česky | english
A MicroCA is a very small certificate authority software, that operates on prepared X.509 requests (instead of PKCS#10 requests), and enforces DNS Name Constraints in a small and secure hardware environment. The MicroCA ensures unconstrained interoperability with existing software, since it verifies the constraints inseide the CA, and issues normal X.509 certificates.
The current plan is to either use JavaCards compatible Tokens, and develop the MicroCA as a Javacard-Applet, or alternatively to use a HSM. Possibly qualifying hardware:
Oberthur ID-One: http://www.oberthurcs.com/getpage.aspx?id=79
- IBM 4764
The software needs to fit on the chosen hardware platform (Javacard or other environment) and provide the following features:
- ASN.1 parser for X.509v3
- X.509v3 validation
- DNS Name Constraint validation
- RSA Signature
If you are interested in a MicroCA based Sub-CA, please contact us.