OpenCA Labs

The OpenCA Labs host a variety of Security and Identity Management projects. Our main research and development area is Trust Infrastructures deployment and Usable Security. Our projects are managed using a collaborative, consensus-based process. Moreover, each project has its own set of core developers who manage all the different aspects: from code development to user support.

We strongly hope that you will contribute to the OpenCA LABS projects either by providing feedback to developers or by deciding to join the development teams.

project manager: #madwolf - last release: 1.5.1

The PKI Project is the first project of the OpenCA LABS. It is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA PKI is based on many Open-Source Projects. Among the supported software is PERL, OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.

project manager: #madwolf - last release: 3.1.2

The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be configured to serve as a server for differen CAs.

project manager: #madwolf - last release: 0.9.0

The libPKI project is aimed to provide an easy-to-use PKI library for PKI enabled application development. The library provides the developer with all the needed functionalities to manage certificates, from generation to validation. The layered structure enables the libPKI to use different cryptographic providers, e.g. OpenSSL or KMF.

project manager: #madwolf - last release: 0.5.0

The PRQPD package is aimed to provide a PRQP server and a command line client. The package implements the PKI Resource Query Protocol (PRQP), a protocol that can be used by applications in order to discover PKI services and repositories. An Internet Draft (I-D) is available from IETF. The basic concept of the protocol is to provide a way to answer to the question "where is the URL for service X from this CA ?". The protocol envisages the presence of an Authority, called Resource Query Authority (RQA) which is entitled to provide such data from the CA itself. Read More...


OpenCA Next Generation (PKI-NG)

The OpenCA-ng project is the natural evolution of the OpenCA PKI one. Indeed OpenCA-ng stands for OpenCA Next Generation. The ng project is aimed to provide a next generation PKI to overcome the limitations of current trust infrastructures by supporting new features like on-line enrollment, multiple Point of Access, Peer-to-peer collaborative network, and federated identities.

[an error occurred while processing this directive]