Jan 5, 2008


This describes a packaging of XCA 0.6.4 as a PortableApps installer.  This allows running the XCA Certificate Authority management application entirely from a USB flash drive, where the CA files are also stored.

Downloadable installer file is located here.


XCA provides a nice, easy-to-use Certificate Authority Management application for Windows and other platforms.  I need a Certificate Authority (CA) for various reasons, but I specifically came across XCA through my OpenVPN work.  You can use it to create CA's, create crypto key pairs, sign and issue certs, and create CRLs.  I also use it to store other certs issued to me from other authorities, so it serves as my personal certificate database as well.  The database can be protected with a password.

Because you secret (private) keys are involved -- most importantly for the CA itself, but also for any key pairs you have generated -- it is desirable to keep all this stuff off-line.  In professional settings the CA often resides on a machine that has no network connectivity.  For the average user, this is tedious to have an extra machine just to manage a database, but you can approach that level of security by keeping the CA files on removable media.  In that manner, if a machine is compromised, only the keys relevant for that machine would be compromised.  Compromising the CA is a big deal because you have to create a new one and reissue all your certificates.

The XCA application installs on Windows in the usual manner, i.e. running an installer and deploying files to Program Files.  This can be a little inconvenient because you rarely need to use the management application, so you either have to centralize the machine where you might want to manage certs, or you have to download and install the application everywhere you might happen to need to manage certs.  For me it is much more convenient to have the management application along with the database.  Then I can manage/issue certs wherever I go (so long as I have a Windows machine with USB).

Portable Apps is a project that provides for a way to package suitable applications in a bundle that runs completely off the USB drive, settings and all.  There are several competitors to this, such as the commercial U3, but PortableApps is free, and works on all USB drives.  Not all apps are suitable for this kind of packaging, but fortunately XCA works in this scenario.