GSoC/GCI Archive
GSoC/GCI Archive
Google Summer of Code 2009

PKIF project

Web Page: http://pkif.sourceforge.net/ideas.html

Mailing List: https://sourceforge.net/forum/?group_id=169079

The PKIF project provides software used to enable applications to take advantage of security services offered by Public Key Infrastructure. The core of the project lies in the PKIF (Public Key Infrastructure Framework) libraries. These are written in C++ and implement several well-established standards, including RFC5280-compliant certificate processing, an OCSP (RFC 2560) client, CMS (RFC 3852) production and processing and RFC3161-compliant time stamps. PKIF has been kept up to date with emerging Internet standards, including SCVP (RFC 5055) support, ERS (RFC 4998) support and more. Most functionality of PKIF's core libraries is also exposed through Java and .Net bindings.

Beyond the core libraries, which are offered under the LGPL version 2, the PKIF project maintains the following open source applications:

  • PKIF OCSP Plug-in - a revocation status provider for Microsoft Windows clients which supports both OCSP and CRLs for path status, and much more.
  • MD5Shield - a revocation status provider for Microsoft Windows which simply rejects any path that contains an MD5 digest, to provide a practical countermeasure against CERT VU#836068.
  • Webcullis - a plug-in to improve certificate-based access control for Apache and IIS web servers on Linux and Windows

Projects

  • PKIF DSSC Implementation When using cryptographic algorithms it is necessary to evalutate their security suitability. DSSC is a new IETF specification which could evaluate the algorithms' security suitability. Through adding DSSC implementation into PKIF,we can improve the PKIF's existing support for digital signature preservation. In this proposal,we implement the DSSC policies' parsing,authenticating and processing,using existing PKIF subsystems for authentication.
  • Python and PKIF Python is well known for being a highly readable, robust language. It would make a great interface to public key infrastructure services. If I am accepted at this project, by the end of the summer all of the PKIF's services will be accessed from the pleasant python environment . Hence the existing Java JPKIF and PKIF.Net were successfully implemented through the swig interface, I will do the same thing for python, choosing swig as a path to a PyPKIF framework.