I spent some time in a company that had been running many Java “microservices” – a code word for Java Spring Boot servers. One of the problems was how to efficiently manage zillions of JKS/P12 files.Continue reading Java Spring Boot With PEM-based TLS on-the-fly
KeyChest started as a simple HTTPS monitoring service. It has had its own database of all web certificates for about a year. And it helped issue first real certificates this week.Continue reading KEYCHEST and HTTPS automation
The WINES Infrastructure project deployed wireless sensor networks to monitor large bridges (Humber bridge), tunnels (London Underground), and water systems. Our task in the project was to perform a detailed analysis of security issues in existing hardware and software platforms for wireless sensor networks.Continue reading Security of Sensor Networks (2008)
I moved some of the contents from an old website of mine. This is one of a small projects back from my time at the University of Cambridge, where we hacked a Chrysalis Luna CA3, which would now be part of SafeNet HSM portfolio.Continue reading Chrysalis Luna CA3
Mandating use of HTTPS / SSL certainly seems to have something in common with security certifications like FIPS140-2 or Common Criteria. Very few understand how it really helps, how complex it is but many already know how costly it can be.Continue reading Web Encryption – Punishment of SMBs by Tech Giants?
We have successfully delivered the first centralized smartcard signing solution about a year ago. From this week, Windows legacy applications can use smart cards in the cloudContinue reading Smartcard Systems Redesigned
KeyChest has started as an easy to use HTTPS monitoring service. What we are aiming for is a general purpose key management service, which can look after your public as well as internal web encryption keys.Continue reading KeyChest – Unifying Public and Private Keys
We have been building encryption service for a while. I grew up in the world of encryption and many things just came with experience, without being spelled out. Here’s another why I believe in “hardware encryption”.
A great news – our CloudFoxy is now supported by JSignPdf 1.6.4. You can now sign PDF with eIDAS compliant smart-cards (or OpenPGP dongles) – zero drivers or configuration on user computers.
We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.