In recent years, many companies, individuals, and government institutions have devised their own algorithms based on variations of the public-key and symmetric-key approaches. At least for now, the stronger candidates among these methods are quite secure indeed. One remaining problem of using encryption generally has been a lack of standards. Not only are the algorithms used very different, but even with the same published algorithm, software implementations done by different people can result in incompatible encrypted output.
Initiatives such as Microsoft’s crypto API are exciting in their potential, because their modular design addresses the problem of encryption standards. With the crypto API, users can install any third-party cryptographic algorithms as simply as they install a new printer driver. Programmers are free to concentrate on building applications that can make use of whichever algorithms are chosen by the users (subject to certain restrictions, such as the applicability of the algorithm to encryption of streaming versus blocks of data, or key-only types of encryption algorithms).
A cryptographic service provider (CSP) is any agency that offers an algorithm, or a set of algorithms, that corresponds to the crypto API interface. Through this interface, application software is able to make use of encryption algorithms by selecting them at runtime.