KeyManager is a client side PKI tool for key generation, certificate enrollment, and identity and authority delegation.
Currently, Mozilla Personal Security Manager (PSM) allows import and export of keys but does not provide GUI for local key generation. Our KeyManager tool extends the Certificate Manager wizard in Mozilla PSM and adds the capability for key generation and SCEP based certificate enrollment. Our extension enables Mozilla PSM to act as a key management tool. In addition, the tool supports signing of proxy certificates for credential delegation and provides XUL based GUI for signing of XPI files as well as update manifest.
The KeyManager tool has following features :
- Generation of keys and X.509
based self-signed certificate
- Generation of PKCS#10 based Certificate Signing Requests
based Certificate enrollment - it enables Firefox to acts as SCEP client. The SCEP client can be invoked from other extensions and XPCOM based components.
- XPI Signing (for Mozilla add-ons) and signing of archive files - provides an XUL based GUI for command-line 'signtool'
in Mozilla NSS
- Signing of update manifest
using keys associated with certificate in the browser's certificate DB. You can use this tool as alternative to Mozilla's McCoy
- Signing of Proxy Certificates (RFC 3820
) and other users' certificates
- Signing and verification of Attribute certificates (RFC3281
- Exporting of keys and certificate in the following formats: PKCS#7, PKCS#8, PKCS#10, PKCS#12, OpenSSL
, and SSH-2
- Backup and Synchronization of keys and certificates for OpenSSL based applications: cURL, Globus toolkit, etc as well as other Mozilla-NSS based soft-tokens
- Managing keys and sign certificates in Java Keystores
For more info:
- Key Manager Tool: http://pubs.research.avayalabs.com/pdfs/ALR-2006-044.pdf
- Use case on on-line proxy certificate signing and credential delegation for Globus Grid based portal: http://pubs.research.avayalabs.com/pdfs/ALR-2007-023.pdf