StrongAuth, Inc. has announced the availability of a free and open-source software product - StrongKey - designed to help enterprises manage symmetric encryption keys as a centrally managed resource. This capability, a first for the open-source community, provides implementers with independence from application-specific, operating system-specific or database-specific encryption key-management solutions.
Driven by the requirements of a $1B retailer to comply with PCI-DSS, the software provides the following features:
Written in Java as a J2EE application, it runs on any platform that has a Java VM - Windows, UNIX, Linux, Solaris, OS/400 (IBM supplies the RPG modules that works with this software), etc.;
Includes a sample utility to perform file, directory and database column-level encryption;
Supports 3DES, AES-128, AES-192 and AES-256 bit symmetric keys;
Supports upto 4096-bit asymmetric RSA keys to secure the symmetric keys;
Supports the use of FIPS 140-2 certified hardware security modules for servers, and smartcards for client platforms;
Uses industry standards such as WSS, XMLSignature, XMLEncryption for insulation from proprietary schemes and protocols;
Encrypts and digitally signs and verifies every object in the key database for message integrity;
Digitally signed requests from clients, encrypted and digitally signed responses from servers to protect the symmetric keys;
Encrypted key-cache on clients to continue processing credit-cards and/or other transactions even when the network is unavailable;
Fully open-source and free - currently downloadable at www.strongkey.org