Key Server that implements the TLS Session Key Interface (SKI) defined in draft-cairns-tls-session-key-interface-00.
Java Shell
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
src
swagger Fixed update script error. Included README for testing tools. Jan 19, 2017
tools Fixed update script error. Included README for testing tools. Jan 19, 2017
travis-ci
.gitignore Included more code improvements. Jan 16, 2017
.travis.yml Fixed code quality minor errors. Jun 23, 2017
CHANGELOG Included more tests. Jun 26, 2017
LICENSE First KeyServer functional version. Mar 31, 2016
README.md Included installation video in Readme. Jul 10, 2017
pom.xml Updated Jetty version. Oct 3, 2017

README.md

Open Source KeyServer

  • Download last version available: Download

Repository status:

Master Develop
Build status Build Status Build Status
Dependencies status Dependency Status Dependency Status
Code quality Codacy Badge Codacy Badge Codacy Badge Codacy Badge

Description

This software is a Key Server that implements the TLS Session Key Interface (SKI) defined in draft-cairns-tls-session-key-interface-01.

The Heartbleed attack illustrated the security problems with storing private keys in the memory of the TLS server. The TLS Session Key Interface (SKI) defined the mentioned document makes it possible to store private keys in a highly trusted key server, physically separated from client facing servers. The TLS server is split into two distinct entities called Edge Server and Key Server that communicate over an encrypted and mutually authenticated channel using e.g. TLS. This software implements the Key Server entity.

  +--------+  Handshake  +-------------+    SKI    +------------+
  | Client | <---------> | Edge Server | <-------> | Key Server |
  +--------+             +-------------+           +------------+

It is aimed at being a functional prototype to test the LURK Architecture and the proposed interface. For more reference see link URL and this.

System requirements

KeyServer has been developed using Java SE 8 and Redis as database to store the certificates private keys.

How to install?

You can download the latest KeyServer JAR version from releases section. If you prefer generate your own JAR, remember that this project is distributed with Apache Maven.

Once the JAR file is downloaded/generated, move it to the desired folder. Configure the KeyServer using the KeyServer Wiki steps before first execution. Otherwise, you'll get an error during the execution.

Watch the video