StrongAuth PKI2FIDO

StrongAuth PKI2FIDO is a web-application written in Angular2 and Java, using REST webservice calls for client-server communication.

PKI2FIDO enables users that have X.509 digital certificates (optionally, on smartcards - such as the PIV card or CAC) to strongly-authenticate to PKI2FIDO using TLS-ClientAuth and register a FIDO U2F key with a FIDO Server (such as the StrongKey CryptoEngine).

The TLS ClientAuth process validates the digital certificate's chain (if any) and uses CRLs to verify the certificate's revocation status (OCSP checking will come in the next release).  Once the certificate chain is validated, it checks an LDAP Directory server to determine if the user is authorized to register a FIDO U2F Key with the site. 

The end result is that a site can leverage the trust in an established credential such as the PIV, CAC, National ID smartcard with an X509 digital certificate, and enroll the trusted user with a FIDO U2F key without having to go through a manual identification & verification process again.  Once the FIDO credential is registered, it enables the site to start using the simpler, stronger authentication model built into the FIDO protocol for web-applications immediately.

Click HERE to see an architecture diagram of how PKI2FIDO works.

Click HERE to download StrongAuth PKI2FIDO.

Click HERE to view the Quickstart Guide.

StrongKey CryptoEngine

 StrongKey CryptoEngine (SKCE) 2.0 is a "crypto swiss-army knife" server to perform cryptographic functions through webservices, while freeing up application developers to focus on business functionality. Its modules include:

- A FIDO Engine to support FIDO U2F key registrations/authentications;
- An Encryption Engine to encrypt/decrypt files using AES/TDES keys;
- Escrowing keys to on-premises key-management system (StrongAuth KeyAppliance);
- Integration to cloud-storage services (AWS S3, Azure and Eucalyptus Walrus);
- A Signing Engine to digitally sign documents, code, etc. with FIPS 140-2 HSM support; and
- An LDAP Engine for AD/LDAP integration for authorization decisions.

SKCE is battle-tested and in production at one of the largest e-commerce companies in the world, protecting more than 50M documents within the business process; see for the case-study.

Click HERE to download StrongKey CryptoCabinet (SKCE) .

StrongKey CryptoCabinet

StrongKey CryptoCabinet (SKCC) 2.0 is a FIDO-enabled ( ) web-application built using the Regulatory Compliant Cloud Computing (RC3) architecture ( ).

It encrypts files/objects of any-type-any-size and stores the ciphertext either to public/private clouds - AWS, Azure, Eucalyptus - or local/network drives, while keeping cryptographic keys safe & secure OUTSIDE the cloud.

CryptoCabinet leverages the StrongKey CryptoEngine (SKCE) - another FOSS on this site - to perform FIDO U2F strong-authentication, encryption/decryption, digital signatures and cloud-integration. The CryptoCabinet is a powerful example showcasing StrongKey CryptoEngine's innovative capabilities.

Until you modify the CryptoEngine configuration, the default download uses a DEMO StrongAuth KeyAppliance to store cryptographic keys. As such, use this ONLY FOR DEMO purposes. Contact us for any of your Production needs.

Click HERE to download the StrongKey CryptoEngine (SKCE).


A graphical tool for generating RSA and ECDSA cryptographic key-pairs, creating Certificate Signing Requests (CSRs) from them, and combining the key-pair with an issued digital certificate to create a secure portable container (PKCS12, JKS, JCEKS, etc.).

Click HERE to download CSRTool.