Cryptographic Key Inventory

Where are my keys and certificates? How are they protected?

"Key management is the hardest part of cryptography and often the Achilles' heel of an otherwise secure system."
— Bruce Schneier, Preface to Applied Cryptography, Second Edition.

The majority of security failures in cryptography can be traced to key management errors, such as hard-coded keys, poorly protected credentials, and insecure keystores. The first step in preventing these issues is to have an up-to-date inventory of all your cryptographic keys and certificates.

How do I know what my keys are doing?

Cryptographic key inventory is a list of where all of your cryptographic keys are in the whole of your IT infrastructure across applications, networks and hardware.
It should include information about where keys are stored, what they are doing and who has access to them.

Popular Key Management Blog Articles

New Java Keystore CVEs

Graham Steel

We frequently apply Analyzer to widely-used open source software including the Java JDK. The Oracle Critical Patch Update (CPU) of 17th October contained patches for two CVEs discovered at Cryptosense in collaboration with our partners at University of Venice Ca' Foscari...

READ ARTICLE ->

Cracking Java Keystores with Hashcat

Graham Steel

JKS is the default keystore in all current versions of Java and still the only kind available in several widely-used application frameworks, despite issues with its security...

READ ARTICLE ->

Weaknesses in the Java JCEKS Keystore

Graham Steel

When strong cryptography was introduced into Java, the legacy JKS keystore with its "SHA-1 and XOR" encryption method was replaced by JCEKS, which uses Triple-DES (3DES) encryption to protect serialized keys when they are written to disk.There is a lot of JCEKS still around. So how exactly does the encryption work?

READ ARTICLE ->

Mighty Aphrodite - Dark Secrets of the Java Keystore

Graham Steel

If you write a Java application that uses cryptography, chances are you'll have to store some cryptographic keys. The Java crypto APIs provide an abstraction for dealing with this called keystores. In this post, we're going to look into how Java keystores are protected when written out as files.

READ ARTICLE ->
more key management articles

Cryptography Inventory White Paper

How to Build and Maintain a Cryptography Inventory

At Cryptosense, we have followed several of our customers as they create or upgrade their cryptography inventory. We have seen that in practice, every organization’s cryptography inventory will be a little different, depending on how and where cryptography is used relative to the business-critical functions of the organization. Indeed, successful cryptography inventory projects typically apply a different methodology to different parts of the application estate or infrastructure, in order to prioritize resources to the most important areas.

In this whitepaper, we will discuss the lessons learned from these projects and the best practice approaches that will enable you to guide your own cryptography inventory project.

Already registered? Log in here.

Welcome!

As a subscriber to our Knowledge Base, you have free access to all of our white papers, on-demand webinars and more.
Download white paper

Register now

Register for free access to all of our white papers, on-demand webinars and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.