Open Source by the NOVOSEC AG

We by the NOVOSEC AG believe in the sense and use of free software (open source) support and actively evolve in this worldwide initiative.

This is why we have decided to release some of our developed software packages under the MIT/X license to enable every developer to use these for free, alter them and integrate them in his/her own commercial products. It is required, that the copyright notice of the NOVOSEC AG remains visible in all pieces of software that make use of our intellectual property. Furthermore, the NOVOSEC AG is not responsible for any possible damages accidentally caused by our software.

The software packages described above are the NOVOSEC Bouncy Castle Extensions. These cover extensions of the very famous Java crypto service provider Legion of the Bouncy Castle, which were too specific in order to include them in the Legion's main distribution.

Currently, NOVOSEC Bouncy Castle Extensions consist of two subpackages: An OCSP Client/Server and ASN.1 parser- and generator classes for the CMP protocol.

OCSP (Online Certificate Status Protocol, (RFC 2560) is a protocol, that enables clients to request the status of X.509 certificates. The addressed OCSP server first authenticates the client and then finds out the status of the requested certificates. This can be done via CRL's (Certificate Revocation Lists) or with another mechanism. Afterwards, the server generates an answer where it authenticates itself to the client and assigns a status (good, revoked or unknown) to each requested certificate. The client is now able to authenticate the server and can finally act according to the obtained status information. The advantage of OCSP in comparison to CRL's is the possibility of immediate access to certificate status information (CRL's are only updated in certain intervals).

The NOVOSEC OCSP server can handle the majority of the functions specified by the OCSP protocol and works perfectly together with the NOVOSEC OCSP client. Further information can be found in the corresponding README file.

CMP (Certificate Management Protocols, (RFC 2510 and RFC 2511) are a collection of protocols that are used to manage a PKI (public key infrastructure). This covers protocols for client certification, updates of certificate keys, certificate signing requests, publication of certificates and certificate revocation lists, key pair recovery, CRL requests, etc.

The NOVOSEC CMP generator and parser classes are currently used in various production systems of financial institutes and trust centers. Both components were completely written in Java (therefore OS independent) and rely on classes of the Bouncy Castle framework. The complete source code and some example programs can be downloaded here. (To work with NOVOSEC Bouncy Castle Extensions, a JDK (since version 1.4) and the Bouncy Castle package (at least version 1.20) are required.) Onto our project page, additional developer forums and bug tracking systems are located.

We are looking forward to seeing that many external developers will use and improve our software.

If you have further questions or comments in connection with the NOVOSEC Bouncy Castle Extensions, do not hesitate to contact Maik Stohn and Johannes Nicolai.