First-Ever Keyfactor
Community Tech Meetup

Gaining access to privileged accounts and sessions is very often a key element of a successful cyberattack. Administrative privileges are used by attackers to gain control over the target environment and make it possible to execute the next phase of the attack regardless of if the endgame is a supply chain, ransomware, or exfiltration of information.

This session will address key weaknesses that threat actors often use to compromise systems as well as recommendations and priorities that are based primarily on knowledge and insights acquired while responding to actual incidents, conducting forensic investigations post-attack with the Truesec Incident Response Team, and preventing and mitigating cyber breaches in the Truesec Security Operations Centre.

Hasain, aka “The Wolf”, is an industry-leading IT security expert with a focus on networks, PKI, and certificates. He’s a senior IT security consultant with deep experience from numerous design projects, audits, advanced implementation projects, and penetration systems testing. Due to his expertise, he’s a sought-after speaker and a popular instructor at various events worldwide.

Meet the EJBCA founder Tomas Gustavsson and product architect Mike Agrenius Kushner and ask the questions that matter to you and your team. You will learn about product features, configurations, and industry-specific functionalities from your peers and Keyfactor’s product experts. If you’d like to participate in any hands-on demonstrations, please bring your EJBCA installation.

Watch the teaser on Youtube.

Tomas is the co-founder of PrimeKey and Chief PKI Officer of Keyfactor. He has been implementing PKI systems since 1994. As founder and developer of the open-source PKI project EJBCA, contributor to numerous other open source-projects, and member of the board of Open Source Sweden, Tomas is passionate about helping users worldwide to find the best possible PKI and digital signing solutions.

Mike is the Product Architect of EJBCA, and has written many of the core parts of the code. He has been working with PKI since 2010, and has designed, implemented, and realized complex PKI solutions for many of the world’s largest businesses, as well as government agencies and smaller actors.

Meet the SignServer product owner Markus Kilås and product manager Magnus Normark and ask the questions that matter to you and your team. You will learn about product features, configurations, and industry-specific functionalities from your peers and Keyfactor’s product experts. If you’d like to participate in any hands-on demonstrations, please bring your SignServer installation.

Watch the teaser on Youtube.

Markus has been working as a developer at PrimeKey and Keyfactor for more than ten years. He is the Product Architect for SignServer and responsible for the development of the product.

Magnus is the Product Manager of SignServer and EJBCA and aims to evolve the products to combine the technical strengths and business value of the products since he joined PrimeKey (now part of Keyfactor) in 2020. He has a passion for software development and security and in previous roles he worked with development and management of security-related software products.

While the Round 3 finalists have been announced, the final standards from the NIST Post-Quantum Competition are still two years away. To fill the gap and start preparing, there are hybrid approaches that allow the current finalist algorithms to be combined with regular public key algorithms for use in key encapsulation mechanisms and key agreement algorithms. Using these techniques will allow developers to introduce a level of post-quantum hardening and start gaining experience in the use of post-quantum algorithms.

In this workshop, Keyfactor’s David Hook and Roy Basmacier will look at several standardized mechanisms for hybrid techniques as well as how they can be applied to the Bouncy Castle Java APIs, both FIPS and non-FIPS.

Watch the teaser on Youtube.

• Basic techniques and algorithms to use. The mechanisms for secret sharing in post-quantum encryption are based around Key Encapsulation Mechanisms (KEMs). We will start by looking at what is available and how they translate into the Java Cryptography Architecture.
• Post-quantum hybrid cryptography in the general Bouncy Castle APIs. Building on session 1, we will look at how KEMs can be applied to more classical key agreement and key transport mechanisms.
• Post-quantum hybrid cryptography in the Bouncy Castle FIPS APIs. Building further on session 2, we will look at how KEMs can be applied together with certified versions of classical algorithms.

After the workshop, you will have knowledge of the mechanisms that can be used in Java with the Bouncy Castle APIs for doing hybrid-cryptography to post-quantum harden classical approaches to encryption. You will be able to recognize which method is most appropriate to their situation and how to use hybrid approaches in a certified environment.

To get the most out of the workshop, please have the following ready:

• Requirements: Laptop with a minimum of Java 8, an IDE for coding (user preferred is okay) and a copy of the Bouncy Castle Libraries of at least version BC 1.71.
• Knowledge needed: Attendees will need to be competent in the Java language. A knowledge of the Java Cryptography Architecture will be advantageous but is not required.

David is a Bouncy Castle developer with 25 years of experience in Java and cryptography and one of the founders of the Bouncy Castle project. David has also been responsible for guiding the APIs through the FIPS process. His personal interests include strategy games, computer graphics, and cryptography. Charming, erudite, and genuinely witty, his ability to write workshop bios is very highly regarded.

Roy just recently added a number of post-quantum encryption and signature algorithms to the Bouncy Castle APIs for Java and C#. His background is originally in lattice-based algorithms and he has been working on the Bouncy Castle project for almost a year now. His personal interests include puzzles, strategy and video games.

Join this workshop and learn how to implement a Keyfactor Control Test Drive including EJBCA PKI from the Azure Marketplace and tie it into your Azure IoT tenant.

Keyfactor Command is used for certificate lifecycle automation for IoT, while Keyfactor EJBCA provides certificate issuance. Snap these into Microsoft Azure IoT, and you’re instantly lightyears ahead on your IoT security posture.

In this workshop, Keyfactor’s Alex Gregory and Harry Haramis will walk through the whole experience to make it as easy as possible to get started. You are encouraged to follow along with your own live Azure environment.

Watch the teaser on Youtube.

• Overview of Keyfactor Control, EJBCA and Azure IoT
• Launch the Keyfactor Test Drive from the Azure Marketplace
• Access EJBCA and Keyfactor Control
• Configure Azure IoT Hub to work with Keyfactor Control and EJBCA

After the workshop, you will have an understanding of how to obtain a solution for issuing and managing certificates within your IoT environment. If you followed along with your own Azure account, you take it with you and jump right into a PoC at your organization. Not to worry otherwise, you will have seen how to kick off the Test Drive and integrate into Azure IoT to recreate this on your own.

To get the most out of the workshop, you are encouraged to to follow along on your own Azure account. If you’d like to do so, please have the following ready:

• Requirements: Bring a laptop and your Microsoft Azure login with the necessary permissions to launch products (or a Test Drive) in the Azure Marketplace.  If your organization does not provide you an account, you can sign up for a free account to get started with Azure on https://azure.microsoft.com/freePermissions to create an Azure IoT Hub within their Azure Tenant.
• Knowledge needed: Basic networking, PKI and Azure IoT Hub experience preferred but not required.

Alex created and owns the EJBCA and SignServer Cloud and SaaS products at Keyfactor, starting with the first launch of EJBCA Cloud in 2018.  For fun: Alex likes to work on his days off and loves to share his cell phone number in his email signature.

Harry drove the Cloud and SaaS business initiative at PrimeKey by Keyfactor starting in 2017 and runs the team dedicated to Cloud, SaaS, and Marketplace at Keyfactor.  For fun: Harry frequently sticks his pinky up in the air when drinking coffee.

Step into a world where Helm can deploy the Community editions (CE) of EJBCA and SignServer with the Docker containers.

In this workshop with Keyfactor’s Sven Rajala and Alfredo Neira, both EJBCA and SignServer will be deployed and configured. You will learn how to use the Easy REST Client for EJBCA to sign an Alpine container, configure Podman to validate container signatures, and issue a certificate with the EJBCA REST API.

Watch the teaser on Youtube.

• Overview of included technologies, e.g. Kubernetes and Helm
• Deploying EJBCA and SignServer containers using Helm charts
• EJBCA and SignServer use cases: Issue TLS certificates using EJBCA, Sign container using SignServer, Configure Podman for only signed containers
• Roundtable Discussions

After the workshop, you will know how to:

• Deploy EJBCA-CE and SignServer-CE containers on Kubernetes Minikube and Podman using Helm charts.
• Issue certificates against an EJBCA-CE Certification Authority using the Easy Rest Client via the EJBCA-CE REST API interface.
• Sign a Podman container using SignServer-CE and configuring Podman to only allow signed containers to run.

To get the most out of the workshop, please have the following ready:

• Requirements: Laptop with Wi-Fi, browser (preferably Firefox which uses profiles with their own certificate store), and SSH client. Participants will be provided Wi-Fi Internet with access to Keyfactor University and Cloud compute resources.
• Knowledge needed: General PKI knowledge, basic Linux/Unix skills, and general knowledge of EJBCA and SignServer will be helpful but are not required. For more information, see Introduction to EJBCA and Introduction to SignServer.
  You should be able to make SSH connections using SSH keys for your chosen SSH client.
  It will be helpful to have an understanding of the following technologies: Kubernetes, Minikube, Podman, and Helm.

Sven is Keyfactor Americas PKI Subject Matter Expert.  and a very well-seasoned cybersecurity consultant with a specialization in PKI and automation of PKI using EJBCA. Sven has over 15 years of experience working in both the private sector and with federal government departments and agencies. He is frequently called upon to participate in client discussions and seminars on topics including PKI, EJBCA, and PKI DevSecOps.

Alfredo leads the Keyfactor Americas EJBCA and SignServer Professional Services Team. He leads and promotes the adoption of automation tools and practices for the delivery of EJBCA and SignServer in the US.