History of cryptography
The encryption of data is a fundamental task in the current digital era. Without modern cryptography, the door is open to hackers and they would easily have access to sensitive data such as bank logins or even state secrets. Therefore, it is not surprising that there is now a large crypto community. Important participants in this community are programmers and companies such as PrimeKey, which are dedicated to the continuous development of cryptographic methods.
Using the example of the widely used PKI software EJBCA, reports Admir Abdurahmanovic, VP Strategy &Partners and Co-Founder of Primekey how crypto pioneers contribute to the security of our digital world.
Admir Abdurahmanovic, VP Strategy &Partners and Co-Founder of PrimeKey
Certificates are an important element in cryptography. A digital certificate is a record that confirms the identity of the owner of an asymmetric key pair. Therefore, the roles, policies and procedures as well as hardware and software components for the management of digital certificates must be defined over the entire life cycle. This is done in a public key infrastructure (PKI). In the early 2000s, security researcher Tomas Gustavsson led a team that developed EJBCA. This open source software offers all the necessary components of a PKI of a solution. Primekey was founded in 2002 as the driving force behind the software development and support of the EJBCA project.
The further development of the open source solution
In addition to a cryptographic implementation for Jakarta EE servers, Tomas Gustavsson’s highly regarded application offers a higher degree of scalability and clustering capability than comparable software offerings, which are often proprietary. Within a decade, EJBCA became the most widely used PKI in the world.
Based on the growing success of EJBCA and the increasing demands for applications, Primekey started the SignServer project in 2005. This open source solution creates cryptographic time stamps or signatures for use in software protection (“code signing”) or for digital and machine-readable travel documents such as passports.
To meet the needs of demanding customers, Primekey decided to work on the common Criteria certification of EJBCA. This project was successfully completed in 2012. The certified version of the software has the suffix Enterprise. Primekey continues to develop and maintain the community version, while the Enterprise version forms the basis for the company’s service portfolio.
Expansion of the offer in response to the growing market penetration
Due to the increasing market penetration and the growing market, Primekey developed a hardware application for EJBCA in 2013. To date, this is the only PKI application system in which companies receive an out-of-the-box system from the EJBCA software to the databases and the integrated hardware security module (HSM) to optimize PKI implementations for larger organizations, managed services or the Internet of Things (IoT). In addition, to this day, the company provides consulting, training, implementation and maintenance services for other organizations.
In 2017, Primekey developed the Secure execution hardware solution as the next development stage of the hardware security modules. It secures and blocks the entire application stack from threats and attacks – from the operating system to virtualization to the application. At the same time, EJBCA’s capabilities were optimized for use in the cloud and the breadth and depth of the encryption algorithms that the product supports were expanded.
In 2020, Primekey acquired Crypto Workshop, the commercial side of Bouncy Castle, the world’s most widely used cryptographic library, which Primekey has also integrated into its own solutions for a long time. Thus, Primekey has been able to strengthen its own position in the market in recent years.
Looking to the future with strong partners
The Bouncy Castle Cryptography Project was launched by Legion of the Bouncy Castle in the late 1990s as a Java library and was intended to complement the standard Java Cryptographic Extension (JCE/JCA) and J2ME. Bouncy Castle contributors developed and implemented a large number of encryption suites and algorithms that went well beyond the standard JCE provided by Sun. In addition, there were utilities for dealing with obscure encryption technologies used in legacy systems and scenarios.
In 2014, a version of the library was integrated into Google’s Android operating system. As a result, literally billions of electronic devices today use the provided APIs to perform basic security and encryption processes. With the acquisition, the development of Bouncy Castle as a freely usable library will be maintained and further developed. The version certified according to FIPS (Federal Information Processing Standard) will be converted into a commercial model of the Primekey portfolio and maintained with the same commitment to the open source model as the EJBCA and SignServer products.
In 2021, Primekey announced a merger with Keyfactor, a pioneer in PKI-as-a-Service and certificate lifecycle automation. In the future, the partners will operate under the Keyfactor brand. When the various offerings of both companies are considered together, a comprehensive range of technologies and tools as well as libraries and expertise in cryptography results.
The merger of Primekey and Keyfactor is indicative of the general development of best practices in the field of cybersecurity. IT security solutions that focus on specific infrastructure layers such as network, application, data, identity and the like are proving ineffective due to the complexity of modern digital processes. Rather, today’s infrastructures require a consolidated and integrated approach. For example, a vulnerability at the network level can endanger application and data security. But going through the various elements of modern cybersecurity practice, the most basic foundation on which everything else is built is still cryptography. Therefore, it makes sense to bundle the expertise of the crypto community in the field of PKI as well.
PrimeKey is a leading global provider of PKI and digital signature solutions. Since June 2021, PrimeKey has been part of Keyfactor, the pioneer in the field of PKI-as-a-Service and the market leader for certificate automation solutions. With the products EJBCA Enterprise, SignServer Enterprise, EJBCA Appliance and PrimeKey SEE, PrimeKey offers companies of all sizes a needs-based PKI solution for use cases in which digital certificates play a decisive role, such as in the field of IoT, e-ID, biometric passports, authentication, digital signatures, code signing, digital identities and validation. Companies can choose whether to use their solution as flexible software, as a robust hardware or software application, in the cloud, as a service or in a hybrid implementation adapted to their individual business requirements.
PrimeKey’s products are used in all industries where IT security and integrity have a particularly high priority and are certified according to the Common Criteria and FIPS standards. In addition, numerous installations are audited by Webtrust/ETSI and eIDAS, while PrimeKey’s internal processes are certified according to ISO 9.001, 14.001 and 27.001.
PrimeKey has offices in Stockholm, Sweden; Aachen, Germany; San Mateo, USA; and Melbourne, Australia. Together with a global network of technology and sales partners, PrimeKey serves numerous long-standing customers. Many of them are among the leading companies and institutions in the fields of IT, telecommunications, banking, industry, public administrations and in various areas of government.