言写 Lisp 交互器,目前已经有35种不同语言的实现:
Administrative Divisions
一个 Go 语言实现的中国行政区划查询工具。 介绍 最新中国行政区划,数据来源:http://www.stats.gov.cn/tjsj/tjbz/xzqhdm/201608/t20160809_1386477.html
Teaf Teaf 简介
Teaf 简介 Tencent Easy ACE Framework,基于 ACE 的高性能轻量级服务框架,单进程多线程模型,支持 select/epoll 等多种网络
Guzzle-Swoole
介绍 让 Guzzle 支持 Swoole 协程,这个项目目的就是这么简单明了! Guzzle-Swoole 是 Guzzle 的处理器(Handler),并没有对 Guzzle 本身代码进行修改,理论上可以兼容后续版本。
goproxy-shell 使用方法
goproxy-shell goproxy服务端部署脚本 使用方法 wget --no-check-certificate https://github.com/sjz123321/goproxy-
pyMd2Doc
1. pyMd2Doc介紹(pip版本) 利用python将markdown转换成带可收缩、可跳转到文本内容的目录文档。
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot