Estonia Hits Gemalto Again – Insecure eID cards

When we researched impacts of the ROCA vulnerability, the Estonian government limited the impact with a cut-off date. ROCA only applied after that date. It now appears that Gemalto had another problem before that cut-off date.

Continue reading Estonia Hits Gemalto Again – Insecure eID cards

Encryption and Databases Are Actually Similar

We have been building encryption service for a while. I grew up in the world of encryption and many things just came with experience, without being spelled out. Here’s another why I believe in “hardware encryption”.

Continue reading Encryption and Databases Are Actually Similar

JSignPdf Now Supports Remote Signing

A great news – our CloudFoxy is now supported by JSignPdf 1.6.4. You can now sign PDF with eIDAS compliant smart-cards (or OpenPGP dongles) – zero drivers or configuration on user computers.

Continue reading JSignPdf Now Supports Remote Signing

Multiparty Encryption – Our Talk at DefCon 25 – August 2017

I just found a video of our presentation at DefCon last year, which I haven’t watched since. The talk included a live demonstration connecting to a bank of smart-cards in Cambridge, UK. Organizers warned us not to do it as the network was pretty locked-down and a lot of …. interesting traffic was flowing around.

Continue reading Multiparty Encryption – Our Talk at DefCon 25 – August 2017

PDF Signing With CloudFoxy And Smartcards – Production Notes

We have handed over the first deployment of our CloudFoxy (smart cards over RESTful API) for PDF signing and it is now in live use. Here are a few observations of mine about dependencies, performance, and delivery.

Continue reading PDF Signing With CloudFoxy And Smartcards – Production Notes

Planning TLS certificate renewals – define a process

This text is about creating a process around planning certificate renewals. As part of our KeyChest re-design, we created a sequence of meaningful checks for TLS certificates to get them always renewed before your web services go down.

Continue reading Planning TLS certificate renewals – define a process

KeyChest now runs over 500,000 TLS checks every day

We checked recent statistics of the KeyChest service. While the overall load is gradually increasing, we also increase the number of checks we perform. It’s now over 500,000 a day since March 26. But we should be fine till a major system upgrade coming soon.

Continue reading KeyChest now runs over 500,000 TLS checks every day

KeyChest becomes part of Radical Prime Limited

As the core technology of Enigma Bridge had been in its cloud encryption platform, there was always a question whether we wanted to keep use-cases of this technology under the same company. This thinking resulted in a decision to create a spin-off. This was executed in January 2018 and resulted in funding of Radical Prime Limited.

Continue reading KeyChest becomes part of Radical Prime Limited

Major KeyChest Incident – We Turn It Into Serious Business

KeyChest HTTPS monitoring started small – to help us manage our certificates and its free service grew with interest. It’s the right approach from the business point of view, but it has its dark side. A major incident flashed it out last Saturday.

Continue reading Major KeyChest Incident – We Turn It Into Serious Business