 | ||
|
| ||
| ||
|
| ||
Microsoft Corporation
Updated: March 5, 1998 (new location of CSPDK)
Contents
Overview of Cryptography
CryptoAPI Cryptographic Functions
Cryptographic Service Provider
Developer's Kit (CSPDK)
CryptoAPI Sample Code
Availability
Endorsements
List Server and Newsgroups
Cryptography provides a set of techniques for encoding data and messages such that the data and messages can be stored and transmitted securely. Cryptography can be used to achieve secure communications, even when the transmission media (for example, the Internet) is untrustworthy. You can also use cryptography to encrypt your sensitive files, so that an intruder cannot understand them. Cryptography can be used to ensure data integrity as well as to maintain secrecy. Using cryptography, it becomes possible to verify the origin of data and messages using digital signatures. When using cryptographic methods, the only part that must remain secret is the private cryptographic key. The algorithms, the key sizes, and file formats can be made public without compromising security.
The Microsoft® Cryptographic API (CryptoAPI) provides services that enable application developers to add cryptography and certificate management functionality to their Win32® applications. Applications can use the functions in CryptoAPI without knowing anything about the underlying implementation, in much the same way that an application can use a graphics library without knowing anything about the particular graphics hardware configuration.
The Microsoft CryptoAPI provides a set of functions that allow applications to encrypt or digitally sign data in a flexible manner, while providing protection for the user's sensitive private key data.
All cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs). One CSP, the Microsoft RSA Base Provider, is bundled with the operating system.
Each CSP provides a different implementation of the CryptoAPI. Some provide stronger cryptographic algorithms while others contain hardware components such as smartcards. In addition, some CSPs may occasionally communicate with users directly, such as when digital signatures are performed using the user's signature private key.
The CryptoAPI programming model can be compared to the Windows GDI model in that the CSPs are analogous to graphics device drivers, and the cryptographic hardware (optional) is analogous to graphics hardware. Just as well-behaved applications are not allowed to communicate with graphics device drivers and hardware, well-behaved applications cannot directly access the CSPs and cryptographic hardware.
To request a copy of the Cryptographic Service Provider
Developer's Kit (CSPDK), please fill out the form provided
on
http://www.microsoft.com/security/tech/cryptoapi/cspdkintrocontent.asp
.
The sample applications below illustrate the use of the Microsoft CryptoAPI. After downloading, review the README.TXT file for each sample for more information.
Download the
files for the INITUSER sample
(zipped, 1.69K).
INITUSER is a sample console application that creates a key
container for the default user, along with a signature
public/private key pair and a key exchange public/private
key pair.
Download the
files for the ENCRYPT sample
(zipped, 5.33K).
ENCRYPT consists of a pair of sample console applications
that can be used to encrypt and decrypt files.
Download the
files for the ENUMALGS sample
(zipped, 2.08K).
ENUMALGS is a sample console application that lists the
user default CSP's supporting algorithms.
Download the
files for the SIGN sample
(zipped, 4.36K).
SIGN consists of a pair of sample console applications that
can be used to sign and later verify files.
Download the
files for the CFILER sample
(zipped, 76K).
CFILER is a Windows-based application that can be used to
encrypt and sign files.
The Microsoft CryptoAPI is shipping in Internet
Explorer 3.x and later, and Windows
NT 4.0.
Please click the company names to link to the endorsing
company's Web site for more information. (Note that these
links point to servers that are not under Microsoft's
control. Please read Microsoft's official statement regarding
other servers.)
"Atalla is pleased to announce our support for Microsoft's CryptoAPI and our intent to design and deliver hardware-based security modules and associated software modules to function as a Cryptographic Service Provider (CSP) within the CryptoAPI programming model. The Atalla CSP will focus on high performance cryptographic processing, robust key management, encapsulation of functionality, and physical security for those customers who will utilize Windows NT on their server platforms for electronic commerce."
-- Gary Sabo, Vice-President, Product Management and Marketing
"Cylink applauds Microsoft's development and promotion of CryptoAPI, a robust, vendor-independent interface for providing cryptographic services to applications. This will serve to broaden the overall market for information security products and facilitate the seamless integration of CYLINK's high-performance, public-key based hardware and software INFOSEC products into the leading computer operating environments."
-- John Kennedy, Cryptographic Systems Architect
"I am excited to see that Microsoft is building the ability to use cryptographic solutions into Windows NT. Developers can now write secure applications that will allow access to security tokens such as iPower's PersonaCard, enabling server-based enterprise-wide security solutions."
-- Tom Rowley, Director of Marketing, National Semiconductor's iPower Business Unit
"We're pleased to see Microsoft's announcement of CryptoAPI and CryptoAPI's use of RSA technology. This announcement makes more robust cryptography more easily available to more people--and RSA believes that's always a good thing."
-- Jim Bidzos, President, RSA Data Security, Inc.
Spyrus
"SPYRUS is committed to Microsoft CryptoAPI. We are building Cryptographic Service Providers (CSPs) for our line of Cryptographic PC Card Tokens. By the end of the 1Q96, we will deliver CSPs for our FORTEZZA Crypto Card which implements US Government algorithms and our LYNKS Privacy Cards which implement commercial algorithms including RSA, Diffie-Hellman, DES, RC2 and RC4."
-- Russell Housley, Chief Scientist
For more information on SPYRUS Cryptographic PC Card Tokens, send electronic mail to info@spyrus.com.
"Trusted Information Systems, Inc. believes that the Microsoft CryptoAPI will have a fundamentally positive effect on making cryptography available worldwide. We expect a large number of Cryptographic Service Providers (CSPs) to quickly emerge supporting this standard. TIS will work with CSPs and applications developers to ensure key recovery technologies are available throughout their product lines. In addition, our International Cryptography Experiment (ICE)
will take advantage of the CryptoAPI, which will ensure the success of the experiment."
-- Steve Walker, President
You can sign up for our list server and newsgroups at http://www.microsoft.com/workshop/essentials/mail.asp.
Did you find this material useful? Gripes? Compliments? Suggestions for other articles? Write us!
© 1999 Microsoft Corporation. All rights reserved. Terms of use.
Back to top