Skip to content

A collection of articles, manuals, research papers, blogs, videos and software somehow related to the Public Key Cryptography (PKI).

Notifications You must be signed in to change notification settings

auspex-labs/awesome-pki

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 

Repository files navigation

awesome-pki

A collection of articles, manuals, research papers, blogs, videos and software somehow related to the Public Key Cryptography (PKI).

Root Certificate Programs

The organizations behind the browser and the operating system development maintain the most widely used collections of up-to-date certificate authority certificates.
Root programs keep the list up-to-date and work together on the process standardization.

Chrome Root Program
Mozilla's CA Certificate Program
Apple Root Certificate Program
Microsoft Trusted Root Certificate Program
The Common CA Database (CCADB) - managed by Mozilla, supported by Microsoft & Google

Articles & Other sources

Everything you Never Wanted to Know about PKI but were Forced to Find Out (PDF) - by Peter Gutmann
PKI: It’s Not Dead,Just Resting (PDF) - Peter Gutmann
X.509 Style Guide - by Peter Gutmann
SSL/TLS and PKI History - Feisty Duck
How to build your own public key infrastructure - The Cloudflare Blog
Everything you should know about certificates and PKI but are too afraid to ask - Smallstep Labs blog
Path Building vs Path Verifying: The Chain of Pain
Certificate Transparency: a bird's-eye view
Key Management Cheat Sheet, OWASP
Certificate Policy and Certification Practice Statement documents for ISRG / Let's Encrypt
Checklist on building an Offline Root & Intermediate Certificate Authority (CA) - Stack Overflow
Certificate Authority with a YubiKey
Get started with the Nitrokey HSM or SmartCard-HSM

Hardware Secure Modules (HSM) & Key management

Why I don't like smartcards, HSMs, YubiKeys, etc. - Hacker News
The Untold Story of PKCS#11 HSM Vulnerabilities - Cryptosense
A survey of Hardware Crypto Devices (PDF) - cryptotronix
Linux smart cards (OpenSC) - How-to - Cédric Dufour blog
Key Management and use cases for HSMs - Cryptomathic
What is Key Management? a CISO Perspective - Cryptomathic
The Definitive Guide to Encryption Key Management Fundamentals - Townsend Security
Example of an IANA DNSSEC signing ceremony - not x509, but describes the procedure of a serious key ceremony
Security Concepts, Subsection 28.9: Key Management - blog of Travis
NIST Key Management Guidelines
NIST Cryptographic Module Validation Program
Commercial Cryptographic Key Management in 2018

Books

Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications, Ivan Ristić

Cryptography Engineering: Design Principles and Practical Applications, Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno

Security Engineering, The Second Edition (2008) - Chapter 21: Network Attack and Defence, Ross Anderson

Encyclopedia of Cryptography and Security, Henk C.A. van Tilborg

Architecture for Public-Key Infrastructure (APKI), The Open Group Guide, 1999

Research Papers

Is the Web Ready for OCSP Must-Staple? (PDF)

The First Ten Years of Public-Key Cryptography - Whitfield Diffie (PDF)

PKI considered harmful

Audio / Video

Hackable Security Modules: reversing and exploiting a FIPS 140-2 lvl3 HSM firmware - video, PDF
PKI Bootcamp by Paul Turner - Playlist
How to be a Certificate Authority, feat. Ryan Sleevi - Security. Cryptography. Whatever. podcast

Open-Source Certificate Authority Software

Software pkcs11 support ACME support Notes
Let's Encrypt Boulder yes yes not much documentation, no commercial support
step-ca yes yes cloud-ready CA with the commercial support
EJBCA yes yes $$$$ commercial support
Dogtag Certificate System yes yes n/a
HashiCorp Vault PKI backend no (only enterprise?) no API based CA
CFSSL no no PKI toolkit with an API
easy-rsa no no easy-rsa - Simple shell based CA utility
OpenSSL Certificate Authority yes no shell based CA leveraging OpenSSL
XCA yes no Certificate authority with a comprehensive GUI

About

A collection of articles, manuals, research papers, blogs, videos and software somehow related to the Public Key Cryptography (PKI).

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published