Ĩesky | english
A MicroCA is a very small certificate authority software, that operates on prepared X.509 requests (instead of PKCS#10 requests), and enforces DNS Name Constraints in a small and secure hardware environment. The MicroCA ensures unconstrained interoperability with existing software, since it verifies the constraints inseide the CA, and issues normal X.509 certificates.
Needed:
Hardware
The current plan is to either use JavaCards compatible Tokens, and develop the MicroCA as a Javacard-Applet, or alternatively to use a HSM. Possibly qualifying hardware:
miniHSM: http://www.ncipher.com/products/hardware_security_modules/72/minihsm/
Oberthur ID-One: http://www.oberthurcs.com/getpage.aspx?id=79
- IBM 4764
Software
The software needs to fit on the chosen hardware platform (Javacard or other environment) and provide the following features:
- ASN.1 parser for X.509v3
- X.509v3 validation
- DNS Name Constraint validation
- RSA Signature
If you are interested in a MicroCA based Sub-CA, please contact us.