PKIF Features
PKIF provides a variety of capabilities useful in enabling applications, including:
- Certification path building and discovery compatible with the DoD PKI, the Federal bridge, the SAFE biopharma bridge and the Certipath aerospace bridge environments.
- RFC 5280-compliant path validation.
- Supports RFC 3852 (Cryptographic Message Syntax).
- Supports RFC 3161 (Timestamp protocol).
- Supports RFC 5055 (SCVP) and RFC 4998 (ERS) along with RFC 5276 (SCVP/ERS wantBacks)
- wxWidgets-based cross-platform GUI controls.
- Enabling applications is simple.
- Multiple certificate sources are supported, including LDAP-accessible directories, web servers, CAPI certificate stores, NSS certificate stores and other application-specified sources.
- Can retrieve revocation information from local stores, application-specified sources (such as an LDAP directory) and follow CRL distribution points.
- Can use OCSP responders specified in AIA extensions.
- One or more trusted OCSP responder(s) may be configured for path validation.
- Configurable to make the most of your infrastructure.
- Configurations can be created centrally and pushed out using your existing management tools.
- Much more. See the online developer’s reference for details.
PKIF was used to build Webcullis and the PKIF OCSP Plug-in, both of which are freely available from this site.
PKIF certifications
PKIFv1 was evaluated against the Public Key Enablement Protection Profile at EAL4+.
PKIFv2 has been evaluated under version 2.77 of the PKEPP at EAL4+ on both Windows Server 2003 and RHEL 4. Download the certificate.
PKIF has been evaluated by the US DOD JITC testing laboratory.