Estonia Hits Gemalto Again – Insecure eID cards

When we researched impacts of the ROCA vulnerability, the Estonian government limited the impact with a cut-off date. ROCA only applied after that date. It now appears that Gemalto had another problem before that cut-off date.

Continue reading Estonia Hits Gemalto Again – Insecure eID cards

Encryption and Databases Are Actually Similar

We have been building encryption service for a while. I grew up in the world of encryption and many things just came with experience, without being spelled out. Here’s another why I believe in “hardware encryption”.

Continue reading Encryption and Databases Are Actually Similar

JSignPdf Now Supports Remote Signing

A great news – our CloudFoxy is now supported by JSignPdf 1.6.4. You can now sign PDF with eIDAS compliant smart-cards (or OpenPGP dongles) – zero drivers or configuration on user computers.

Continue reading JSignPdf Now Supports Remote Signing

Growth Of HTTPS Public Logs (CT)

As we have a database of all the issued public certificates, we started looking at some of the data. This is a quick note about the frequency of updates of certificate transparency (CT) logs.

Continue reading Growth Of HTTPS Public Logs (CT)

Real-Time Certificate Info – 5,560,000,000 KeyChest Index

We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.

Continue reading Real-Time Certificate Info – 5,560,000,000 KeyChest Index

Multiparty Encryption – Our Talk at DefCon 25 – August 2017

I just found a video of our presentation at DefCon last year, which I haven’t watched since. The talk included a live demonstration connecting to a bank of smart-cards in Cambridge, UK. Organizers warned us not to do it as the network was pretty locked-down and a lot of …. interesting traffic was flowing around.

Continue reading Multiparty Encryption – Our Talk at DefCon 25 – August 2017

PDF Signing With CloudFoxy And Smartcards – Production Notes

We have handed over the first deployment of our CloudFoxy (smart cards over RESTful API) for PDF signing and it is now in live use. Here are a few observations of mine about dependencies, performance, and delivery.

Continue reading PDF Signing With CloudFoxy And Smartcards – Production Notes

PDF Signing, eIDAS for Companies – CloudFoxy

We have implemented a solution for eIDAS USB smart cards, with no drivers on user computers. We simply access smart cards HTTPS to sign PDF documents. A solution, which can be automated, integrated with an internal IT infrastructure, and managed by a dedicated support.

Continue reading PDF Signing, eIDAS for Companies – CloudFoxy

Expanding KeyChest For Increasing Usage

We have upgraded the KeyChest infrastructure to serve the growing user base. It is the first step for our new version, with real-time notifications, internal certificate monitoring, automated renewals, and faster discovery of new certificates.

Continue reading Expanding KeyChest For Increasing Usage

Automate certificate monitoring with free API – KeyChest

Our certificate monitoring KeyChest has an initial RESTful API for remote enrolment of new certificates and for checking certificate expiry. Its design supports automation without any initial security/authorization setup.

Continue reading Automate certificate monitoring with free API – KeyChest