Cryptomathic Certification Authority
Professional Trust Management
In the physical world identity cards and handwritten signa-
tures are the means with which we build trust and seal
agreements. In the electronic world these means are
replaced by certificates and digital signatures.
The Cryptomathic CA professionally manages all the
Certification Authority’s tasks – this includes issuing:
• Certificates for secure e-mail (S/MIME)
• Certificates for digital signatures in Web browsers
• Certificates for authentication and VPN logon
• SSL/TLS server and client certificates
• Certificates for Windows 2000 smart card logon
• Trusted Computing Platform Alliance certificates
Benefits The main component of Cryptomathic CA is the CA server
Cryptomathic CA offers all the features expected from that is managed through the (possibly remote) administra-
professional trust management software, including: tion client. The Local Registration Authority (LRA) applica-
tion1 allows local identification and registration of end
Multiple CAs – Running several logical Certification users, whereas the Web Front End provides instant inte-
Authorities concurrently, the CA server easily accommo- gration with Microsoft Explorer for certificate issuing and
dates the CA hierarchies of Trust Service Providers and installation. In addition, two APIs are provided for facilita-
large enterprises. ting custom applications to interface directly with the CA
server. The LRA API enables registration of end users and
Scale-out Clustering – Assures high availability and per- management of these registrations, and the PKIX API
formance and allows servers to be added or removed offers functionality for on-line certificate issuing, updating
from a running system. and revocation. Moreover, the PKIX API supplies a com-
bined registration and certification protocol for bulk certifi-
Hardware Security Modules – Support for a number of cation. Off-line certificate issuing (e.g. for CA certificates) is
FIPS-certified hardware security modules. facilitated through the administration client.
Available from version 3.4
LRA Application1 CCA Adm.Client
TCP/IP CCA Server
Web Server Third Party Application
Web Front End CCA APIs DB
Certificate Format • RSA 1024-4096 bit CA keys, limit set by Operating Environment
• X509v3 hardware security module2 • CA server runs as Windows NT/2000
Certificate Requests Client Side Integration service
• PKCS #10, certificate returned in • Web pages for certificate issuing and • Administration client – Windows
PKCS #7 structure pick up, support for any CSP NT/2000 applications
• SPKAC, certificate returned in PKCS #7 • ActiveX component for LRA administration Supported Hardware Security Modules
structure • API for certificate management, avail- • nCipher nShield F2 and F3
• CRMF, request/response according to able in ANSI C and as Windows DLL • IBM 4758
PKIX-CMP Server Side Integration • Chrysalis-ITS Luna SA and Luna CA3
• Central bulk issuing • ANSI C API for CA administration, also • Any PKCS #11 compliant hardware
• Off-line: X.509v3 and PKCS #10, certifi- available as Windows DLL Supported Databases
cate returned in PKCS #7 or plain • API for LRA administration, available in • Oracle 8 and 9
X.509v3 ANSI C and as Windows DLL • Microsoft SQL Server 7 and 2000
Certificate Revocation and Renewal Key Management Supported Directories
• CMP, according to PKIX • All CA keys are hardware protected • SUN™ ONE Directory Server (formerly
Certificate Status Retrieval • All auxiliary keys are hardware protected iPlanet Directory Server)
• Instant certificates Operational Features • Novell eDirectory
• CRLs according to X.509v2 • All events are MAC protected and • MS Active Directory
Cryptographic Specification securely logged in the database • Any LDAP compliant directory
• Certification of RSA keys of 512 bits or • Scale-out clustering for high availability 2
In version 3.3 at most 2048 bit.
longer and performance 3
Available from version 3.4
Cryptomathic’s Trust Products Interoperable – The trust products comply with business
Cryptomathic’s family of trust products includes all the standards and are tested for interoperability. This ensures
applications needed to set up and maintain a trust com- that the applications fit into existing infrastructures.
munity, also known as a Public Key Infrastructure (PKI). Scalable and stable – Designed with scalability and stabili-
Cryptomathic’s trust products range from the central ty in mind, the trust products fit both current and future
Certification Authority (CA), with supporting applications requirements.
for registration of users and distribution of certificates, to Proven – Large enterprises and banks as well as financial
components for time stamping and remote signature and government institutions rely on Cryptomathic’s trust
generation, which may be added as required. products to protect their business.
Flexible – The trust products are designed for easy inte-
With Cryptomathic’s trust products you can include the gration with existing business systems. In addition, our e-
benefits of digital signatures and reliable authentication in Security tools allow you to enable new and legacy appli-
a business application for internal or external use, offer cations to handle digital signatures.
trust services as a service provider, or even set up a pub- Secure – Built by world-class security experts,
lic Certification or Time Stamping Authority. The simple, Cryptomathic’s trust products offer premium security.
yet flexible, license forms and pricing models make Hardware Crypto Enabled – For physical security and even
Cryptomathic’s trust products an attractive choice for better performance all the trust products support hardwa-
solutions of any scope or size. re security modules.
About Cryptomathic Cryptomathic’s world-class experts offer e-Security
consultancy at strategic level, for solution architecture,
With more than 15 years of experience, Cryptomathic is and integration.
one of the world’s leading providers of e-Security. We can We offer a complete modular education program, where
assist you in securing your business by providing best-of- you can learn what you need to know about e-Security –
breed e-Security software products and services as well as both on a general and product specific level.
consultancy and education.
We serve our customers through our head office in
Our range of software products covers e-Security tools for Denmark and our European subsidiaries. For more infor-
professional application development, trust products as mation, please fill in the interest card on our web site:
well as data preparation for smart cards. www.cryptomathic.com