Site menu:

Latest news:

13 November 2009
PKIF 2.1.8 along with Webcullis and the OCSP plugin are available for download.

1 October 2009
We had two SoC projects complete successfully! Look for the results following the 2.1.8 releaase.

19 May 2009:
PKIF 2.1.7 has been released. Highlights include ECDSA support for CNG on Vista/2008, and support for version 6 of the platform SDK.

17 March 2009:
PKIF has been accepted into Google's summer of code. Have a look at our ideas page if you're interested in participating.

20 February 2009:
A new maintenance of PKIF, version 2.1.6, is available for download.

Location: PKIF / Enhancement Ideas | Language: en

PKIF Hosting Provided By

Get PKIF at SourceForge.net. Fast, secure and Free Open Source software downloads

Python Binding for PKIF and PKIFCMS

Status: Complete! Will be published after the release of 2.1.8.

Python is useful for a very wide range of applications, from quick administrative scripts to web pages to robust network services to high quality desktop applications. In environements where an X.509 PKI is used for user identification, data identification and data encryption, though, python is still quite difficult to use. There are few options for certification path processing, and most of what’s available focuses on the cryptography.

PKIF would be a good choice for a pythonic interface to PKI services. It runs on the most important platforms where Python does and its class hierarchy would not feel out of place in python code.

Someone interested in this as a project could start by looking at the existing swig interfaces for .Net and Java, and see how those map to python. It also would make sense to investigate Boost.Python (given PKIF’s wide use of other boost libraries) and determin whether that’s a better path to a python interface.

References

* Boost.Python
* Swig and Python

Refactor PKIF’s Mediator/Colleague interface

Status: Unclaimed

* named colleagues
* reorderable colleagues
* a generic serialization interface for colleagues

* ability for PKIFConfigSerialization to load/save colleagues without knowing about them

References

* Mediator Pattern
* Overview of Mediators and Colleagues in PKIF

PKIF S/MIME

Status: Unclaimed

Using PKIFCMS, build a “PKIF S/MIME” implementation with a high-level interface for composing and sending secure mail messages. This would be particularly useful for server applications. A useful accompaniment to this would be a sendmail-compatible command line utility which only sends encrypted mail.

References

* RFC 3851

PKIF DSSC

Status: Partially implemented. Will be posted after the 2.1.8 release

PKIFCMS, PKIFTSP, PKIFERS and PKIFSCVP provide a strong foundation for addressing issues associated with digital signature preservation, i.e., reliance on digitial signatures over a period of many years. DSSC is a new IETF specification that enables the representation of policies that describe the security suitabilities of cryptographic algorithms. For example, a DSSC policy may indicate that a particular algorithm or cryptographic key was not fit for use at a particular point in time. A DSSC implementation would be a nice complement to PKIF’s existing support for digital signature preservation. The implementation would parse, authenticate and process DSSC policies, using existing PKIF components for authentication.

References

* RFC 3851

Other Ideas

Other ideas for improvement are always welcome. Feel free to tell us about them on the forums

Google Summer of Code

PKIF has been accepted into the Google Summer of Code as a mentoring organization. This means students can apply to Google for the opportunity to help us develop these ideas. If you’d like to introduce yourself, discuss these ideas, or propose new ones, please visit our discussion forum!