Oscar is a project aimed at designing and
constructing a public key certification system from
the ground up. Oscar LDAP tools to publish and retrieve
keys and certificates from a LDAP server compile and
work fine with OpenLDAP.
http://www.dstc.qut.edu.au/MSU/projects/pki/
- Oscar currently supports:
-
Generation, signing and verification of X.509
v3 certificates for RSA, Diffie-Hellman and
DSA keys. Also supports Cross certificates
for shortening certification paths.
Signatures using RSA with SHA-1,
RIPEMD-160, MD5 and MD2 and DSA with
SHA-1. Also supports the HMAC algorithm,
as well as the DES and SKIPJACK symmetric
algorithms.
Support for PKCS#7 Signatures, Netscape
signed key challenges, and PKCS#10
Certificate Requests (new).
PKIX compliant certification path processing
many standard X.509 certificate and CRL
extensions.
Netscape certificate type extension for use
with java code signing in Netscape, S/MIME
email or as an SSL client certificate.
Publishing and retrieving Certificates and
CRLs in an LDAP directory.
Storage of private keys in PKCS#8 format
encrypted with DES keys using PKCS#5
password based encryption.
In addition to a C++ library for development using
the PKI, a number of utility programs are provided
to publish and retrieve certificates from an LDAP
directory; generate certificates, crls and key pairs;
and sign and verify documents.
|