Project Description

Secure CA

Business Needs

One of the leading security provider wanted to have generic cross platform library in C++ to support their cloud, desktop and mobile based applications to provide generic CA-Certificate Authority and support KeyPair distributions to play a role of registar and disrtibution center of the key pairs.

Objectives:

  • Create a C++ library to support Windows and Linux platform to create applications in C++ or C# development environment which will be working as a CA or any client application.
  • This library will provide basic infrastructure to handle all Keypair generation, store, retrieval, encryption, decryption and PKI infrastructure as per following section of sequence diagram
  • There will be a library in C# which will be providing a wrapper for the C# application and communicating to C++ library underneath

      Thus, we have designed and provided solution to our customer with;

      • C++ library supported to Linux, Mac and Windows. For this project we have considered Windows10/11 64bits and Ubuntu 22.04 LTS 64bits only.
      • C# unmanaged and managed wrapper library to support Windows 10 or 11 platform and testing on .Net framework 4.8
      • Console based CA test application built in C++ (Linux 64bits)
      • Console based Client test application built in C++ (Linux 64bits)
      • GUI based Client test application built in C# (Windows 10/11 64bits)
      • Integration document

        Solution:

        1. C++ library to manage functionality;

          • Symmetric and Asymmetric key(Private and public) generation
          • Encrypt and Decrypt APIs using different symmetric, private and public keys
          • Asymmetric key generation using multiple parameters like, time zone, country, place, datetime, user-id and password etc.
          • Get generated Keypair from CA
          • Send Key pair to Clint from CA
          • Store keypair to particular directory named by client id. In second phase it can be stored in to secure DB and so on.
          • Get CA public key (in second phase it can be a role of remigration or distribution authority)
          • Request another client public key for the encrypted communication. And vice versa
          • Send client pub key to requested client
          • Other APIs can be created if required during implementation phase to accommodate sequence diagram communication
          • This library will be used in CA or Client machine. In future (second phase) it will be a part of registration or distribution authority machine as well.

        2. C# library

          • This will be a wrapper of each implemented API of C++ to provide communication to C# application

        3. C++ CA test application

          • This will be a console application to fulfill following functionalities and communication with the client applications
          • Generate temporary certificates for the first-time communication with any client which is not having public key of CAGenerate permeant keypair of CA
          • Generate requested Asymmetric key based on the request from the client
          • Store and retrieve private-public key pair from the file storage
          • Send requested Key pair to client
          • Send public key of CA to client based on the request
          • Provide public key of another client based on the request
          • This will be built on Windows machine


          4. C++ Test application

            • This will be a console application with the command-based option menu to perform different operations
            • It will be creating symmetric key for the initial communication with the CA
            • It will be creating communication with CA using symmetric key encryption for the first time to get CA public key
            • Once CA public key is already present, it will use it to get Keypair or client itself
            • It will request public key of another client to have further communication with another client
            • Encrypted communication over PKI between another client to send and receive message
            • This will be based on Linux

          5. C# GUI based test application

            • This will be a GUI application in C# and working on top of C# wrapper library
            • It will be creating symmetric key for the initial communication with the CA
            • It will be creating communication with CA using symmetric key encryption for the first time to get CA public key
            • Once CA public key is already present, it will use it to get Keypair or client itself
            • It will request public key of another client to have further communication with another client
            • Encrypted communication over PKI between another client to send and receive message
            • This will be based on Windows

          Looking for more information, contact us!

          Inquiry