RECENT BLOG NEWS

PKCS is a set of “Public Key Cryptography Standards” which were devised and published by RSA Security, Inc. beginning in the 1990s. The PKCS standards encapsulate everything from the RSA algorithm to password-based encryption to standards for certificate requests and cryptographic tokens. Because many of these standards are directly related to SSL/TLS and the wolfSSL embedded SSL library, we will be posting a series of blog posts on these widely-used standards over the next several weeks.

The PKCS Standards include:

PKCS#1 = RSA Cryptography Standard
PKCS#3 = Diffie-Hellman Key Agreement Standard
PKCS#5 = Password-based Encryption Standard
PKCS#6 = Extended-Certificate Syntax Standard
PKCS#7 = Cryptographic Message Syntax Standard
PKCS#8 = Private-Key Information Syntax Standard
PKCS#9 = Selected Attribute Types
PKCS#10 = Certificate Request Standard
PKCS#11 = Cryptographic Token Interface
PKCS#12 = Personal Information Exchange Syntax Standard
PKCS#13 = Elliptic Curve Cryptography Standard
PKCS#14 = Pseudo-random Number Generation
PKCS#15 = Cryptographic Token Information Format Standard

Stay tuned to our blog to learn more about the PKCS standards and how they relate to the wolfSSL embedded SSL library.

Would you like a chance to win a New Apple iPad (16GB, Wi-Fi) directly from yaSSL? We’re conducting a short SSL survey (10 questions) and giving anyone who completes the survey a chance to enter into our drawing. The prize drawing will be held August 1, 2012, and the contest is limited to one entry per individual.

Begin the survey, here: http://www.surveymonkey.com/s/585N8LZ (this survey has been closed)

Eligibility: To be eligible to win you must be a legal resident of the fifty (50) United States or the District of Columbia and be at least eighteen (18) years old at the time of entry.

We appreciate your time and feedback! All results and comments will be taken into consideration to improve our products. If you have any questions, please email us at info@yassl.com.

yaSSL has released a case study highlighting how one of our customers, Cinterion, is using wolfSSL to secure machine-to-machine (M2M) communication modules. This case study highlights the key requirements Cinterion had for securing Machine-to-Machine modules, how wolfSSL was used as a solution to easily secure these modules, and summarizes Cinterion’s thoughts on the project.

Machine-to-Machine communication refers to either wired or wireless communication taking place between devices (such as sensors or meters). To learn more about M2M, you will find the Wikipedia link, below.

You can download the case study directly from the yaSSL website at the following location. If you have any questions about using wolfSSL to secure M2M communication, please contact us at info@yassl.com.

wolfSSL / Cinterion (M2M) Case Study: http://www.yassl.com/files/casestudy/casestudy_yassl_cinterion.pdf
Wikipedia (Machine-to-Machine): http://en.wikipedia.org/wiki/Machine-to-Machine

wolfSSL will soon be getting support for the Cavium NITROX processors, thus enabling wolfSSL users to take advantage of the incredible performance boosts provided by the NITROX family. Cavium’s NITROX processors combine cryptographic acceleration with the latest security algorithms providing an ideal platform for the next generation of security applications.

The NITROX PX family can deliver performance ranging from 500 Mbps to 2.5 Gbps for full IPsec or SSL protocol offload, and anywhere from 4K to 17K RSA operations per second using 1024bit exponent RSA. The NITROX III family can additionally boost IPsec or SSL offload performance to anywhere from 5 Gbps to 40 Gbps, and can provide 35K to 200K RSA operations per second using 1024bit exponent RSA.

Are you interested in using wolfSSL with a Cavium NITROX processor? If so, let us know at info@yassl.com.

NITROX Security Processors: https://www.cavium.com/processor_security.html

Version 2.2.0 of the wolfSSL embedded SSL/TLS library has been released and is now available for download.  This release contains bug fixes, feature enhancements, and is a recommended update for all users. Changes include:

– Initial CRL (Certificate Revocation Lists) support with –enable-crl
– Initial OCSP (Online Certificate Status Protocol) support with –enable-ocsp
– Static ECDH suites including:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
– SHA-384 support
– ECC client certificate support

For more information on CRL checkout: http://en.wikipedia.org/wiki/Certificate_revocation_list .  More details on OCSP can be found here: http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol .  The example/client has basic usage and the full API will be available in the manual. The addition of SHA-384 support makes wolfSSL even more compatible with other SSL implementations such as OpenSSL.

To download the open source, GPLv2-licensed version of wolfSSL 2.2.0, please visit our Download Page.  If you have any questions or comments or would like more information on commercial versions of wolfSSL, please contact us at info@yassl.com.

For build instructions, a full feature list, API reference, and more, please see the wolfSSL Manual.

Hi!  This is a short note to let you know that we have ported wolfSSL into the sshd sources.  This effort was done for a customer of the wolfSSL embedded SSL product.  This particular customer of ours was looking for a version of OpenSSH with a smaller footprint, TLS 1.2 and some specialized ciphers.  Alpha versions of the code base can be made available to select members of our user base in June 2012, with wider availability in beta form on the 4th of July.    

If you are interested in trying OpenSSH with wolfSSL, then please contact us at info@yassl.com.

We`ve added some new features to wolfSSL that will go into the general release this month.  The features are:

1.  Support for SHA-384
2.  Client ECC certificates
3.  Static ECDH
4.  GCM

With the addition of SHA-384 and GCM, wolfSSL will become NSA Suite B compliant.

If you need access to these features right away, contact us at info@yassl.com and we can possibly arrange for an early private code drop.

Hi yaSSL users!  See the following link for an explanation on SPDY:  https://readwrite.com/2012/04/19/what-web-users-need-to-know-ab/

SPDY is a new protocol for web use proposed by Google and supported by many of the large web companies.  It is based on HTTP, but it is faster and more suited to modern web usage.  

You will note that SPDY mandates SSL, which will provide everyone more security in their day to day web use.  We should also note that our friends at NGINX are supporting SPDY.

If you have comments or questions on running wolfSSL with SPDY, then please contact us at info@yassl.com.

Network-related applications and devices often use secure communication. Although keeping network communications safe should be a top priority to all developers and engineers, it often gets left behind due to lack of understanding, insufficient funding, or looming deadlines.

Securing a project with SSL shouldn’t have to include a steep learning curve, deep pockets, or an unlimited time frame. By learning a few basics of how things work, where the technology is best used, and what features to look for when trying to choose the right SSL implementation, a developer or engineer can easily, simply, and quickly secure their project – putting both themselves and their employer’s minds at ease.

yaSSL will be giving a presentation at the upcoming Infosecurity Europe conference next week which will address these issues. yaSSL’s presentation will introduce SSL – including why secure communication is important, introductory details about SSL, x509, and the underlying cryptography. It will give an overview of where SSL is used today – including Home Energy, Gaming, Databases, Sensors, VoIP, and more. A description and “shopping list” of important items to look for when trying to choose an SSL implementation will give developers and engineers a solid foundation to begin securing their projects with SSL and will enable them to have more informed discussions with potential vendors on the expo floor at Infosecurity Europe 2012.

Date: April 24, 2012
Time: 12:40pm – 1:05pm
Location: Technical Theater (at Infosecurity Europe, Earl’s Court, London, England)
Speaker: Chris Conlon

Infosecurity Europe: http://www.infosec.co.uk

Network-related applications and devices often use secure communication. Although keeping network communications safe should be a top priority to all developers and engineers, it often gets left behind due to lack of understanding, insufficient funding, or looming deadlines.

Securing a project with SSL shouldn’t have to include a steep learning curve, deep pockets, or an unlimited time frame. By learning a few basics of how things work, where the technology is best used, and what features to look for when trying to choose the right SSL implementation, a developer or engineer can easily, simply, and quickly secure their project – putting both themselves and their employer’s minds at ease.

yaSSL will be giving a presentation at the upcoming Infosecurity Europe conference next week which will address these issues. yaSSL’s presentation will introduce SSL – including why secure communication is important, introductory details about SSL, x509, and the underlying cryptography. It will give an overview of where SSL is used today – including Home Energy, Gaming, Databases, Sensors, VoIP, and more. A description and “shopping list” of important items to look for when trying to choose an SSL implementation will give developers and engineers a solid foundation to begin securing their projects with SSL and will enable them to have more informed discussions with potential vendors on the expo floor at Infosecurity Europe 2012.

Date: April 24, 2012
Time: 12:40pm – 1:05pm
Location: Technical Theater (at Infosecurity Europe, Earl’s Court, London, England)
Speaker: Chris Conlon

Infosecurity Europe: http://www.infosec.co.uk