StrongKey is a free and open-source application that builds an enterprise-wide key-management infrastructure. What does that mean for you as a developer of software applications? Due to the number of breaches regarding sensitive data, there is tremendous pressure on the IT organization to protect the company from such breaches. While many organizations are attempting to solve the problem without touching their applications, it is our belief that no one is immune to data-breaches until the data is encrypted all the way into the application that uses the data. The following chart details the vulnerabilities of the different encryption layers.

While you can encrypt data in any of the layers of the application-stack (the network is typically encrypted using TLS/IPSec), the junction-points of any two layers, and any layer in which sensitive data is unencrypted and not used by the application, is a potential vulnerability. Thus, the lower the layer of the application-stack in which you encrypt sensitive data, the greater your exposure.

StrongKey consists a Symmetric Key Services (SKS) server that provides the following capabilities:

StrongKey is also comprised of a Symmetric Key Client Library (SKCL) that provides the following capabilities:

What this translates to you as a software developer is this: for the first time in the field of application development, you can start protecting your sensitive data using just four API calls - i) Get a symmetric key, ii) Encrypt, iii) Decrypt, and iv) Hash - without getting bogged down in the details of how it gets done, how the key is generated, transported, escrowed, and recovered. You can focus on the task of providing business value to your company by delivering great business applications, however now more securely.

Supported Environments

To determine if your enviroment is compatible with StrongKey, refer to Supported Platforms .