PKIBlackbox features
Public Key Infrastructure (PKI) is a set of standards that define all aspects of creation, use and disposal of certificates based on public keys.
PKI infrastructure also includes various functions to sign and encrypt generic data, to timestamp the signatures and to sign the executable files in Windows.
Certificates - PKIBlackbox includes support for certificates in X.509 (versions 1-3) format. The following features and operations are offered:
- support for key length from 512 to 16384 bytes;
- support for RSA, DSA and DH keys;
- support for both standard (predefined) and custom certificate extensions (as defined by X.509 v3);
- saving and loading of X.509 certificates in DER, PEM (base64-encoded DER), PKCS#7, PKCS#8 and PKCS#12 (PFX) formats;
- saving and loading of private keys in DER, PEM (base64-encoded DER), PKCS#12 (PFX) and PVK formats;
- generation of self-signed and CA-signed certificates;
- validation of certificate integrity
Certificate requests - PKIBlackbox supports creation and use of Certificate Requests in PKCS#10 format. Namely, the following operations are supported:
- generation of certificate requests and corresponding private keys;
- saving and loading of certificate requests in DER and PEM (base64-encoded DER) formats;
- saving and loading of private keys in DER, PEM (base64-encoded DER) and PVK formats;
- generation of certificates from certificate requests
Certificate Revocation Lists - PKIBlackbox provids support for Certificate Revocation Lists (CRL) according to RFC 3280, including
- creation and modification of CRLs;
- support for CRL extensions and CRL Item extensions;
- saving and loading of CRLs in DER and PEM (base64-encoded DER) formats
- checking of certificate presence in CRL
Certificate Storages - with PKIBlackbox you can keep certificates in certificate storages. Certificate Storage management includes
- support for in-memory, file-based and system (Windows CryptoAPI) certificate storages;
- support for Cryptocards and USB Crypto Tokens via PKCS#11 and CryptoAPI interfaces;
- powerful search by various criteria, including issuer, subject, dates, e-mails and more;
- saving and loading of storages in PKCS#7 and PKCS#12 (PFX) formats;
- validation of certificates against certificates contained in the storage;
- multithreaded access to certificate storages;
- for Windows Certificate Storage - access to per-user and system-wide storages;
- for Windows Certificate Storage - access to system, registry and LDAP storages
Data encryption and signing - PKIBlackbox lets you encrypt, sign, decrypt and verify various data using X.509 certificates and offers
- data encryption and decryption using RSA certificates and AES (128 to 256 bit), Triple DES (3DES), ARCFOUR, RC2, DES algorithms;
- data signing and verification using RSA and DSA certificates and HMAC, SHA512, SHA384, SHA256, SHA1, MD5, MD2 algorithms;
- data timestamping and timestamp verification using TSP (Timestamp Protocol, RFC 3161). Both TSP client and TSP server are available.
Code signing - with PKIBlackbox you can sign your executables and libraries in PE format using MS Authenticode™ technology and verify the signatures. Code signing with MS Authenticode™ is available in VCL and .NET editions.