Growth Of HTTPS Public Logs (CT)

As we have a database of all the issued public certificates, we started looking at some of the data. This is a quick note about the frequency of updates of certificate transparency (CT) logs.

Continue reading Growth Of HTTPS Public Logs (CT)

Real-Time Certificate Info – 5,560,000,000 KeyChest Index

We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.

Continue reading Real-Time Certificate Info – 5,560,000,000 KeyChest Index

Multiparty Encryption – Our Talk at DefCon 25 – August 2017

I just found a video of our presentation at DefCon last year, which I haven’t watched since. The talk included a live demonstration connecting to a bank of smart-cards in Cambridge, UK. Organizers warned us not to do it as the network was pretty locked-down and a lot of …. interesting traffic was flowing around.

Continue reading Multiparty Encryption – Our Talk at DefCon 25 – August 2017

PDF Signing With CloudFoxy And Smartcards – Production Notes

We have handed over the first deployment of our CloudFoxy (smart cards over RESTful API) for PDF signing and it is now in live use. Here are a few observations of mine about dependencies, performance, and delivery.

Continue reading PDF Signing With CloudFoxy And Smartcards – Production Notes

PDF Signing, eIDAS for Companies – CloudFoxy

We have implemented a solution for eIDAS USB smart cards, with no drivers on user computers. We simply access smart cards HTTPS to sign PDF documents. A solution, which can be automated, integrated with an internal IT infrastructure, and managed by a dedicated support.

Continue reading PDF Signing, eIDAS for Companies – CloudFoxy

How secure is CloudFlare “flexible SSL” option

One would expect that when you decide to secure your web-server traffic with HTTPS, you do it for the security. Some, however, do it mostly to improve their SEO. CloudFlare flexible SSL is exactly for this.

Continue reading How secure is CloudFlare “flexible SSL” option

Planning TLS certificate renewals – define a process

This text is about creating a process around planning certificate renewals. As part of our KeyChest re-design, we created a sequence of meaningful checks for TLS certificates to get them always renewed before your web services go down.

Continue reading Planning TLS certificate renewals – define a process

KeyChest now runs over 500,000 TLS checks every day

We checked recent statistics of the KeyChest service. While the overall load is gradually increasing, we also increase the number of checks we perform. It’s now over 500,000 a day since March 26. But we should be fine till a major system upgrade coming soon.

Continue reading KeyChest now runs over 500,000 TLS checks every day

Rick Dickinson – designer of ZX Spectrum – passed away

Rick is for me a real legend. He helped me with a design of one of my products and ever since, I admired his personality, approach to the design and his general attitude to technology and design. I was very sad to read he had passed away on the 24th of April.

Continue reading Rick Dickinson – designer of ZX Spectrum – passed away

KeyChest becomes part of Radical Prime Limited

As the core technology of Enigma Bridge had been in its cloud encryption platform, there was always a question whether we wanted to keep use-cases of this technology under the same company. This thinking resulted in a decision to create a spin-off. This was executed in January 2018 and resulted in funding of Radical Prime Limited.

Continue reading KeyChest becomes part of Radical Prime Limited