The OpenCA Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA is based on many Open-Source Projects. Among the supported software is OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
XCA is an interface for managing RSA and DSA keys, certificates, certificate signing requests, revocation lists and templates. It uses the OpenSSL and Qt4 libraries. Certificates and requests can be created and signed and many x509v3 extensions can be added. XCA supports multiple root and intermediate Certificate authorities. The CAs can be used to create CRLs and extend certificates. The following file-formats are supported: PEM, DER, PKCS#7, PKCS#8, PKCS#10, PKCS#12, and SPKAC.
The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI-enabled application development. The library provides the developer with all the needed functionality to manage certificates, from generation to validation. It helps developers integrate X509 digital certificates into their applications, and implement complex cryptographic operations with a few simple function calls using a high-level cryptographic API. The library constitutes the core of other OpenCA Labs Projects like the PRQP Server, the OCSP Responder, and the OpenCA-NG PKI.
RealMe is a software suite that uses an image-based public key infrastructure (PKI) that embeds cryptographic information in a digital image and then exchanges pieces of that image between a user and a Web application to accomplish a strong, bi-directional multi-factor authentication. This technology combines steganography with applied cryptography, and results in a secure yet low-cost solution for Web sites that exchange confidential information with their users.
nsLight PKI is a CGI script that uses OpenSSL to provide Public Key Infrastructure operations. Its features include key ceremony workflow for initialization, requesting of certificates in centralized mode (PKCS#12 generation), certificate view and revocation,CRL generation (at revocation time and once a day by cron job), certificate expiration notifications, and UTF-8 support. It has built-in support for RSA/SHA-1/3DES and GOST R 34.10-2001, GOST 28147-89, and GOST R 34.11-94, the cryptographic provider being OpenSSL 1.0. The script is used both as Web-based interface and cron task.
SignPDF is a simple command line application to sign a PDF document. It can sign a PDF document with a valid certificate, encrypt/protect a PDF document, and timestamp a PDF document (optional feature). A JKS keystore with a cert signed by your desired CA is mandatory for use. The tsa_url of a timestamp server can be used to timestamp your documents. The signed PDF file is signed and protected with allowed restrictions to printing, content copying, and content copying for accessibility. By default, SignPDF creates a configuration file at ~/.signpdf, which can be edited for further use.