Open Source KeyServer
This software is a Key Server that implements the TLS Session Key Interface (SKI) defined in draft-cairns-tls-session-key-interface-01.
The Heartbleed attack illustrated the security problems with storing private keys in the memory of the TLS server. The TLS Session Key Interface (SKI) defined the mentioned document makes it possible to store private keys in a highly trusted key server, physically separated from client facing servers. The TLS server is split into two distinct entities called Edge Server and Key Server that communicate over an encrypted and mutually authenticated channel using e.g. TLS. This software implements the Key Server entity.
+--------+ Handshake +-------------+ SKI +------------+ | Client | <---------> | Edge Server | <-------> | Key Server | +--------+ +-------------+ +------------+
It is aimed at being a functional prototype to test the LURK Architecture and the proposed interface. For more reference see link URL and this.
KeyServer has been developed using Java SE 8 and Redis as database to store the certificates private keys.
- Java SE Runtime Environment 8: https://java.com/es/download
- Redis: http://redis.io/download
How to install?
You can download the latest KeyServer JAR version from releases section. If you prefer generate your own JAR, remember that this project is distributed with Apache Maven.
Once the JAR file is downloaded/generated, move it to the desired folder. Configure the KeyServer using the KeyServer Wiki steps before first execution. Otherwise, you'll get an error during the execution.