Cipher-CaaS

The "Cipher-CaaS" (Cryptography as a Service) is a set of microservices that are implemented in Java using Spring Boot. The necessity for such a solution in the company is primarily due to the development of modern architectures of information systems based on container technology and their orchestration, and also the harmonization of the European Directive CEN/TS 419 241 "Security Requirements for Trustworthy Systems Supporting Server Signing "in the national legal field of the Law of Ukraine "On Electronic Trust Services".
The "Cipher-CaaS" is designed to create and verify electronic signatures, directional encryption, and decryption using a file key container. To work with protected media, you should run the Agent "Cipher-CaaS").
Cryptography as a Service can function:
  1. as a Java application provided as a jar archive;
  2. as a separate Docker container;
  3. as a Docker-container in the container management system (Kubernetes, Swarm, Rancher, Nomad, Kontend etc.);
  4. under control of PaaS (CloudFoundry).
Options 3 and 4 allow efficiently and minimally investing in industrial approaches in order to problems solving, scaling, load management, fault tolerance, monitoring, and condition control.
In terms of architectural style, the implementation of the "Cipher-CaaS" is based on many requirements of REST and contains a built-in web-server to unify the interaction with the client application over HTTPS.

Features of usage

The main tasks to be performed, where "Cipher-CaaS" can be used (Crypto Center)
  • Creating an electronic signature.
  • Electronic signature verification.
  • Data encryption.
  • Data decryption.
  • Generating a private key and sending request PKCS # 10. Be sure to run the Cipher-CaaS Agent.
  • The private keys updating and send request PKCS # 7. You should run the Cipher-CaaS Agent.
The above operations are performed in the operating environment of the computer on which "Cipher-CaaS" is running. You should use a key container with private keys to perform the operation of creating an electronic signature, encrypting and decrypting data, changing keys. Other operations can be performed without private keys using.

Excellent characteristics

  • Extensive opportunities for integration into existing and new information systems.
  • It operates on the basis of open standards and technologies.
  • Support for QTSP domestic producers.
  • Support for HSMs that support the PKCS # 11 interface.
  • The limitation on the size of the processed data is related only to the hardware capabilities of a computer.
  • High productivity.
  • Logging of service operations.
  • Asynchronous execution of tasks in several threads.
  • Interaction with QTSP directly (OCSP, TSP, LDAP) and via HTTP (s) -proxy.
  • High potential for development.

Advantages of Cryptography as a Service

Direct connection to QTSP
 Connection via Cipher-CaaS
  • The use of the Cipher-CaaS helps to prevent the cryptography introduction into the systems of the organization already in operation, as Cipher-CaaS includes it. It is enough to connect the system to Cipher-CaaS once via the unified REST API interface, regardless of the technologies and platforms on which the organization's systems run. Using this system saves time, money, and frees the organization from making changes according to new requirements from the regulator.
  • Support for user identification by BankID, which is confidently mastered in the market in time.
  • Support for a promising QR service that allows you to visualize the ES verification results.
  • Having a mobile web client helps you sign a file from your mobile phone or tablet.

There are no analogues of such a solution on the market these days.

Protected media

Producer
Make
Type
1
Author LLC, Ukraine
Avtor Secure Token-337/338 Series
Token
2
Author LLC, Ukraine
Avtor Secure SmartCard-337/338
SmartCard
3
Plastic Card Ltd., Ukraine
PlasticCard TEllipse 3/4
SmartCard
4
Thales, USA
SafeNet|Gemalto|Thales eToken
Token
5
IIT JSC, Ukraine
IIT Almaz-1К
Token
6
IIT JSC, Ukraine
IIT Crystal-1
Token
7
Avest Ukraine  LLC, Ukraine
Avest AvestKey
Token
8
Efit Technologies LLC, Ukraine
Efit EfitKey
Token

Demo

Available to purchase the service for personal use or as an external service.

Product documents

"Cipher-CaaS" is copyrighted by the Ministry of Economic Development and Trade from 31.05.2019 №89189.
"Cipher-CaaS" is built on the basis of Java libraries from CIPF "Cipher-X.509", which has a positive expert opinion of the SSSCIP of Ukraine from 05.05.2021 № 04/05/02-1278.
 

​Supplemental material