Update includes white-box for web apps and TLS, and more
This week, Intertrust released a new version of whiteCryption Secure Key Box (SKB), our proven white-box cryptography solution for applications.
A white-box cryptographic library is used to protect keys in sensitive applications. Secure Key Box supports all major ciphers including AES, RSA, and ECC, and a wide variety of functionality, including hashing, message authentication, key wrapping, and key derivation. Secure Key Box ensures that keys always stay encoded, even when in use. It prevents hackers from extracting keys from applications using either static or dynamic methods.
This release includes several feature improvements to Secure Key Box as well as two new add-ons, one to support web apps and the other to protect TLS encryption keys.
Secure Key Box for Web
Insecure storage of cryptographic keys remains one of the top web application vulnerabilities. On top of this, keys are exposed in computer memory every time a cryptographic operation is performed, where they can be easily extracted. The new SKB for Web add-on brings whiteCryption white-box technology to web applications.
- Ensures your keys are always protected, from both browser-based attacks and those from the underlying operating system
- Removes the risks of platform-based side-channel attacks
- Compatible with the Web Crypto API, providing easy integration
Secure Key Box for TLS
Compromised TLS keys can be used to decrypt communications and read the data, alter the information in transit, or masquerade as a legitimate device. The SKB for TLS add-on applies white-box cryptography to TLS connections to keep these encryption keys safe.
- Implementation of a TLS library underpinned by white-box cryptography
- Ensures keys used to establish the connection as well as session keys are always secure
- Prevents eavesdropping and message manipulation
Additional optimizations and improvements
SKB Version 5.23 also includes enhancements to extend cryptographic cipher support and make it even easier to use.
- HKDF with SHA-256 hashing is now available
- Supports OpenSSL-compatible and standards-compliant public key formats for ECC
- Provides detailed documentation for RSA Key generation including examples