{"id":18601607,"url":"https://github.com/peculiarventures/fortify","last_synced_at":"2025-04-10T19:30:42.465Z","repository":{"id":38009264,"uuid":"96462698","full_name":"PeculiarVentures/fortify","owner":"PeculiarVentures","description":"Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the desktop application repository.","archived":false,"fork":false,"pushed_at":"2024-04-11T10:28:55.000Z","size":8124,"stargazers_count":110,"open_issues_count":133,"forks_count":33,"subscribers_count":22,"default_branch":"main","last_synced_at":"2024-04-14T06:46:20.848Z","etag":null,"topics":["certificate","cryptoapi","cryptography","keychain","minidriver","pdf","pkcs11","signature","smartcard","webcrypto","x509"],"latest_commit_sha":null,"homepage":"https://fortifyapp.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PeculiarVentures.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-06T18:57:44.000Z","updated_at":"2024-06-05T15:23:57.093Z","dependencies_parsed_at":"2023-02-18T16:31:27.239Z","dependency_job_id":"a7bb6d20-1857-4583-92e9-46c1b06b22bf","html_url":"https://github.com/PeculiarVentures/fortify","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ffortify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ffortify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ffortify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Ffortify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PeculiarVentures","download_url":"https://codeload.github.com/PeculiarVentures/fortify/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248281395,"owners_count":21077423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","cryptoapi","cryptography","keychain","minidriver","pdf","pkcs11","signature","smartcard","webcrypto","x509"],"created_at":"2024-11-07T02:08:51.619Z","updated_at":"2025-04-10T19:30:40.859Z","avatar_url":"https://github.com/PeculiarVentures.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003e [!CAUTION]\n\u003e **This Repository is no longer maintained** \u003cbr /\u003e\n\u003e This repository has been archived and is no longer maintained, also we are not going to be updating issues or pull requests on this repository. The application has been moved to a new [fortify-releases](https://github.com/PeculiarVentures/fortify-releases) repository.\n\u003e If you are having a question about Fortify then please contact [support](mailto:support@fortifyapp.com).\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://fortifyapp.com/\" rel=\"noopener\" target=\"_blank\"\u003e\u003cimg width=\"128\" src=\"src/static/icons/tray/png/icon@16x.png\" alt=\"Fortify logo\"\u003e\u003c/a\u003e\u003c/p\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eFortify Desktop\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eFortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. For Mac, Windows, and Linux.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/PeculiarVentures/fortify/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-AGPL%20v3-blue.svg\" alt=\"License: AGPL v3\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/PeculiarVentures/fortify/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/PeculiarVentures/fortify.svg\" alt=\"github release version\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/PeculiarVentures/fortify/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/downloads/PeculiarVentures/fortify/total.svg\" alt=\"github release downloads\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n- [Background](#background)\n- [Architecture](#architecture)\n- [How does it work?](#how-does-it-work)\n- [How can I use it?](#how-can-i-use-it)\n- [Installing](#installing)\n  - [Binaries](#binaries)\n  - [Building from source](#building-from-source)\n\n## Background\nFortify is a client application that you install that runs in the background as a tray application in Windows, OSX, and Linux that provides these missing capabilities to authorized applications.\n\nIt does this by binding to 127.0.0.1 and listening to a high-order well-known port for incoming requests. Browsers allow web applications to initiate sessions to this address, over that session a Fortify enabled application establishes a secure session and if approved by the user is allowed to access these missing capabilities.\n\n## Architecture\nFortify is a Node.js application based on Electron and it accesses all cryptographic implementations via node-webcrypto-p11. This library was designed to provide a WebCrypto compatible API to Node.js applications but it also extends the WebCrypto API to provide basic access to certificate stores.\n\nIt uses another Peculiar Ventures project called PVPKCS11 to access the OSX KeyStore, Mozilla NSS or Windows CryptoAPI via this PKCS#11 wrapper.\n\nIt also uses pcsclite to listen for a smart card or security token insertions and removals, when new insertions are detected it inspects the ATR of the card. If it is a known card the client attempts to load the PKCS#11 library associated with the card. If that succeeds events in the `webcrypto-socket` protocol are used to let the web application know about the availability of the new cryptographic and certificate provider.\n\nIronically, despite the complication of the PKCS#11 API, this approach enables the code to maintain a fairly easy to understand structure.\n\nThe application also includes a tray application that is used to help with debugging, access a test application and manage which domains can access the service.\n\n## How does it work?\nAt the core of Fortify is a library called 2key-ratchet. This implements a `Double Ratchet` protocol similar to what is used by Signal. In this protocol each peer has an identity key pair, we use the public keys from each participant to compute a short numeric value since in the protocol the peers prove control of the respective private keys we know that once the keys are authenticated we are talking to the same “identity”.\n\nSince 2key-ratchet uses WebCrypto we leverage the fact that keys generated in a web application are bound to the same origin, we also (when possible) utilize non-exportable keys to mitigate the risks of these approved keys from being stolen.\n\nThis gives us an origin bound identity for the web application that the Fortify client uses as the principal in an Access Control List. This means if you visit a new site (a new origin), even if operated by the same organization, you will need to approve their access to use Fortify.\n\nFor good measure (and browser compatibility) this exchange is also performed over a TLS session. At installation time a local CA is created, this CA is used to create an SSL certificate for 127.0.0.1. The private key of the CA is then deleted once the SSL certificate is created and the Root CA of the certificate chain is installed as a locally trusted CA. This prevents the CA from being abused to issue certificates for other origins.\n\nThe protocol used by Fortify use a /.wellknown/ (not yet registered) location for capability discovery. The core protocol itself is Protobuf based.\n\nWe call this protocol webcrypto-socket. You can think of the protocol as a Remote Procedure Call or (RPC) to the local cryptographic and certificate implementations in your operating system.\n\n## How can I use it?\n\nSince the client SDK that implements the `webcrypto-socket` protocol is a superset of WebCrypto, with slight modifications, if you have an web application that uses WebCrypto you can also use locally enrolled certificates and/or smart cards.\n\nWe have also created a number of web componentss that make using it easy, for example:\n\n- [Certificate Enrollment](https://fortifyapp.com/examples/certificate-enrollment)\n- [Certificate Selection](https://fortifyapp.com/examples/certificate-management)\n- [Signing](https://fortifyapp.com/examples/signing)\n\n\n## Installing\n\n### Binaries\n\nVisit the [the official website](https://fortifyapp.com/#download) to find the installer you need.\n\n### Building from source\n\n```\ngit clone git@github.com:PeculiarVentures/fortify.git\ncd fortify\nyarn\nyarn build\nyarn start\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeculiarventures%2Ffortify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeculiarventures%2Ffortify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeculiarventures%2Ffortify/lists"}