---- [[MicroCA/CZ|Ĩesky]] | '''english''' ---- A MicroCA is a very small certificate authority software, that operates on prepared X.509 requests (instead of PKCS#10 requests), and enforces DNS Name Constraints in a small and secure hardware environment. The MicroCA ensures unconstrained interoperability with existing software, since it verifies the constraints inseide the CA, and issues normal X.509 certificates. Needed: == Hardware == The current plan is to either use JavaCards compatible Tokens, and develop the MicroCA as a Javacard-Applet, or alternatively to use a HSM. Possibly qualifying hardware: *miniHSM: http://www.ncipher.com/products/hardware_security_modules/72/minihsm/ *Oberthur ID-One: http://www.oberthurcs.com/getpage.aspx?id=79 *IBM 4764 == Software == The software needs to fit on the chosen hardware platform (Javacard or other environment) and provide the following features: * ASN.1 parser for X.509v3 * X.509v3 validation * DNS Name Constraint validation * RSA Signature If you are interested in a MicroCA based Sub-CA, please contact us.