Wibu-Systems is set to revolutionize the use of certificates with CodeMeter Certificate Vault, the innovative certificate management tool to be introduced at Embedded World 2019 in Nuremberg. The PKCS#11 compliant token provider is designed to work perfectly with Microsoft’s Cryptographic API Next Generation (CNG) or OpenSSL API to make it easier for users to administer the security of identities, digital signatures, emails, or VPNs with strong authentication mechanisms.
There is one hard and fast rule in certificate management: To get a certificate, a user first creates a pair of a public and a private key. The private key that is used to create the certificate request must never leave its secure home. The request would be checked by a Certification Authority, which produces and signs the new certificate for the user to load back into his or her certificate storage.
The all-new CodeMeter Certificate Vault rises above this fundamental paradigm: The entire process of creating a certificate remains with the Certification Authority, be it an external or a company’s in-house provider, but the creation of the key pair is simplified. The resulting certificate and the private key is packaged up in a specially protected file and sent to the user for loading onto a secure dongle. Without the need for users to create and hold cryptographic keys every time they need a new certificate, distributing certificates becomes just as straightforward as delivering passwords or licenses.
CodeMeter Certificate Vault makes this possible by using WibuCmRaU files to import keys and certificates. The key pair normally generated by the requesting user is created entirely within CodeMeter License Central, Wibu-Systems’ popular license lifecycle management tool. It places the certificate in an encrypted update file, encrypted with a unique key of the target user’s container. Version 1.0 of the new system works with the most secure license container there is: A CmDongle with integrated smart card chip. In this securest of environments, the file is decrypted and the certificate ready for use. The user can trust the entire operation to his or her certification authority, which could even automate the certificate creation process in their existing CA solution via SOAP.