November 29, 2021
As part of the suite of cryptography discovery tools included with Cryptosense Analyzer Platform (CAP), Cryptosense File Scanner looks for cryptographic objects including SSH keys, PGP Keys, X.509 certificates and keystores on any filesystem or container image.
Read Article ->September 21, 2020
In this video Dr. Graham Steel explains how to move to cloud cryptography easily and securely using Cryptosense Analyzer Platform (CAP). In this example we show how we can move an enterprise Tomcat Java application to Amazon's AWS KMS.
Read Article ->October 21, 2020
A lot of people are concerned that their encryption keys stored in cloud services such as AWS KMS, Azure Keyvault, or GCP KMS, are not really secure...
Read Article ->July 31, 2020
In financial cryptography and PCI standards, a Key Block is an encrypted key stored with its metadata in a cryptographically secure way. That means that the key's usage information...
Read Article ->March 20, 2020
Identifying the cryptographic keys an application really uses, what they are used for, and how they are stored, is a critical step towards many transformation projects...
Read Article ->February 16, 2020
The importance of cryptographic key management increases as companies begin to move sensitive applications to the public or hybrid cloud. Understanding exactly which keys are carrying out which operations, what data each key is protecting, and how they are generated and stored, is more critical than when all keys were only used and stored on-premise.
Read Article ->April 23, 2019
Including passwords or cryptographic key material in source code is a major security risk for a number of reasons. In the worst case, if the code is public, everyone can read the key. Even if not, access to the code is often easier for an attacker to achieve than direct compromise of the application - the entire development team becomes part of the attack surface...
Read Article ->March 22, 2019
A first step of many cryptography projects - preparation for Cloud migration, crypto agility, or improving application security, is to map out the cryptography actually in use in an application. A naive approach would be to just review the source code and search for cryptographic calls. However, this is both time-consuming and error-prone...
Read Article ->February 28, 2019
Oracle are now putting some very serious investment into their cloud in an effort to capitalise on their enterprise customer base. Several of our own large customers are looking at OCI as a possible alternative or complement to other CSPs. OCI recently launched a cloud crypto service, so how does it measure up to the others in our cloud crypto comparison?
Read Article ->January 19, 2018
This is part two of our series looking at the cloud crypto services offered by the big three hosting companies: Amazon, Google and Microsoft...
Read Article ->November 15, 2017
We frequently apply Analyzer to widely-used open source software including the Java JDK. The Oracle Critical Patch Update (CPU) of 17th October contained patches for two CVEs discovered at Cryptosense in collaboration with our partners at University of Venice Ca' Foscari...
Read Article ->July 26, 2017
JKS is the default keystore in all current versions of Java and still the only kind available in several widely-used application frameworks, despite issues with its security...
Read Article ->October 3, 2016
PrimeKey Solutions develops and supports the most downloaded open source enterprise public-key infrastructure (PKI) software available, EJBCA. You can find out why they use Cryptosense Analyzer for Java in a case study we're releasing today...
Read Article ->August 16, 2016
Like the Oracle provider, keystores in BC rely on password-based encryption for confidentiality, i.e. deriving an encryption key from a password and then using that to encrypt the keys for writing to a file. BC offers three keystore types: BKS (bouncy castle keystore)...
Read Article ->June 9, 2016
When strong cryptography was introduced into Java, the legacy JKS keystore with its "SHA-1 and XOR" encryption method was replaced by JCEKS, which uses Triple-DES (3DES) encryption to protect serialized keys when they are written to disk.There is a lot of JCEKS still around. So how exactly does the encryption work?
Read Article ->