|
|
|
"No problem can stand the
assault of sustained thinking."
-Voltaire
|
|
|
The Great List
|
SSL - Encryption
|
- Web2ldap: HTTP/LDAP gateway for providing the cert data via HTTP to clients not capable of LDAP
- Certificates for most of the well known SSL Certification Agencies
- The most-recently-announced changes to the US export regulations concerning the export of encryption software
- An interesting paper on PKI myths
- Netscape: Certificate Information
- Verisign: Root Certificate FAQ
- Thawte Root Certificate Trust Map
- Thawte: Click this link to download the current root certificates
- Information concerning wildcard SSL site certificates
- How to create a CSR for Verisign/Thwate or even on how to create my own CA.
- A fairly good explanation of how-to compile Apache & SSL
- The Entropy Gathering Daemon
- A short description on how to create PKCS12 client certificates suitable for Netscape and IE using openssl
- Unofficial documentation Openssl
- "Canned" utilities for certificate management: What's been found for GPLed PKI (i.e. How to run a Certification Authority)
- Rules for exporting crypto software if you are from the US.
- An already modified/extended version of the latest public version 0.1 of asn1parser that works with the current version of OpenSSL
- M2Crypto
- librand, a random number library package based on event interval variations
- A modified BSAFE Crypto-C 4.3 patch for OpenSSL-0.9.4 (download this and many other packages here)
- Subject: Which CA is the least painfull to use with apache-ssl? - For testing, you can get it free from FreeCerts
- Opensource SSL proxy servers
- RSA Specification
- A brief explanation of the steps involved in opening a connection to a server
- Download Getopt::Long.pm from CPAN, a Perl helper script
- A free Certificate Authority implementation, www.openca.org
- S/MIME Freeware Library
- Freeware Certificate Management Library
- Download the "noiz" package, a randomness generator
- The entropy gathering daemon called Yarrow
- You can learn more about the Globus Security Interface here
- Very interesting and it describes the SSL protocol and the steps involved in using it
- X509 Fourth Edition Draft Document (Download.doc format)
- X509 Fourth Edition Draft Document (Download.pdf format)
- Newly revised drafts of the 4th edition of the other parts of X.500
- ITU is allowing any three recommendations to be downloaded at no cost from their server.
- NIST - Cryptographic Model Validation (CMV) Program
- The Secure Remote Password (SRP) algorithm: The SRP library
- A patch to OpenSSH (portable) that implements SRP (.tar.gz format)
- Adaptive Communications Environment if you're interested in a package that will hide the OpenSSL implementation details for you.
- TLS is an IETF Standards Track Protocol based on SSLv3. TLS is a committee effort.
- SSLv3 was devised by Paul Kocher with Phil Karlton and Alan Frier for Netscape. SSLv3 is a defacto, industry standard, devised by the best cryptanalyst we have. It is represented only by an expired Internet Draft.
- Basic Web SSL sockets in C (For a nice introduction to ssl have a look here)
- A really simple, intuitively explained description of the handshake protocol of (SSL/TLS)
- Certco.com - Library of Certification Information
- The folks at the Distributed Systems Technology Center are building a PKI from the ground up - The Oscar Project
- pseudonym.org - Generic SSL Information
- Introducing SSL and Certificates Using SSLeay
- Have you looked at SNACC? (an ASN1 compiler) [ftp link]
- Peter Gutman has outlined a means of using an RDBMS as a certificate store (Download.pdf file)
- Virtual Private Network Daemon
- Ben Laurie's paper, "Lucre: Anonymous Electronic Tokens"(deep cypher theory) [In .pdf format]
- Eric Rescorla's SSLdump
- Thomsen and Burke, LLP - An excellent matrix explaining licensing
- The US Dept of Commerce Commercial Encryption Export Controls
- US Department of Commerce encryption license exception chart
- US Department of Commerce - Help on public open source procedures for encryption software
- US export regulations
- Center for Democracy and Technology
- The handling of PKCS12 et al is explained in Steve Henson's excellent FAQ
- A really good tutorial on how to set up an Apache-SSL in Win32
- OpenVPN is a robust highly flexable tunneling applictions that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a sindle UDP port
- An OpenPGP library that builds on top of OpenSSL
- md5/hash program[FTP Download, tar.gz format]
- another md5/hash program[FTP Download, tar.gz format]
- MD5 in 8 lines of perl5
- SHA in 8 lines of perl5
- A white paper on SCEP
- SCEP Internet draft
- "Forward-Secure Signatures with Optiman Signing and Verifying" (Itkis, Reyzin) [341Kb, PDF format]
- Efficient generic forward-secure signatures with an unbounded number of time periods" (Malkin, Micciancio, Miner)
- "Remote Timing Attacks are Practical" by D. Boneh and D. Brumley
- "Attacking RSA-based Sessions in SSL/TLS" by V. Klima, O. Pokorny, and T. Rosa
- "Analyzing and Comparing Montgomery Multiplication Algorithyms", C. Koc, T. Acar
- SSL Certificates HOWTO
- RedHat 7.3 Manual: Creating a Self-Signed Certificate
- Ian Stuart's personal web site - Building and installing an Apache 1.x web server with SSL security, an Introduction
- Abstract - 7th USENIX Security Symposium, 1998 - "Software Generation of Practically Strong Random Numbers", Peter Gutmann
- "Software Generation of Practically Strong Random Numbers", Peter Gutmann [revised version, PDF format]
- CryptLib Encryption Toolkit
- Crypto++ - A free C++ class library of cryptographic schemes
- Botan - A C++ library of cryptographic algorithms and formats
[Note: This site may not render properly on older browsers.]
- GnuTLS - The GNU Transport Layer Security Library
|
|
