The CryptoSysTM range of cryptographic products provide a full library of cryptography tools for developers using Visual Basic, VB6, VBA, VB.NET/VB2005+, C/C++ and C#.
CryptoSys API | CryptoSys PKI | Product Comparison | FAQ | Search | Contact us
Check out the latest releases of our CryptoSys PKI Toolkit Version 3.10.0 released 2 September 2014 and CryptoSys API Library Version 4.7 released 15 September 2013. A new Version 5.4.3 of FirmaSAT for Windows was released on 28 October 2014 with support for the latest 2014 `complementos` supplements. The Java interface to FirmaSAT was updated on 27 October 2014.
Our cryptography products only include well-known cryptography algorithms recommended by organisations such as NIST or ISO, or those acknowledged by experts as being reliable. We avoid anything with any whiff of a current patent attached to it. None of our cryptography products use OpenSSL in any form.
There are two major products: CryptoSys API provides "symmetrical" encryption and the CryptoSys PKI Toolkit provides "asymmetrical" public key encryption and digital signatures. Both include the necessary supporting algorithms.
|CryptoSys API||The original CryptoSys API provides four of the major block cipher algorithms: AES, DES, Triple DES and Blowfish; a stream cipher compatible with RC4; key wrap with AES and Triple DES; secure message digest hash algorithms SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5, RIPEMD-160 and SHA-3; the HMAC and CMAC message authentication algorithms, data compression, and a secure random number generator. Includes interfaces for Visual Basic, VBA, VB.NET/VB2005/8/x, C/C++, C# and ActiveX/COM/ASP. More details below. Version 4.7 released 15 September 2013 including interfaces to vb.net, C# and 32-bit ActiveX/COM/ASP. Conversions of most of the VB6 code examples in the manual to VB.NET are available here.|
Our CryptoSys PKI toolkit
features RSA public key encryption, digital signatures, X.509 certificate handling,
and cryptographic message syntax (CMS) objects that can be used with S/MIME
|Where to buy:||
CryptoSys API can be purchased here.
Download a free fully-functional trial version now.
CryptoSys PKI can be purchased here. Download a free fully-functional trial version now. More details...
FirmaSAT can be purchased here. Download a free fully-functional trial version now. More details...
Note that CryptoSys API and CryptoSys PKI are different products. FirmaSAT is now (as of July 2011) a stand-alone product specifically for Mexico S.A.T. digital receipts.
See also a comparison of our CryptoSys range of products, Frequently Asked Questions and using on a 64-bit system.
The CryptoSys API is a developer's toolkit of fast, efficient symmetrical cryptographic functions in Visual Basic, VBA, VB.NET/VB2005/8/x, C/C++, C#, and ASP. You can incorporate it in your own apps or call it from VBA applications like Access, Excel and Word. It provides four of the major block cipher algorithms, a stream cipher algorithm, key wrap, secure message digest hash algorithms, the HMAC message authentication algorithm, the CMAC algorithm, a data compression facility, a password-based key derivation function (PBKDF2), a secure random number generator and other utilities. If you need to do "asymmetric" public key cryptography, look at our alternative product, the CryptoSys PKI Toolkit.
Read the API Manual | Features | BUY NOW | Download Trial | Examples
Licensed Users | Introduction | Feedback | Support | Documentation | Error Codes | Known Issues | ActiveX Interface | .NET Interface | Other Interfaces | RNG algorithm | Integrity | FAQ | Search | Contact us
“ This message is simply one of thanks for you developing this API. I have spent the last 2 days trying (in vain) to generate SHA256 and MD5 hashes in MS Access vba to support an interface to Amazon's REST MWS API. ”
“ I downloaded the Personal package about two hours ago, and my application is up and running with no problems! You have done a great job. ”
“ First thanks for the great documentation with your product. I had spent three days trying some other solutions to my HMAC problem, and 1 hour after downloading your trial, my problem was solved. ”
“ For developers, your product is great. ”
-Mark H, US Navy
“ Thanks for putting together such a great and easy to use library. Your product is great and support is excellent as well. ”
“ Thanks for an awesome product! ”
“ Thank you very much. Your software worked great for our project. ”
“ Thanks for your quick response. And thanks for Cryptosys API and other related tools. You have done a great job. I like the fact that Cryptosys comes in the form of a DLL whose cipher algorithms can be called from VB and C/C++. ”
“ Thanks for your response...truly stellar, and I appreciate your company's great product. ”
“ One finds that rarely! So clear information and so clean program code: Access VBA, CryptoSys API, Cryptography generally. Thank you! ”
“ Thank you very much. This answers our questions and we have everything working correctly. Your support was very timely and precise. We are very pleased to have worked with you. ”
“ Thank You very much for pointing me out to CryptoSys API. I was able to fix my issues related to inter-operability between java and VBScript. I am going to be using your libraries. ”
“ The CryptoSys API was easy to master and provided ARMP with a fast solution to our Smart Card encryption software developed with Visual Basic. ”
-Army Recreation Machine Program.
Please give us your feedback.
The block cipher algorithms in the CryptoSys API are:
The one-way message digest hash functions the Secure Hash Algorithm (SHA-1), SHA-224, SHA-256, SHA-384, SHA-512, MD5, MD2, RIPEMD-160 and SHA-3 [see note †].
† SHA-3 changes in FIPS-202: The latest draft version of FIPS-202 has changed the original specification of SHA-3 used provisionally in CryptoSys API v4.6 and v4.7. The next upgrade of CryptoSys API will incorporate the changed specification when finalised. We will release this when the final version of FIPS-202 is published, expected at the end of August 2014. See also known issues.
The stream cipher (PC1) is fully compatible with RC4 (ARCFOUR). The random number generator complies with the Federal Information Processing Standards Publication FIPS PUB 140-2 Security Requirements for Cryptographic Modules. Data compression functions are included based on Jean-loup Gailly's excellent 'zlib' product. We suggest one way of using compression with CryptoSys and show how to store the compressed plaintext in a simple packet structure before encryption. Another technique of compression and encryption is shown in our demonstration VB6 project of MySecret with CryptoSys API.
Random Number Generator (RNG): Version 4 of CryptoSys API includes a new improved thread-safe random number generator (RNG) based on the strict NIST SP 800-90 standard†. This is compliant with FIPS PUB 140-2. To that end, we publish the full details of the random number algorithms used in CryptoSys. Your comments and review are welcome.
† Note 2013-09-21: Our implementation does not use the Dual EC_DRBG component of NIST 800-90 that has been revealed to contain an NSA backdoor.
The CryptoSys API functions allow you to encrypt, decrypt, hash and authenticate data in a variety of formats, as well as generating secure random keys to use in your applications. Your input data can generally be in a byte array, encoded as a hexadecimal string, or in a file. The functions can process the data in a one-off manner, or, for longer inputs, you can call the "update" functions sequentially after initialising. The block cipher algorithms work in Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB) and Counter (CTR) modes. AES with Galois/Counter Mode (AES-GCM) is provided. You can generate random keys and nonces in a secure manner. All functions are thread-safe. See the Examples page.
The CryptoSys API uses a straightforward and independent Win32 DLL which is compatible with all versions of 32-bit Windows (95/98/Me/NT4/2K/XP/2003/Vista/W7/W8). A 64-bit DLL is also provided. There is no "COM", no "Active-X", and no requirement to "register" it with Windows to use it. The products do not use or rely on the Microsoft Cryptographic API (CRAPi [sic]) cryptographic providers in any way. Developers can distribute to their clients by simply copying a single file into the correct directory. For those users who do want ActiveX capability so they can call it from an ASP page, there is a free ActiveX Interface (32-bit platforms only).
Download the latest Trial Edition of CryptoSys API now. Use either
Unzip the zip file and run the
setup.exe program inside it, or download the exe program directly and run it.
The Trial Edition is fully-functional and the download includes the full set of manuals and test functions in Visual Basic (VB6), VB.NET, C and C#. Please read the licence conditions for the Trial Edition. The trial period is 60 days from the date first installed on your system.
You need to have administrator rights when installing and uninstalling.
You can purchase a licenced version here. Existing licence holders can download the latest Developer Edition here.
See Writing an interface in another programming language for advice and examples in how to use CryptoSys API with other programming languages, including Visual FoxPro and Team Developer.
For Delphi, see the page Using Delphi with CryptoSys API, CryptoSys PKI and FirmaSAT for more details and some sample code.
See Using CryptoSys API with Microsoft Excel for an example of how to call a function in CryptoSys API from an Excel spreadsheet.
Check the integrity of your CryptoSys API software.
Please refer to our brief introductions to Using Keys in Cryptography and Using Padding in Encryption.
No. For public key cryptography, see our CryptoSys PKI Toolkit.
For free cryptographic code written by David Ireland, including Blowfish in Visual Basic, a full set of multiple-precision arithmetic routines written in ANSI C, base64 encoding; CRC-16, CRC-24 and CRC-32 routines; the MySecret Blowfish utility, and more, visit DI Management's Cryptography Software Code Page.
For more information, please send us a message.
This page last updated 3 November 2014