Entrust Authority: Security Toolkit for the Java Platform

Features and Benefits

The Entrust Authority Security Toolkit for the Java Platform enables developers to incorporate security features, such as encryption and digital signatures, into their applications. The Entrust Authority Security Toolkit for the Java Platform delivers:

Interoperability and standards-based integration

• enables secure data transfer, exchange and storage of data with multiple PKI solutions
• maintains interoperability with multiple PKI solutions by adhering to open product standards, allowing for secure B2B, B2C and enterprise transactions
• enables integration of cryptography and creation of self-signed certificates without using any PKI

Strong security

• helps prevent confidential data exposure through end-to-end data encryption, from the browser directly to a back-end database or legacy system
• provides accountability through digital signatures
• allows for the secure storage of files while providing non-repudiation through multiple key pair support
• delivers non-repudiation through time-stamped SMIME and PKCS#7 documents

Card Management System Integration

• retrieves managed and/or unmanaged certificates from Entrust Authority Security Manager
• facilitates CMS integration with Entrust Authority Security Manager to accomplish user enrollment and recovery

Flexible key pair support

• supports the creation of one to four key pairs for signing higher value transactions or for creating digital signatures as specified in the IETF-RFC3039 standard
• provides support for accessing and using keys and certificates in Microsoft CAPI stores, allowing custom applications to leverage credentials created and managed by PKI applications

Secure file transfer and secure messaging

• enables secure data transfer and exchange through support of XML digital signatures and XML encryption based upon the latest World Wide Web Consortium’s (W3C) XML publications
• enables secure messaging through support for S/MIME v2 and v3, allowing developers to add authentication, integrity, and non-repudiation cryptographic services to email and messaging applications

Single sign-on

• allows developers to add single sign-on functionality to their applications, enabling users to log in only once to securely access other applications without being repeatedly prompted for a password

Fast time-to-market

• high-level Application Protocol Interfaces (APIs) reduce development time and help lower costs
• APIs also leverage security knowledge of Entrust cryptographic experts, minimizing risk of security breaches
• support for smart cards, policy certificates and client-side settings to enforce corporate guidelines, modular jar distribution and extended certificate validation help developers rapidly build and deploy secure e-business applications

Public Key Infrastructure Test Suite (PKITS) support

• verifies that the path validation is done in accordance with X.509 and RFC3280 standards, as per NIST PKI Test Suite (PKITS) compliance requirements

Scalability

• offers fault tolerance, load balancing and multi-threaded transaction support
• allows secure Server Login to an unattended system 24X7
• Security Toolkit for the Java Platform PKCS#11 v2 support on UNIX platforms enables large enterprises running e-business applications on high-end UNIX servers to leverage cryptographic hardware accelerators, improving the security and speed to secure Java transactions
• Entrust Authority has been tested with over six million users in a single PKI
• software can also co-exist with multiple Entrust Authority systems on a single server

Algorithm Support

• provides a broad range of algorithms, including RSA, DSA, ECDSA, AES (128, 192 and 256-bit), CAST, IDEA, DES, Triple-DES, RC-2, Diffie-Hellman, SHA (160, 256, 384 and 512-bit), MD-5, MAC and HMAC

• Encryption 101