CSPid 5.2.1.0
Description
CSPid is a virtual smartcard that maintains a central repository for X.509 certificates and private keys. It provides a secure environment for cryptographic operations that nearly all security-enabled applications can access via Java, PKCS#11, or Microsoft CAPI. It is available for, and compatible between, all 32- and 64-bit desktop versions of Windows, Linux, and Solaris/SPARC.
CSPid
- provides a portable, operating system independent credential store that may be shared by all security-enabled applications
- simplifies enterprise-wide credential management; users need not replicate keys among applications, and may effortlessly migrate credentials between workstations
- provides administrative controls over user credentials; allows PKI enrollment, key rollover, credential backup, and other key management tasks to be automated in a user-transparent manner
- provides superior protection for private keys and overcomes password change/reset issues with Internet Explorer and Mozilla
- reduces help desk costs and PKI training requirements
Add-on DAS support allows CSPid to provide to all applications (including Outlook and Thunderbird S/MIME) high-assurance “role-based” signing and decryption operations that rely on remote private keys, possibly stored on an HSM (requires DAS 1.8 or above).
Benefits
- Eliminates private key duplication
- Simplifies trust chain management
- Enforces strict password quality requirements
- Audits all private key operations
- May be easily deployed and managed
- Appropriate for organizations of any size, scaling up to millions of users
- Uses NIST CMVP-validated FIPS 140-2 cryptography and today’s proven standards, including ANSI X.509 and IETF PKIX, TLS, and S/MIME
Technical Specifications
- Complies with NIST FIPS 140-2 Level 1 requirements
- Exports a PKCS#11 version 2.20 compliant API
- Includes a Cryptographic Service Provider and Key Storage Provider for Microsoft Windows
- Imports and exports PKCS#12, PKCS#7, and ASN.1 DER- encoded X.509 certificates
- Generates up to 8192-bit RSA and up to 571-bit ECDSA PKCS#10 requests
- Supports SHA-256, SHA-384, and SHA-512
- Employs password-protected PKCS#15 PDUs for key storage on local, removable, or network-attached drives, using AES-256 for confidentiality and HMAC-SHA-512 for integrity checking
System Requirements
- Windows Server 2012 R2 or above
- Windows 7, 8, 8.1, 10, or above
- CentOS 6.7 (Linux Kernel 2.6) or above (x64)