2015-04-06

CERTivity KeyStores Manager is a powerful pure Java multi-platform visual KeyStores manager. This standalone GUI desktop application provides a natural experience for managing and using KeyStores, Certificates, Key Pairs (Private Key, Certificates Chain), Secret Keys in various formats.

Constantly extra features are added besides covering and combining functions that otherwise are dispersed under verbose command line and operating system tools or browsers. CERTivity is not intended to be a 1:1 replacement of these tools – the features being combined and centralized in an intuitive and productive organization.

Click here for download this





Thus developers and system administrator can gain valuable time and ensure the greatest productivity by letting CERTivity taking care of the low level details in a uniform manner on almost all the systems – Windows, Unix/Linux, Mac.

See below what makes CERTivity stands out of the competition by constantly adding new features.

CERTivity outstanding functionality:

JRE CA KeyStores detection and easy management

It can discover and open the machine’s JRE CA TrustStore(s) searching for the TrustStores in locations covering most of the known JVM locations on different operating systems such as Windows, Mac or Unix;

JCE Unlimited Strength Jurisdiction Policy Files installation

The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are sensitive to country import restrictions and CERTivity is not allowed to bundle them. To compensate this, for the entitled users, CERTivity features an intuitive installation from the Oracle JDK website via the JavaFX browser.

Support for Elliptic Curve algorithms

As Elliptic Curves offers the same cryptographic power at smaller key sizes they slowly get more attention for this efficiency. CERTivity helps one exploring this domain by offering EC(DSA)/ECGOST3410 capabilities with tens of parameter specifications.

Marking RSA Keys which are less than the minimum size alowed

CERTivity marks the existing Certificates and Key Pairs which have RSA keys less than the allowed minimum size and allows the user to set a custom minimum key size limit; this custom limit is also taken into consideration when generating a new Key Pair, a warning being displayed if a lower key size is given by the user;

Display validity status for Key Pairs and Certificates in the KeyStore view

It displays information about the validity status of Key Pairs and Certificates emphasizing the ones which are expired, or about to expire. The “About to expire” period is configurable and it means that the Certificate or Key Pair will expire in the given number of days from the current date;

Display trust status for Certificates in the KeyStore view

It displays easy to see information in a dedicated column about the trust status of a certificate entry from the KeyStore, depending on the possibility to establish a trust path for that certificate using the available TrustStores; the possible displayed values are “Trusted”, “Not Trusted” or “N/A” if no TrustStores have been set yet;

Generating new Key Pairs from old Key Pair content

The user has the possibility to generate a new Key Pair having the Key Pair generation dialog fields filled up with the keys and certificate information (keys algorithm, keys size, certificate version, signature, distinguished name, etc.) from an existing Key Pair; These values are editable and the user can modify them to fit his needs;

Windows KeyStores Management

CERTivity offers the possibility to open, view and work with Microsoft Windows KeyStores in a similar easy way as it does with the other supported KeyStore types. It can open both the Root KeyStore and the User KeyStore on Microsoft Windows systems;

Simple management of certificate extensions

It facilitates adding of extensions to certificates when generating Key Pairs and CA Reply Certificates using an easy to use tree-like structure for adding and representing the extensions, plus real-time validation of the extensions structure and user input at creation time;

Configurable KeyStore persistence on successive runs of the application

The user can configure the application to remember the KeyStores which were not closed before exiting the application together with their passwords so that they can be reopened automatically on the next run, or to remember only the KeyStores without passwords so that the user to be prompted to enter the passwords for them on the next run;

Import SSL Certificates

It can import SSL certificates from servers using an easy to use certificate retriever dialog with automatic parsing of host and port for given URLs; the parsed host and port are put into separate fields which can be further edited by the user if desired; it can import the retrieved certificates directly into the active KeyStore;

Get revocation status

It facilitates obtaining revocation status for a given certificate using either the information from the certificate extensions, using a Certificate Revocation List (CRL) file which the user can provide, or using a Certificate Revocation List URL which may hold revocation information about the given certificate;

Test SSL protocols

It can use SSL certificates against a text protocol over SSL to send requests and receive responses (e.g. a web service, SMTP, direct XML over TCP/IP) – both server side and client side certificates/Key Pairs can be configured;

Extend validity period of expired self-signed Key Pairs

Using CERTivity, the validity period for self-signed certificates can be extend easily; the user only needs to specify the new expiration date instead of creating a new Key Pair from scratch, making the operation of obtaining a new valid certificate trivial;

File signing made easy

It can sign JAR, APK, PDF and XML files easily and directly using a Key Pair from one of the currently opened keystores, having many signature and digests algorithms available;

PDF Signing

Supports all the SubFilter values (according to the PDF reference, version 1.7) when signing and verifying PDF documents: “adbe.x509.rsa_sha1″, “adbe.pkcs7.detached”, “adbe.pkcs7.sha1″;

Import Certificates to KeyStores directly from the signature verification results dialog

The user can easily import the certificates found in the signature of a JAR, APK, PDF or XML file into the active KeyStore (the active top component), directly from the verification results panels of the verify JAR, PDF and XML actions by simply selecting one of the signature certificate and pressing the “Import To KeyStore” button;

TrustStores Management

Allows easy adding and removing of the TrustStores needed for establishing trust and offers useful options for trust path validation (like certificate path maximum length, custom validation date, revocation checking, etc.); the available TrustStores can be set by the user who can choose either from the known ones (the JRE CA TrustStores or Windows TrustStores), or custom TrustStores;

Certificate signing made easier

It decreases the number of steps needed when signing a certificate; it offers the possibility to sign a certificate using a previously set CA Issuer, by combining the required operations needed in the process of signing a certificate (generating a Certificate Signing Request (CSR) for the certificate which needs to be signed, signing the CSR by the CA Issuer, importing the CA Reply), making certificate signing faster and easier.

CERTivity® main features and advantages are briefly presented below and in more detail in its manual available for download.

GUI RepresentationThe first purpose of CERTivity targets the representation of the security related items in a Tabbed Document Interface allowing for visualizing in parallel the following types of models: KeyStores, individual Certificates and Test Certificate Scenarios. The GUI representation is taking advantage of the natural approach of using an IDE style interface.

KeyStore’s entries are represented using a Tree Table structure, each entry and subentry being visualized in a Details Panel resembling the view of an e-mail client. As well, KeyStore’s entries take advantage of contextual menus or natural editing actions such as but not limited to delete, rename, expand, undo/redo. Many of these actions can also be used through Keyboard shortcuts. Navigation between KeyStore entries is enhanced by positioning based on the first character (case sensitive) of a KeyStore alias or by sorting the table columns.

Many of the application’s components expose Context Sensitive Help, the Table of Contents tree being synchronized with the current context. Status Bar is displaying useful information including if the KeyStore is case sensitive, or case aware. Quick Search feature at application, KeyStore and Options level allows for rapid localization of information and actions.

As the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are sensitive to country import restrictions CERTivity is not allowed to bundle them, however for the entitled users CERTivity features a straight forward installation from the Oracle JDK website via an integrated JavaFX browser.

All the Java command line keytool actions and more other actions are available as described below through this rich and productive GUI.

KeyStore ManagementThe application is able to work with a wide range of KeyStores types – JKS, JCEKS, PKCS #12, BKS, BKS-V1, UBER and Windows native ones. These cover the KeyStores required by the Android/Java tools for signing the Android applications (APK) for release and test validating the APK signature. CERTivity can as well help on managing X.509 DER certificates (.crt,.cer) and PKCS# 12 (.pfx) or BKS KeyStores to be used on the Android devices for applications requiring security levels such as SSL and VPN.

The following KeyStore operations, which cover (but are not limited to) the handling of Java SSL KeyStores and TrustStores, are supported:

Create (generate) a new KeyStore;

Open an existent KeyStore;

Opening the CA TrustStore(s) of the JRE(s) discovered on the current system;

Save a KeyStore;

Copy and paste entries from one KeyStore to another;

Copy to clipboard Certificates from Key Pair’s Certificates Chain;

Change a KeyStore’s password;

Change a Key Pair’s password;

Password manager to avoid entering Key passwords each time;

Emphasizing expired and about to expire Certificates or Key Pairs;

Emphasizing Certificates and Key Pairs for which the key size is smaller than a value set by the user;

Display trust status for Certificates in the KeyStore view;

Convert to other KeyStore format;

Delete KeyStore entry;

Change KeyStore entry alias;

Import Key Pairs from Key Pair files or from separate Private Key and one or more certificate files;

Import trusted Certificates;

Trust verification when importing certificates (with user confirmation when trust is not established);

Add Certificate Extensions;

Save Certificate Extensions as XML;

Generate self signed Key Pairs (Private Key with corresponding Certificate) using RSA/DSA/EC/ECGOST3410;

80 parameters specifications for Elliptic Curve – EC (DSA), 5 parameters specifications for ECGOST3410;

Generate new Key Pairs using the information from other already existing Key Pairs;

Set a custom minimum key size limit for new RSA Key Pair generation;

Select the country code from a list of available countries resulting a valid ISO country code when generating a Key Pair;

Generate Secret Keys;

Retrieve certificates from servers (e-mail server, web server etc.) – This is based on the underlying SSL/TLS protocols;

Set SSL Connection Type (to be used when retrieving certificates);

View RSA/DSA/EC/ECGOST3410 Private Key, Public Key, Certificate Chain details;

Configurable KeyStore persistence on successive runs of the application.

Certificates Operations

Import Certificates/Certificates Chains into KeyStore either from files or from SSL connections;

Open an existing Certificate as standalone (not part of a KeyStore);

Display Certificate Details (having 11 Certificate Fingerprints types available);

Display certificate trust status;

Display multiple certificates including certificates chains;

Obtain the revocation status from the signing CA through CRL;

Use / test a certificate against a SSL connection (including plain upgradeable sockets) to an end-point and permitting raw TCP/IP level communication (similar to telnet/nc raw inspections); verbose handshaking information is also available;

View Public Key details for the opened certificate;

View PEM, ASN.1 representations;

View Certificate Extensions;

View ASN.1 representation for a Certificate Extension;

Extend validity for a Key Pair entry.

Sign and VerifyCERTivity aims to bridge the gap between keys management and digital signature functionality as well as offering a suitable introspection for developers interested in various investigations. CERTivity signs and verifies PDF, JAR and XML files with verbose details. CSR can be signed as well.

Existent signature applications lack the in-depth key management and viceversa, existent key management applications lacks the signing and verification process or the verbose details. CERTivity interconnects these functionalities;

The embedded signature certificate can be directly imported into the active KeyStore;

Signing is a contextual action while you browse the KeyStores so you will take advantage of all the existent key management features described above;

PDF digital signature and verification:

Many existent PDF signature applications cover just the signature process, leaving the verification process to PDF readers or editors. CERTivity is offering a PDF signature verification process too, which can show you details that are not otherwise accessible, especially when you deal with the PDF specification;

Each signature details can be inspected;

All PDF standard SubFilter values are supported: adbe.pkcs7.sha1, adbe.pkcs7.detached and adbe.x509.rsa_sha1 as opposed to the general practice of supporting just adbe.pkcs7.detached;

The name of the PDF signature handler (Filter) is Adobe.PPKLite;

Multiple PDF signatures can be applied incrementally;

XML digital signature and verification:

All XML signature types are supported: enveloped, enveloping and detached;

The XML signature is based on Java Specification Request JSR-105 which standardizes the XML Digital Signature APIs;

JAR digital signature and verification:

GUI alternative of the Java command line jarsigner tool, both for signing and verifying;

Sign and verify the Android Application Package (APK) signature.

Import/Export Options

Retrieve and Export Certificates from multiple sources into multiple formats;

Export Key Pairs, Certificates Chains, Private Keys, Public Keys;

Some of the formats supported besides the KeyStores themselves are:

X.509 Certificate Files;

X.509 Certificate Files (PEM encrypted);

PKCS #7 Certificate Files;

PKCS #7 Certificate Files (PEM encrypted);

PKI Path Certificate Files;

PKCS #12 Key Pairs;

PKCS #8 Key Pairs;

OpenSSL Public Key;

OpenSSL Public Key (PEM encrypted);

PKCS #8 Private Key Files;

PKCS #8 Private Key Files (PEM encoded);

OpenSSL Private Key Files (PEM encoded);

PKCS #10 for CSR;

SPKAC for CSR;

ASN and PEM for visualizing most of the items.

TrustStores Management

Set / Remove TrustStores at runtime without restarting the application;

Configure Trust Path validation options at runtime without restarting the application.

Certificate Authority functions

Certificate Signing made easier using “Select as CA Issuer” and “Sign Certificate by <aliasForIssuer>” actions;

Generate Certificate Signing Request (CSR) files;

Sign Certificate Signing Request (CSR) files;

Import CA Reply;

Trust verification when Importing CA Reply (with user confirmation when trust is not established);

Check PKI file type;

Open Certificate Revocation Lists (CRL) from files or URLs;

Open Certificate Signing Request (CSR) files;

Certificate chain management: append and remove signer certificate (with Copy / Paste / Delete / Undo / Redo functionality included);

By generating CSR files, signing CSR and importing CA reply the application can act as a testing purposes CA.

Multi-platformBeing a Java application it runs anywhere an Oracle (Sun) JRE can run. Depending on the platforms, CERTivity comes bundled with JRE or standalone. Please check the download page for the suitable setup package.

Most of the operations are executed on separate threads, so that, for example, while generating a key or signing a PDF file one can perform other tasks as well.

The availability of some of these features in your installed product are controlled by the category of your license – either CERTivity Standard or CERTivity Professional (check the Features Matrix).

If you want to get the best understanding out of our product, you can download a fully functional copy of the product and try a Free 30 Day Trial License.

Screenshots



Price: 75.00 USD

The post CERTivity KeyStores Manager appeared first on Software Sales.

Show more