CERTivity has the following main features and advantages:
GUI Representation of the security related items in a Tabbed Document Interface allowing for visualizing in parallel the following types of models: KeyStores, individual Certificates and Test Certificate Scenarios. The GUI representation is taking advantage of the natural approach of using an IDE style interface.
KeyStores entries are represented using a Tree Table structure, each entry and sub-entry being visualized in a Details Panel resembling the view of an e-mail client. As well, KeyStore entries take advantage of contextual menus or natural editing actions such as but not limited to delete, rename, expand, undo/redo. Many of these actions can also be used through Keyboard shortcuts.
Navigation between KeyStore entries is enhanced by positioning based on the first character (case sensitive) of a KeyStore alias or by sorting the table columns.
Many of the application's components expose Context Sensitive
Help (default F1), the Table of Contents tree being
synchronized with the current context.
Status Bar is displaying useful information including if the KeyStore is case sensitive, or case aware.
KeyStore management - The application is able to work with a wide range of KeyStores types: (JKS, JCEKS, PKCS #12, BKS, BKS-V1, UBER and Windows native ones) and supports the following KeyStore operations:
Create (generate) a new KeyStore;
Open an existent KeyStore;
Opening the CA TrustStore(s) of the JRE(s) discovered on the current system;
Save a KeyStore;
Copy and Paste entries from one KeyStore to another;
Copy to clipboard Certificates from Key Pair’s Certificate Chain;
Change a KeyStore's password;
Change a Key Pair's password;
Password manager to avoid entering Key passwords each time;
Emphasizing expired and about to expire Certificates or Key Pairs;
Emphasizing Certificates and Key Pairs for which the key size is smaller than a value set by the user;
Display trust status for Certificates in the KeyStore view;
Convert to other KeyStore format;
Delete KeyStore entry;
Change KeyStore entry alias;
Import Key Pairs from Key Pair files or from separate Private Key and one or more certificate files;
Import trusted Certificates;
Trust verification when importing certificates (with user confirmation when trust is not established);
Add Certificate Extensions;
Save Certificate Extensions as XML;
Generate self signed Key Pairs (Private Key with corresponding Certificate);
Generate new Key Pairs using the information from other already existing Key Pairs;
Set a custom minimum key size limit for new Key Pair generation;
Select the country code from a list of available countries resulting a valid ISO country code when generating a Key Pair;
Generate Secret Keys;
Retrieve certificates from servers (e-mail server, web server etc.) - This is based on the underlying SSL/TLS protocols;
Set SSL Connection Type (to be used when retrieving certificates);
View Private Key Details;
View Public Key Details;
View Certificate Chain Details;
Configurable KeyStore persistence on successive runs of the application.
Certificates operations:
Import Certificates / Certificate Chains into KeyStore either from files or from SSL connections;
Open an existing Certificate as standalone (not part of a KeyStore);
Display Certificate Details (having 11 Certificate Fingerprints types available);
Display certificate trust status;
Display multiple certificates including certificate chains;
Obtain the revocation status from the signing CA through CRL;
View the CRL associated to a certificate;
Use/test a certificate against a SSL connection (including plain upgradable sockets) to an end-point and permitting raw TCP/IP level communication (similar to telnet/nc raw inspections); verbose handshaking information is also available;
View Public Key Details for the opened certificate;
View PEM representation;
View ASN.1 representation;
View Certificate Extensions;
View ASN.1 representation for a Certificate Extension;
Extend validity for a Key Pair entry.
Sign and verify
CERTivity aims to bridge the gap between keys management and digital signature functionality as well as offering a suitable introspection for developers interested in various investigations. CERTivity signs and verifies PDF, JAR and XML files with verbose details. CSR can be signed as well.
Existent signature applications lack the in-depth key management and vice-versa, existent key management applications lacks the signing and verification process or the verbose details. CERTivity interconnects these functionalities;
The embedded signature certificate can be directly imported into the active KeyStore;
Signing is a contextual action while you browse the KeyStores so you will take advantage of all the existent key management features described above;
PDF digital signature and verification:
Many existent PDF signature applications cover just the signature process, leaving the verification process to PDF readers or editors. CERTivity is offering a PDF signature verification process too, which can show you details that are not otherwise accessible, especially when you deal with the PDF specification;
Each signature details can be inspected;
All PDF standard SubFilter values are supported: adbe.pkcs7.sha1, adbe.pkcs7.detached and adbe.x509.rsa_sha1 as opposed to the general practice of supporting just adbe.pkcs7.detached;
The name of the PDF signature handler (Filter) is Adobe.PPKLite;
Multiple PDF signatures can be applied incrementally;
XML digital signature and verification:
All XML signature types are supported: enveloped, enveloping and detached;
The XML signature is based on Java Specification Request JSR-105 which standardizes the XML Digital Signature APIs;
JAR digital signature and verification:
GUI alternative of the Java command line jarsigner tool, both for signing and verifying;
Sign and verify the Android Application Package (APK) signature.
Export options:
Retrieve and Export Certificates from multiple sources into multiple formats;
Export Key Pairs, Certificate Chains, Private Keys, Public Keys;
Some of the formats supported besides the KeyStores themselves are:
X.509 Certificate Files;
X.509 Certificate Files (PEM encrypted);
PKCS #7 Certificate Files;
PKCS #7 Certificate Files (PEM encrypted);
PKI Path Certificate Files;
PKCS #12 Key Pairs;
PKCS #8 Key Pairs;
OpenSSL Public Key;
OpenSSL Public Key (PEM encrypted);
PKCS #8 Private Key Files;
PKCS #8 Private Key Files (PEM encoded);
OpenSSL Private Key Files (PEM encoded);
PKCS #10 for CSR;
SPKAC for CSR;
ASN and PEM for visualizing most of the items.
TrustStores Management:
Set/Remove TrustStores at runtime without restarting the application;
Configure Trust Path validation options at runtime without restarting the application;
Certificate Authority functions:
Certificate Signing made easier using "Select as CA Issuer" and "Sign Certificate by <aliasForIssuer>" actions;
Generate Certificate Signing Request (CSR) files;
Sign Certificate Signing Request (CSR) files;
Import CA Reply;
Trust verification when Importing CA Reply (with user confirmation when trust is not established);
Check PKI file type;
Open Certificate Revocation Lists (CRL) from files or URLs;
Open Certificate Signing Request (CSR) files;
Certificate chain management: append and remove signer certificate (with Copy/Paste/Delete/Undo/Redo functionality included);
By generating CSR files, signing CSR and importing CA reply the application can act as a testing purposes CA.
Multi-platform
Being a Java application it runs anywhere an Oracle (Sun) JRE or Apple JRE can run. Depending on the platforms, CERTivity comes bundled with JRE or standalone. Please check the download page for the suitable setup package.
Most of the operations are executed on separate threads, so that for example while generating a key or signing a PDF one can perform other tasks as well.
The existence of some of these features are controlled by the category of your license - either Standard or Professional. For the features matrix of CERTivity see the Appendix A, CERTivity®'s Features Matrix.