Validation Authority - Validator Toolkit

The Validator Toolkit (VTK) product is a client solution for enabling digital certificate validation in commercial or custom developed PKI enabled applications.

The VTK includes a complete set of certificate validation functions, source code examples and reference manuals for integrating digital certificate validation into C/C++ or Java applications such as network and hand-held devices, physical security systems, and custom PKI-enabled workflow applications. The VTK saves development time and cost by abstracting the complexities of PKI digital certificate validation into a simple three step process which developers can implement through easy to understand C/C++ and Java interfaces.

The VTK supports a number of different digital certificate validation mechanisms including Certificate Revocation Lists (CRLs), Online Certificate Status Protocol (OCSP), Simple Certificate Validation Protocol (SCVP), Certificate Management Protocol (CMP) as well as Tumbleweed’s VACRL protocol, allowing developers to select the optimal solution for their application. Additionally the VTK supports several different validation trust models as well as specific validation policies.

Additionally the VTK has undergone extensive testing/evaluation and certified DOD JITC, Identrus and FIPS 140-1 Level 1 compliant. This saves organizations the time and cost of additional testing and certification.

Additionally the VTK has undergone extensive testing/evaluation and certified DOD JITC, Identrus and FIPS 140-1 Level 1 compliant. This saves organizations the time and cost of additional testing and certification.

The Tumbleweed Validator Toolkit (VTK) allows developers to integrate digital certificate validation into their client applications. The VTK provides an API that can be used to integrate digital certificate validation into an application in three simple steps.

The VTK provides support for multiple digital certificate validation mechanisms including CA issued Certificate Revocation Lists, Online Certificate Status Protocol (OCSP), Simple Certificate Validation Protocol (SCVP), and VACRL, Tumbleweed’s CRL replication protocol for VA manufactured CRL and delta CRL. The VTK APIs insulate the application from the specifics of the underlying mechanism.

The VTK is CA neutral and can support CRL data from multiple CA or VA sources and provides a robust mechanism for CA specific validation policies. VTK can support complex trust models and supports RFC 3280 certificate policy controls for path processing and policy enforcement. The VTK will perform end-to-end (complete) certificate validation if one or more intermediate CAs or VAs are used, and the validation policy requires end-to-end (complete) certificate chain validation.

VTK provides support for securely communicating with a VA Server by utilizing SSL/TLS and has been extensively tested with numerous proxy servers and load balancers. VTK supports different trust models and can support validation of the VA Server certificate. VTK also provides the capability of digitally signing requests to the VA server for deployments that require a high degree of audit and non-repudiation. VTK offers support for cryptographic hardware via the standard PKCS #11 interface, including FIPS 140-2 Level 3 and 4, which can be used to accelerate digital signing and SSL/TLS operations. The VTK offers support for digital certificates stored on smart cards such as the DOD common access card or hand-held wireless devices through standard interfaces such as Microsoft Cryptographic API (CAPI) or CHIL.

The VTK provides an ideal solution for PKI enabling network devices such as VPN or WLAN gateways as well as physical security systems.