|
|
OpenSolaris Project: Key Management FrameworkView the leaders for this projectProject Observers Endorsing communitiesOS/Net (ON)Security Status
Key Management FrameworkThe goal of the project is to provide a unified set of interfaces (both programming APIs and administrative tools) for managing PKI objects in Solaris. Currently, there are at several different "keystore systems" that developers and administrators must choose when designing systems that employ PKI technologies - NSS, OpenSSL, and PKCS#11 are the 3 main choices for Solaris users. Each of these systems presents very different programming APIs and administrative tools and none of them has any sort of concept of a PKI policy enforcement system. DetailsKMF provides a generic interfaces that can be used to manipulate objects (keys, certificates) in all of the above mentioned keystores. The programming API layer is generic and allows the developer to specify which type of keystore is to be used. KMF will also provide plugin modules for each of the 3 systems so that new applications can be written to use any of the above keystores. A new management utility that will allow the administrator to manage PKI objects in all 3 keystores from a single utility, instead of learning 3 different utilities (openssl, certutil, pkutil). Another unique feature of KMF is that it will provide a system-wide policy database that KMF applications can use to apply to applications, regardless of which type of keystore is being used. The administrator will be able to create policy definitions in a global database. KMF applications can then choose which policy they want to assert and then all subsequent KMF operations will behave according to the limitations of the policy being enforced. Policy definitions include rules for how validations is to be performed, key usage and extended key usage requirements, trust anchor definitions, OCSP parameters, and CRL DB parameters (location, etc). Feature Summary
More Information
Announcements
|
| 27 Nov 2006 | Key Management Framework putback |
| 13 Mar 2006 | Design Document Posted |
Blogs
darren - OpenSolaris "disk" encryption in snv_105
Dec 17, 5:09 PM
lofi(7D) encryption The encryption part of the OpenSolaris lofi compression & encryption project integrated into snv_105. I initially started this as a proof of concept several years ago but it never ...
darren - ZFS Crypto update
Nov 1, 7:39 AM
It is been a little while since I gave an update on the status of the ZFS Crypto project. A lot has happened recently and I've been really "heads down" writing code. We had believed we were ...
darren - Lets have a game of "Spot The Difference" (Serious Firefox 3 Security UI Issue)
Sep 8, 10:45 AM
Remember back to when you were much younger and you had puzzle books for travel journeys, or maybe just because you liked puzzles, one of the puzzles you probably played was "spot the difference", ...
darren - ZFS Crypto Codereview starts today
Sep 5, 9:49 AM
Prelim codereview for the OpenSolaris ZFS Crypto project starts today (Friday 5th September 2008 at 1200 US/Pacific) and is scheduled to end on Friday 3rd October 2008 at 2359 US/Pacific. Comments ...
darren - Using the Mercurial Forest extension for OpenSolaris onnv-gate
Sep 5, 5:18 AM
Some background This is really only relevant to those people doing development on the OpenSolaris onnv-gate that are inside Sun, but it since there is nothing private about it I'm posting it publicly ...