Cryptographic Key Inventory

Where are my keys and certificates? How are they protected?

"Key management is the hardest part of cryptography and often the Achilles' heel of an otherwise secure system."
— Bruce Schneier, Preface to Applied Cryptography, Second Edition.

The majority of security failures in cryptography can be traced to key management errors, such as hard-coded keys, poorly protected credentials, and insecure keystores. The first step in preventing these issues is to have an up-to-date inventory of all your cryptographic keys and certificates.

How do I know what my keys are doing?

Cryptographic key inventory is a list of where all of your cryptographic keys are in the whole of your IT infrastructure across applications, networks and hardware.
It should include information about where keys are stored, what they are doing and who has access to them.

Popular Key Management Blog Articles

Scanning PGP Keys on Public Servers

Graham Steel

As part of the suite of cryptography discovery tools included with Cryptosense Analyzer Platform (CAP), Cryptosense File Scanner looks for cryptographic objects including SSH keys, PGP Keys, X.509 certificates and keystores on any filesystem or container image.

READ ARTICLE ->

New Java Keystore CVEs

Graham Steel

We frequently apply Analyzer to widely-used open source software including the Java JDK. The Oracle Critical Patch Update (CPU) of 17th October contained patches for two CVEs discovered at Cryptosense in collaboration with our partners at University of Venice Ca' Foscari...

READ ARTICLE ->

Cracking Java Keystores with Hashcat

Graham Steel

JKS is the default keystore in all current versions of Java and still the only kind available in several widely-used application frameworks, despite issues with its security...

READ ARTICLE ->

Weaknesses in the Java JCEKS Keystore

Graham Steel

When strong cryptography was introduced into Java, the legacy JKS keystore with its "SHA-1 and XOR" encryption method was replaced by JCEKS, which uses Triple-DES (3DES) encryption to protect serialized keys when they are written to disk.There is a lot of JCEKS still around. So how exactly does the encryption work?

READ ARTICLE ->
more key management articles

Cryptography Inventory White Paper

How to Build and Maintain a Cryptography Inventory

At Cryptosense, we have followed several of our customers as they create or upgrade their cryptography inventory. We have seen that in practice, every organization’s cryptography inventory will be a little different, depending on how and where cryptography is used relative to the business-critical functions of the organization. Indeed, successful cryptography inventory projects typically apply a different methodology to different parts of the application estate or infrastructure, in order to prioritize resources to the most important areas.

In this whitepaper, we will discuss the lessons learned from these projects and the best practice approaches that will enable you to guide your own cryptography inventory project.

Already registered? Log in here.

Welcome!

As a subscriber to our Knowledge Base, you have free access to all of our white papers, on-demand webinars and more.
Download white paper

Register now

Register for free access to all of our white papers, on-demand webinars and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.