StrongAuth, Inc. has announced the availability of a free and open-source software product - StrongKey - designed to help enterprises manage symmetric encryption keys as a centrally managed resource. This capability, a first for the open-source community, provides implementers with independence from application-specific, operating system-specific or database-specific encryption key-management solutions.

Driven by the requirements of a $1B retailer to comply with PCI-DSS, the software provides the following features:

  • Written in Java as a J2EE application, it runs on any platform that has a Java VM - Windows, UNIX, Linux, Solaris, OS/400 (IBM supplies the RPG modules that works with this software), etc.;
  • Includes a sample utility to perform file, directory and database column-level encryption;
  • Supports 3DES, AES-128, AES-192 and AES-256 bit symmetric keys;
  • Supports upto 4096-bit asymmetric RSA keys to secure the symmetric keys;
  • Supports the use of FIPS 140-2 certified hardware security modules for servers, and smartcards for client platforms;
  • Uses industry standards such as WSS, XMLSignature, XMLEncryption for insulation from proprietary schemes and protocols;
  • Encrypts and digitally signs and verifies every object in the key database for message integrity;
  • Digitally signed requests from clients, encrypted and digitally signed responses from servers to protect the symmetric keys;
  • Encrypted key-cache on clients to continue processing credit-cards and/or other transactions even when the network is unavailable;
  • Fully open-source and free - currently downloadable at www.strongkey.org