KMS调研

#0.参考
[1] [Barbican](https://wiki.openstack.org/wiki/Barbican)
[2] [KMIP4J](https://www.ibm.com/developerworks/library/se-kmip4j/)
[3] [Keywhiz](https://square.github.io/keywhiz/)
[4] [vlmcsd](https://github.com/Wind4/vlmcsd)
[5] [knox](https://github.com/pinterest/knox)
[6] [open-sourcing-knox-a-secret-key-management-service](https://medium.com/@Pinterest_Engineering/open-sourcing-knox-a-secret-key-management-service-3ec3a47f5bb)
[7][What is the best alternative to Amazon Key Management Service?](https://www.slant.co/options/8710/alternatives/~amazon-key-management-service-alternatives)
[8] [SECRET SERVER FEATURES CHART WITH VAULT](https://thycotic.com/products/secret-server/features/)
[9] [非开源SECRETHUB](https://secrethub.io/)
[10] [red-october-cloudflares-open-source-implementation-of-the-two-man-rule](https://blog.cloudflare.com/red-october-cloudflares-open-source-implementation-of-the-two-man-rule/)
[11] [Ansible Vault](https://www.ansible.com/products/tower?extIdCarryOver=true&sc_cid=701f2000001OH6uAAG)
[12] [vault](https://github.com/hashicorp/vault)
[13] [vault-opensource and Enterprise Pro compare Offerings](https://www.hashicorp.com/products/vault/enterprise)
[13] [bonobo](https://github.com/guardian/bonobo)
[14] [Tendermint KMS](https://github.com/tendermint/kms)
[15] [hadoop key management server](https://hadoop.apache.org/docs/current/hadoop-kms/index.html)
[16] [Encryption and Key Management in AWS](https://www.youtube.com/watch?v=uhXalpNzPU4)
[17] [openkmip](https://github.com/OpenKMIP/libkmip)
[18] [pykmip](https://github.com/OpenKMIP/PyKMIP)
[19] [wiki key management](https://en.wikipedia.org/wiki/Key_management)
[20] [NIST key management](https://csrc.nist.gov/projects/key-management)
# 1.KMS规范文件

- 国家密码局：[证书认证系统密码及其相关安全技术规范](http://www.doc88.com/p-411726744668.html)
 - 数字证书认证系统密码协议规范
 - [NIST-A Framework for Designing Cryptographic Key Management Systems](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-130.pdf)
 - ISO/IEC 117770-1-2010 Information technology-security techniques-Key management-part 1:Framework
 - ISO/IEC 117770-2-2008 Information technology-security techniques-Key management-part 2:Mechanisms using symmetric techniques
 - ISO/IEC 117770-3-2008 Information technology-security techniques-Key management-part 3:Mechanisms using asymmetric techniques
 - ISO/IEC 117770-4-2006 Information technology-security techniques-Key management-part 4:Mechanisms based on weak secrets
 - ISO/IEC 117770-5-2011 Information technology-security techniques-Key management-part 5:Group key management
 - [KMIP(Key Management Interoperability Protocol)](http://xml.coverpages.org/KMIP/KMIP-WhitePaper.pdf)

# 2.KMS开源软件
## 2.1 [Vault](https://github.com/hashicorp/vault)
Hashicorp公司推出开源版本(go语言)，一直维护更新，同时也有企业版本，具体compare如下：
<center>
![compare1](https://leanote.com/api/file/getImage?fileId=5cee1dc9ab64416715001f27)
</center>
<center>
![compare2](https://leanote.com/api/file/getImage?fileId=5cee1e39ab64416510001f2b)
</center>
## 2.2 [Barbican](https://wiki.openstack.org/wiki/Barbican)
Barbican(python语言) is a REST API designed for the secure storage, provisioning and management of secrets such as **passwords, encryption keys and X.509 Certificates**. It is aimed at being useful for all environments, including large ephemeral Clouds. 
## 2.3 [KMIP4J](https://www.ibm.com/developerworks/library/se-kmip4j/)
This goes from data protection to key management—the task of creating, storing, renewing, and distributing keys
an open source implementation of KMIP, which should allow the protocol to proliferate in the near future
<center>
![KMIP](https://leanote.com/api/file/getImage?fileId=5cee2d20ab6441651000223f)
</center>

## 2.4 [pykmip](https://github.com/OpenKMIP/PyKMIP)
pykmip is a Python implementation of the Key Management Interoperability Protocol (KMIP), an OASIS communication standard for the management of objects stored and maintained by key management systems
## 2.5 [openkmip](https://github.com/OpenKMIP/libkmip)
A C implementation of the KMIP specification
## 2.6 [knox](https://github.com/pinterest/knox)
Knox is a service for storing and rotation of secrets, keys, and passwords used by other services.
## 2.7 [KeyBox](https://www.bastillion.io/)
Bastillion is an open-source web-based SSH console that centrally manages administrative access to systems

## 2.8 [StrongKey](https://sourceforge.net/projects/strongkey/)
## 2.9 EPKS
 Echo Public Key Share, system to share encryption keys online in a **p2p community**(分布式密钥管理)

## 2.10 [Nucypher](https://www.nucypher.com/)
基于区块链的分布式密钥管理系统，曾经研究过

# 3.KMS相关概念

- 权限管理
 - 用户和组管理
 - 密钥管理(创建/导入/激活/注销/链接/归档/恢复)
 - 策略管理
 - CA管理
 - 证书管理(不同格式cer/pfx/jks)
 - 网络配置管理(IP/子网掩码/默认网关)
 - 备份与恢复管理(对系统的数据进行备份与恢复)
 - SNMP服务管理(SNMP,简单网络管理协议)
 - 系统管理(包括时间和日期的设置/时区设置/NTP Server 自动拉取时间)
 - 集群管理
 - 日志管理

<center>
![密钥管理系统逻辑层次](https://leanote.com/api/file/getImage?fileId=5cee4c95ab644165100028a2)
</center>

<center>
![密钥管理系统](https://leanote.com/api/file/getImage?fileId=5cee4d16ab64416715002849)
</center>

信息安全从业人员^_^

导航

最近发表

友情链接