Hosted By SourceForge.net
Frequently Asked Questionslibpkix
PKIX is an acronym for Public Key Infrastructure (X.509). PKIX is an IETF Working Group whose charter includes the development of Internet standards needed to support a PKI based on X.509. The libpkix library implements the PKIX standards relevant to certificate chain validation and construction (namely, RFC 3280).
RFC 3280 provides a stable and clearly defined standard for certificate chain validation. Getting consistent support for RFC 3280 into applications will reduce interoperability problems related to certificate handling(affecting crucial protocols such as SSL).
RFC 3280 includes important features (like name constraints and support for bridge CAs) that enable organizations to cross-certify while limiting the risk due to this cross-certification. The U.S. Government Federal Bridge CA and other substantial PKI deployments depend on these features.
Through libpkix, we hope to help address several problems that have slowed PKI deployment: poor interoperability due to non-standard certificate chain validation and lack of application support for PKI. These are not the only obstacles to PKI usage, but they are substantial ones.
Applications using libpkix are provided with consistent support for RFC 3280, reducing interoperability problems related to certificate handling (affecting crucial protocols such as SSL). At the same time, libpkix makes it much easier for application developers to include high-quality certificate chain validation and building in their applications.
There are two comparable projects we are aware of: Certificate Management Library (CML) and the Certification Path API (CertPath).
CML provides a freely available 3280-compliant path validation and building library with a C API. However, there are several differences between libpkix and CML, including:
The CertPath API defines interfaces and abstract classes for creating, building, and validating certification paths in compliance with RFC 3280. The CertPath API was introduced into the core java.security.cert package in the JavaTM 2 Platform, Standard Edition, v1.4.0. The main difference here is that libpkix is implemented in C, while CertPath is implemented in the JavaTM programming language. Applications that prefer to use a C API/implementation will choose libpkix over CertPath.
We are using a modified BSD license. This is a true Open Source license with no "viral" effects.
This code can be used, modified, and redistributed by commercial or non-commercial developers without license fees, subject to the terms of our license.
Download the docs and read them. Download the code and try it out. Finish implementing the code. If you'd like to get involved, please mail the project administrator.
Copyright 2004 Sun Microsystems, Inc. All rights reserved. Use is
subject to license terms.
Sun, Sun Microsystems, the Sun Logo, and Java are trademarks or
registered trademarks of Sun Microsystems, Inc. in the US and other
Sun, Sun Microsystems, the Sun Logo, and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the US and other countries.