Interfacing with a Cryptographic Service Provider (CSP)
The Cryptographic Service Provider (CSP) architecture provides a safe way for multiple applications to access cryptographic and signature services. Instead of being passive sets of encryption routines, CSPs are independently functioning cryptographic modules capable of authenticating the user and checking for user assent to actions.
For example, some CSPs will require a personal identification number (PIN) to be entered by a user before a digital signature is generated, while some require a smart card. Others may require user intervention before executing private key functions, and still others have no authentication at all. The quality of protection for keys within the system is a design parameter of the CSP itself and not the system as a whole. This lets the same applications run in a variety of security contexts without modification.
The amount of access that applications have to the cryptographic internals has been carefully restricted. This facilitates secure and portable application development. The following three design rules apply:
-
Applications cannot directly access keying material. Because all keying material is generated within the CSP and used by the application through opaque handles, there is no risk of an application or its associated DLLs either divulging keying material or choosing keying material from poor random sources.
-
Applications cannot specify the details of cryptographic operations. The CSP interface only allows applications to specify broad actions to take (for example, encrypt data by using algorithm X and sign data). The actual implementation of the cryptographic operations is the responsibility of the CSP. This limits the scope of the API because esoteric protocols require application intervention, but make a basic set of operations readily available to all applications.
-
Applications do not handle user authentication data. User authentication is done by the CSP. In this way, CSPs that have better authentication capabilities (for example, biometric inputs and data keys) will function without needing to change the application authentication model. It also prevents applications from divulging user secrets.