The aim of this prototype is to show the SkyTrust functionality within a classic desktop operating system - in this case Windows 7/64 bit (the prototype is also compatible with Windows 8/8.1).
Implementation
The SkyTrust Windows installation consists of three components: (1) A virtual SkyTrust smartcard that provides an interface via the Windows CNG architecture, which is supported by a wide range of applications. In contrast to a real smartcard driver the cryptographic commands are forwarded to the SkyTrust server, where they are executed by using the stored cryptographic key(s). (2) A virtual smartcard reader that provides the basic environment for the virtual smartcard. (3) A helper application that carries out the authentication process, injects certificates into the Windows certificate store and "inserts" the virtual smartcard in the SkyTrust smartcard reader.
Communication between the virtual smartcard reader and the SkyTrust server is handled via the SkyTrust JSON protocol.
Try it yourself (coming soon)
The described SkyTrust driver and a demo platform that generates test keys and certificates will be available soon. For now, the installation and usage of the SkyTrust windows drivers is demonstrated by the videos below.
Videos
The installation and usage of the Windows SkyTrust driver is shown by the following videos. For demonstration purposes the SkyTrust client has not been started prior to using the respective applications (e.g. Outlook, Adobe) for creating signatures/decrypting data. Therefore, the "Insert Smarcard" notification is shown. In the presented setup the cryptographic keys can be used for decryption/signing operations until the session timeout occurs. This can easily be adapted according to the security requirements of the specific scenario. E.g., for critical keys, the authentication process could be mandatory each time the key is used.
SkyTrust Driver installation
The first video shows the installation of the SkyTrust driver on Windows 7 (64bit). After installing the driver and starting the SkyTrust client the available certificates are imported from the SkyTrust server and are made available in the Windows certificate store.
Signing emails (S/MIME) with MS Outlook
After installing the SkyTrust system, the available certificates are available in the Windows certificate store and can be used by arbitrary application that are capable of executing cryptographic functions via the Windows CNG architecture. In this example a signed S/MIME message is sent via MS Outlook.
Signing Encrypting with Adobe PDF
In this, example a PDF document is signed/encrypted via Acrobat Professional using SkyTrust enabled certificates.
OpenVPN access
This demonstration will show how the OpenVPN client can be used to secure VPN access with a SkyTrust enabled certificate.
SSL Client Authentication with Chrome/Internet Explorer
This demonstration highlights how SkyTrust enabled certificates can be use for SSL client authentication scenarios.
This video is not available yet, however the workflow is similar to signing/decrypting PDFs via Adobe (in terms of authentication and using the SkyTrust system).
IPSEC VPN Client Windows
This demonstration shows how the user authentication process for the Windows based IPSEC VPN client can be executed with SkyTrust enable certificates.
This video is not available yet, however the workflow is similar to signing/decrypting PDFs via Adobe (in terms of authentication and using the SkyTrust system).
No comments:
Post a Comment