|
This project will produce a Free Software Public Key Infrastructure as the foundation component for secure exchange of information in e-administration and e-business applications. The project will provide free access to a high quality, modular and totally open software and hardware solution to the market.
|
» Composition
|
The achievement will produce a functional server-side basis
for Public Key Infrastructure software.
It will be composed of :
- A Registration Authority (RA): component that allows
the verification of user identity.
- A Certification Authority (CA): component that allows
the certification of user public key and publish user certificate.
- A Directory: component that allows support for keys
distribution.
- A Key generator: Today we don't know yet how the
keys are generated by browsers and servers. There is a doubt
on the quality (the entropy) of the keypair. Making a independent
key generator will allow the user to transparently generate
keypairs, make certificate requests, and import signed certificates.
The tool will allow the export of the keypair and signed certificate
in a PKCS#12 format.
- A Certificate Management Protocol standard: define
the communication protocol between RA and CA ; it allows great
flexibility and interoperability between products which respect
the standard.
- An Abstraction layer: to enable the reusability of
cryptographic resources and libraries specific to legal bodies
of the different countries.
- A Logging module: to have a look on the global activity
of the PKI.
- An Administration module.
|
 |
» Different scenarios
|
One of the main advantages of the EuropePKI product is that it will be very modular and customizable. Indeed, it will provide strong basis to the implementation of two different scenarios:
- The banking scenario which combine ordinary and existing account creation procedures typically found in banks with the issuance of a smartcard containing certified key pairs.
- The online scenario where key generation is left to the user.
|
» Functionalities
|
The core functionalities of EuropePKI will provide generic interfaces
for complementary services built up to the Public Key Infrastructure,
composed of :
- Time stamping: Time stamping authorities need specific
parameters in certificates concerning extended key usage and
service access location. Furthermore, certification and key
generation of time stamp servers require different protocols
than the standard certificate request exchange.
- Attribute Certificate management: The certificates
with public key prove the identity of the person but do not
define what the person can do. The certificates of attributes
were designed to answer these problems.
- Notarisation: Notarisation services following the
Data Validation and Certification Server (DVCS) protocol require
special attributes for extended key usage and service locators
in certificates used by these services.
- Validation: OCSP and DVCS require special parameters
in certificates for extended key usage, service location and
other information.
All such services need special trust base management.
|
» Specifications
|
Those developments will:
- Be released under GPL-compatible software licenses, the (L) GPL: GNU (Lesser) General Public License and the Mozilla license,
- Be modular and distributable,
- Obey and follow the current international technical standards
- Integrate with and reuse the software and hardware provided
by partners,
- Be core cryptographic independent resources.
The demonstration will be led in two operational sites and
will propose to demonstrate the capabilities and interoperability
of the EuropePKI software.
The proposed strategy is as follows:
- Operational platform set-up: Demonstrators will host and
operate a PKI platform implementing the EuropePKI within a show-room
facility in order to make certification services available
to Administrations or large private companies for demonstration
purpose,
- On-line certificates distribution freely available,
- Interoperability demonstration with our partners.
|
