Recently I have been testing this tool when I work with Java Key Stores or Trust Stores. It’s KeyStore Explorer.
You can always use command line to execute cryptographic tasks in java using keytool library or bouncy castle, however for many daily activities like generating CSR files, creating cryptographic keys or managing several keystores or trust stores, you prefer a more friendly tool. This is where KeyStore Explorer fits in.
It’s support for cryptographic tasks, according to it’s website, is:
And you can handle, compare and manage many keystore files from the main window and explore their content easily:
There are many new technologies, controls, mechanisms, modules, libraries for protecting and securing assets and information. Usually these new technologies were created and developed by people with good skills in the field, however, one of the main problems is the implementation phase.
Believe it or not, most of the vulnerabilities, either published or zero-day, exist because of a bad or terrible implementation of something that is secure in escense.
Think about cryptography. In general, cryptographic standard algorithms are approved and validated by many cryptographers around the world but when it comes the implementation phase, the standard or algorithm is implemented by a group of peole working at the same company or sometimes by only one developer with limited training in security and/or cryptography.
One of these examples is WEP Security Protocol for Wireless communications. It has different vulnerabilities but particularly the vulnerability of the key stream is a consequence of a weakness in the implementation of the RC4 stream cipher, not the RC4 algorithm by itself.
Every day a new e-commerce application is published on Internet and more people are using these applications to acquire any kind of products, at the end that is the goal, but to get there you need to introduce some of your information, from personal information to payment information. You need to type in your address, your name, your age sometimes and your credit card (CC) information of course.
In Card Not Present transactions the information must be protected in a different way than card present transactions, that is because the information processed is in fact different.