Archive for June, 2020

Build Complete Certificate and Key Inventory with DPBuddy

Posted on 06/21/2020 , Alexander,

DPBuddy 3.5 supports in-depth inventory and analysis of your X.509 certificates and keys:

  • Inventory of all your certificates, keys and password aliases across all of your appliances and domains.
    In addition to DataPower, the inventory includes certificates from TLS endpoints.
  • Reports in Excel and text format
  • Certificate deduplication -- find all places where a given certificate is used
  • See audit records of all changes -- who changed what when
  • See how each of your crypto objects is used by other DataPower objects
  • See expiration for passwords/password aliases (in addition to certificates' expiration)
  • Ensure compliance and best practices: identify self-signed certificates, weak keys/algorithms, unapproved signers
  • Get alerted on certificate expiration, invalid signatures, revocation, policy violations

(more…)

Public Key Sizes and Their Importance

Posted on 06/14/2020 , Alexander,

A public key’s size and its algorithm is usually the first thing we see when we look at the “Public Key Info” section of an x.509 certificate.

Can we evaluate security of a website or a digital signature based on its public key without any access to the private key?

Turns out that we can, at least, to a degree.

First, we need to understand that it’s the combination of the algorithm and the key size that defines the “strength” of the key. The most widely used public-key algorithm today is RSA. Elliptic Curve (EC) algorithms (that are truly superior to RSA) are quickly gaining ground and taking the second place.
(more…)