Business Needs
One of the leading security provider wanted to have generic cross platform library in C++ to support their cloud, desktop and mobile based applications to provide generic CA-Certificate Authority and support KeyPair distributions to play a role of registar and disrtibution center of the key pairs.
Objectives:
- Create a C++ library to support Windows and Linux platform to create applications in C++ or C# development environment which will be working as a CA or any client application.
- This library will provide basic infrastructure to handle all Keypair generation, store, retrieval, encryption, decryption and PKI infrastructure as per following section of sequence diagram
- There will be a library in C# which will be providing a wrapper for the C# application and communicating to C++ library underneath
Thus, we have designed and provided solution to our customer with;
- C++ library supported to Linux, Mac and Windows. For this project we have considered Windows10/11 64bits and Ubuntu 22.04 LTS 64bits only.
- C# unmanaged and managed wrapper library to support Windows 10 or 11 platform and testing on .Net framework 4.8
- Console based CA test application built in C++ (Linux 64bits)
- Console based Client test application built in C++ (Linux 64bits)
- GUI based Client test application built in C# (Windows 10/11 64bits)
- Integration document
Solution
1. C++ library to manage functionality;
- Symmetric and Asymmetric key(Private and public) generation
- Encrypt and Decrypt APIs using different symmetric, private and public keys
- Asymmetric key generation using multiple parameters like, time zone, country, place, datetime, user-id and password etc.
- Get generated Keypair from CA
- Send Key pair to Clint from CA
- Store keypair to particular directory named by client id. In second phase it can be stored in to secure DB and so on.
- Get CA public key (in second phase it can be a role of remigration or distribution authority)
- Request another client public key for the encrypted communication. And vice versa
- Send client pub key to requested client
- Other APIs can be created if required during implementation phase to accommodate sequence diagram communication
- This library will be used in CA or Client machine. In future (second phase) it will be a part of registration or distribution authority machine as well.
2. C# library
- This will be a wrapper of each implemented API of C++ to provide communication to C# application
3. C++ CA test application
- This will be a console application to fulfill following functionalities and communication with the client applications
- Generate temporary certificates for the first-time communication with any client which is not having public key of CAGenerate permeant keypair of CA
- Generate requested Asymmetric key based on the request from the client
- Store and retrieve private-public key pair from the file storage
- Send requested Key pair to client
- Send public key of CA to client based on the request
- Provide public key of another client based on the request
- This will be built on Windows machine
4. C++ Test application
- This will be a console application with the command-based option menu to perform different operations
- It will be creating symmetric key for the initial communication with the CA
- It will be creating communication with CA using symmetric key encryption for the first time to get CA public key
- Once CA public key is already present, it will use it to get Keypair or client itself
- It will request public key of another client to have further communication with another client
- Encrypted communication over PKI between another client to send and receive message
- This will be based on Linux
5. C# GUI based test application
- This will be a GUI application in C# and working on top of C# wrapper library
- It will be creating symmetric key for the initial communication with the CA
- It will be creating communication with CA using symmetric key encryption for the first time to get CA public key
- Once CA public key is already present, it will use it to get Keypair or client itself
- It will request public key of another client to have further communication with another client
- Encrypted communication over PKI between another client to send and receive message
- This will be based on Windows
![panel-01[1]](https://www.eleetpro.com/wp-content/uploads/elementor/thumbs/panel-011-qmvrmfj21uasynlravr1blk9ge7gb6hpa895mu91ug.png "panel-01[1]")
![intranet-04[1]](https://www.eleetpro.com/wp-content/uploads/elementor/thumbs/intranet-041-qmvro5kekwnq8x3n8mkew5wontpof7bzirb7b3p2fs.png "intranet-04[1]")
![industrial-01[1]](https://www.eleetpro.com/wp-content/uploads/elementor/thumbs/industrial-011-qmvrp9zgqs7245gxom1dddpi7e6gm6sg0bd2y01508.png "industrial-01[1]")
