September 21, 2020
In this video Dr. Graham Steel explains how to move to cloud cryptography easily and securely using Cryptosense Analyzer Platform (CAP). In this example we show how we can move an enterprise Tomcat Java application to Amazon's AWS KMS.
read moreOctober 21, 2020
A lot of people are concerned that their encryption keys stored in cloud services such as AWS KMS, Azure Keyvault, or GCP KMS, are not really secure...
read moreJuly 31, 2020
In financial cryptography and PCI standards, a Key Block is an encrypted key stored with its metadata in a cryptographically secure way. That means that the key's usage information...
read moreMarch 20, 2020
Identifying the cryptographic keys an application really uses, what they are used for, and how they are stored, is a critical step towards many transformation projects...
read moreFebruary 16, 2020
The importance of cryptographic key management increases as companies begin to move sensitive applications to the public or hybrid cloud. Understanding exactly which keys are carrying out which operations, what data each key is protecting, and how they are generated and stored, is more critical than when all keys were only used and stored on-premise.
read moreApril 23, 2019
Including passwords or cryptographic key material in source code is a major security risk for a number of reasons. In the worst case, if the code is public, everyone can read the key. Even if not, access to the code is often easier for an attacker to achieve than direct compromise of the application - the entire development team becomes part of the attack surface...
read moreMarch 22, 2019
A first step of many cryptography projects - preparation for Cloud migration, crypto agility, or improving application security, is to map out the cryptography actually in use in an application. A naive approach would be to just review the source code and search for cryptographic calls. However, this is both time-consuming and error-prone...
read moreFebruary 28, 2019
Oracle are now putting some very serious investment into their cloud in an effort to capitalise on their enterprise customer base. Several of our own large customers are looking at OCI as a possible alternative or complement to other CSPs. OCI recently launched a cloud crypto service, so how does it measure up to the others in our cloud crypto comparison?
read moreJanuary 19, 2018
This is part two of our series looking at the cloud crypto services offered by the big three hosting companies: Amazon, Google and Microsoft...
read moreNovember 15, 2017
We frequently apply Analyzer to widely-used open source software including the Java JDK. The Oracle Critical Patch Update (CPU) of 17th October contained patches for two CVEs discovered at Cryptosense in collaboration with our partners at University of Venice Ca' Foscari...
read moreJuly 26, 2017
JKS is the default keystore in all current versions of Java and still the only kind available in several widely-used application frameworks, despite issues with its security...
read moreOctober 3, 2016
PrimeKey Solutions develops and supports the most downloaded open source enterprise public-key infrastructure (PKI) software available, EJBCA. You can find out why they use Cryptosense Analyzer for Java in a case study we're releasing today...
read moreAugust 16, 2016
Like the Oracle provider, keystores in BC rely on password-based encryption for confidentiality, i.e. deriving an encryption key from a password and then using that to encrypt the keys for writing to a file. BC offers three keystore types: BKS (bouncy castle keystore)...
read moreJune 9, 2016
When strong cryptography was introduced into Java, the legacy JKS keystore with its "SHA-1 and XOR" encryption method was replaced by JCEKS, which uses Triple-DES (3DES) encryption to protect serialized keys when they are written to disk.There is a lot of JCEKS still around. So how exactly does the encryption work?
read more