http://www.dstc.qut.edu.au/MSU/projects/pki/

Oscar currently supports:

Generation, signing and verification of X.509 v3 certificates for RSA, Diffie-Hellman and DSA keys. Also supports Cross certificates for shortening certification paths. Signatures using RSA with SHA-1, RIPEMD-160, MD5 and MD2 and DSA with SHA-1. Also supports the HMAC algorithm, as well as the DES and SKIPJACK symmetric algorithms. Support for PKCS#7 Signatures, Netscape signed key challenges, and PKCS#10 Certificate Requests (new). PKIX compliant certification path processing many standard X.509 certificate and CRL extensions. Netscape certificate type extension for use with java code signing in Netscape, S/MIME email or as an SSL client certificate. Publishing and retrieving Certificates and CRLs in an LDAP directory. Storage of private keys in PKCS#8 format encrypted with DES keys using PKCS#5 password based encryption. In addition to a C++ library for development using the PKI, a number of utility programs are provided to publish and retrieve certificates from an LDAP directory; generate certificates, crls and key pairs; and sign and verify documents.