EJBCA
 | This article contains content that is written like an advertisement. (October 2008) |
| Developer(s) | PrimeKey Solutions AB |
|---|---|
| Initial release | December 5, 2001 |
| Stable release | 4.0.0
/ March 4, 2011 |
| Repository | |
| Written in | Java on Java EE |
| Operating system | Cross-platform |
| Available in | Chinese, English, French, German, Italian, Portuguese, Spanish, Swedish |
| Type | PKI Software |
| License | LGPL |
| Website | www.ejbca.org |
Enterprise Java Bean Certificate Authority, or EJBCA, is a free software public key infrastructure certificate authority software package maintained and sponsored by the Swedish for-profit company PrimeKey Solutions AB, which holds the copyright to most of the codebase. The project's source code is available under terms of the Lesser GNU General Public License.
Design
The system is implemented in Java EE and designed to be platform independent and fully clusterable,[1] to permit a greater degree of scalability than is typical of similar software packages. Multiple instances of EJBCA are run simultaneously, sharing a database containing the current certificate authorities (CAs). This permits each instance of the software to access any CA. The software also supports the use of a Hardware Security Module (HSM), which provides additional security. Larger-scale installations would use multiple instances of EJBCA running on a cluster, a fully distributed database on a separate cluster and a third cluster with HSMs keeping the different CA keys.
Features
EJBCA follows the major standards in the PKI area, such as X509, OCSP, CMP, XKMS, SCEP, and Elliptic curves,[2] including the new Card Verifying Certificate (CVC) EU standard for machine readable passports containing fingerprints, which will be mandatory as of June 26, 2009.
Development
EJBCA is licensed under the standard GNU Lesser General Public License (LGPL). The source code is hosted at SourceForge.net. It was first posted there in November 2001. At that time the amount of source code was around 6,000 lines of code including test code. As of December 2008, it contains about 166,000 lines of code.
Known major installations
There are many known[3] installations all over the world, among them:
- USA, California: Concealed customer, (up to 150.000.000 users)
- Kingdom of Sweden: Bankgirocentralen BGC AB/BankID (National eID), 2,500.000 Users (up to 4,000.000 Users)´
- Kingdom of Sweden: The Swedish Police, 25,000 Users
- Kingdom of Sweden: Ministry of Justice, The Swedish Police, ePassports for Citizens, up to 9,000.000
- Kingdom of Norway: Ministry of Interior - Norwegian Police (PDMT), ePassports for Norwegian Citizens and Dimplomats (up to 4,500.000 Users)
- Republic of Iceland: Registry of Persons, ePassports for Citizens, up to 300,000.
- Republic of Lithuania: Ministry of Foreign Affairs, ePassport for Dimplomats, up to 10,000.
- Germany: LVM AG, 15,000 Users
- France: Societe Generale S.A, up to 400,000 Users
- Republic of Turkey: Ministry of Foreign Affairs, ePassports for Turkish Citizens and Dimplomats, 10,000 Passports per day, up to 80,000.000.
- Kingdom of Bahrain: Manama, CIO-Office, NeID for Citizens, up to 600,000.
- France: Ministry of Defence, 1,500 Users
- Greece: The Greek Police, 30,000 Users
- France: Ministry of Finance, 80,000 Users
- China: ZhuHai Local Taxation Bureau, 50,000 Users
- Kingdom of Spain: Grupo Safa, Spain, 20,000 Users
- Brazil: Seraza.com, 20,000 Users
- Kingdom of Spain: Autoritat de Certificació de la Comunitat Valenciana, +75,000 Users
Note for the reader: EJBCA is besides above samples of deployments - now (2010) also tested - in over 25 countries (Europe and ouside Europe) for different national projects: as Healthcare Cards, NeID, ePassports, Tachographs and Driving Licenses. Over 250 commercial projects/deployments have been done by PrimeKey 2002–2011. EJBCA is downloaded over 100,000 times on Global level at www.ejbca.org
References
External links
- EJBCA at SourceForge
- EJBCA evaluation report from University of Queensland, AU
- Finding and Preventing Run-Time Error Handling Mistakes; Westley Weimer, George C. Necula; University of California, Berkeley
- Migration guide from OpenSSL CAs
- Migration guide from MS CAs
- EJBCA at java-source.net
- EJBCA is used as a component in Chillout
- Information about EJBCA in French
- EJBCA proposed as a solution for How to Overcome the Challenges to Large Scale Adoption of Open Source Software and Systems in Pakistan Business and Industrial Environment ; Athar Mahboob and Nassar Ikram; National University of Sciences & Technology, Karachi
EJBCA in literature
- Research and application of EJBCA based on J2EE; Liyi Zhang, Qihua Liu and Min Xu; IFIP International Federation for Information Processing Volume 251/2008; ISBN 978-0-387-75465-9
- Chapter "Securing Connections and Remote Administration" in Hardening Linux; James Turnbull; ISBN 978-1-59059-444-5
- Exception-Handling Bugs in Java and a Language Extension to Avoid Them; Westley Weimer; Advanced Topics in Exception Handling Techniques Volume 4119/2006; ISBN 978-3-540-37443-5
- A workflow based architecture for Public Key Infrastructure; Johan Eklund; TRITA-CSC-E 2010:047