Open Source KeyServer
This software is a Key Server that implements the TLS Session Key Interface (SKI) defined in draft-cairns-tls-session-key-interface-01.
The Heartbleed attack illustrated the security problems with storing private keys in the memory of the TLS server. The TLS Session Key Interface (SKI) defined the mentioned document makes it possible to store private keys in a highly trusted key server, physically separated from client facing servers. The TLS server is split into two distinct entities called Edge Server and Key Server that communicate over an encrypted and mutually authenticated channel using e.g. TLS. This software implements the Key Server entity.
+--------+ Handshake +-------------+ SKI +------------+ | Client | <---------> | Edge Server | <-------> | Key Server | +--------+ +-------------+ +------------+
KeyServer has been developed using Java SE 8 and Redis as database to store the certificates private keys.
How to install?
Once the JAR file is downloaded/generated, move it to the desired folder. Configure the KeyServer using the KeyServer Wiki steps before first execution. Otherwise, you'll get an error during the execution.