Cryptography software tools for Visual Basic and C/C++/C# developers

The CryptoSys^TM range of cryptographic products provide a full set of developer tools to secure your e-Commerce applications in Visual Basic and C/C++/C# and ASP.

CryptoSys API Quick Index

Check out the latest release of our latest version of CryptoSys API released 12 July 2008.

CryptoSys Products

Our cryptography products only include well-known cryptography algorithms recommended by organisations such as NIST or ISO, or those acknowledged by experts as being reliable. We avoid anything with any sniff of a current patent attached to it.

CryptoSys API	The original CryptoSys API provides four of the major block cipher algorithms: AES, DES, Triple DES and Blowfish; a stream cipher compatible with RC4; key wrap with AES and Triple DES; secure message digest hash algorithms SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5 and MD2; the HMAC and CMAC message authentication algorithms, data compression, and a secure random number generator. Includes interfaces for Visual Basic, VBA, VB.NET/VB2005, C/C++, C# and ActiveX/COM/ASP. More details below. Version 4.1 released 12 July 2008 including interfaces to vb.net, C# and ActiveX/COM/ASP. There is also a Linux Version available.
CryptoSys PKI	Our CryptoSys PKI toolkit features RSA public key encryption, digital signatures, X.509 certificate handling, and cryptographic message syntax (CMS) objects that can be used with S/MIME including `rsaEncryption` and RSA-KEM. Full details on the CryptoSys PKI Toolkit page. Includes message digest computation with SHA-1/256/224/256/384/512/MD5/MD2, HMAC message authentication codes, secure random numbers, and base64 conversion functions. Interfaces are provided for Visual Basic, VBA, VB.NET/VB2005, C/C++, C# and more. Version 3.2 issued 2 February 2008 including interfaces to vb.net and C#. A Linux Version is also available. A new utility to create SAT Mexico digital signatures is available: see FirmaSAT.
CryptoSys KeyExchange	CryptoSys KeyExchange provides cryptographic primitives to carry out Diffie-Hellman key agreement schemes and key establishment protocols. It conforms to ANSI X9.42-2003 Agreement of Symmetric Keys Using Discrete Logarithm Cryptography. Key establishment schemes are used by two parties to establish common shared secret information like cryptographic keys. CryptoSys KeyExchange provides functions and methods for programmers in C, C++, C#, Classic Visual Basic (VB6), VBA, COM, ASP and VB.NET. Version 1.0 released 20 February 2007. A Linux Version is also available.
CryptoSys Encode	Encode and decode base64 and hexadecimal data in extremely fast times. CryptoSys Encode also carries out fast CRC-32 checksum calculations. Download from the CryptoSys Encode page. Upgrade 2.0 released 17 August 2003. This product is FREE!.

See a comparison of our CryptoSys range of products and Frequently Asked Questions.

CryptoSys API

The CryptoSys API is a developer's toolkit of fast, efficient cryptographic functions in Visual Basic, VBA, VB.NET/VB2005, C/C++, C#, and ASP. It can be called from VBA applications like Access, Excel and Word. It provides four of the major block cipher algorithms, a stream cipher algorithm, key wrap, secure message digest hash algorithms, the HMAC message authentication algorithm, the CMAC algorithm, a data compression facility, a password-based key derivation function (PBKDF2), a secure random number generator and other utilities.

New Version 12 July 2008:

New version 4.1 with VB.NET, C# and ActiveX interfaces. See New and Updated in latest version below.

Feedback on CryptoSys API

I downloaded the Personal package about two hours ago, and my application is up and running with no problems! You have done a great job.
-Anthony W.

First thanks for the great documentation with your product. I had spent three days trying some other solutions to my HMAC problem, and 1 hour after downloading your trial, my problem was solved.
-James S.

For developers, your product is great.
-Mark H, US Navy

Thanks for putting together such a great and easy to use library. Your product is great and support is excellent as well.
-Mark W.

Thanks for your quick response. And thanks for Cryptosys API and other related tools. You have done a great job. I like the fact that Cryptosys comes in the form of a DLL whose cipher algorithms can be called from VB and C/C++.
-Jalal R.

Thanks for your response...truly stellar, and I appreciate your company's great product.
-Steve J.

One finds that rarely! So clear information and so clean program code: ACCESS VBA, CryptoSys API, Cryptography generally. Thank you!
-Felix S.

Thank you very much. This answers our questions and we have everything working correctly. Your support was very timely and precise. We are very pleased to have worked with you.
-Dan B.

The CryptoSys API was easy to master and provided ARMP with a fast solution to our Smart Card encryption software developed with Visual Basic.
-Army Recreation Machine Program.

The block cipher algorithms in the CryptoSys API are:

The Advanced Encryption Standard (AES)
The original Data Encryption Standard (DES)
Its currently approved replacement, Triple DES (TDEA, 3DES)
Bruce Schneier's Blowfish

The one-way message digest hash functions the Secure Hash Algorithm (SHA-1), the stronger SHA-256 version, and SHA-224, SHA-384, SHA-512, MD5 and MD2. The stream cipher (PC1) is fully compatible with RC4. The random number generator complies with the Federal Information Processing Standards Publication FIPS PUB 140-2 Security Requirements for Cryptographic Modules. Data compression functions are included based on Jean-loup Gailly's excellent 'zlib' product. We suggest one way of using compression with CryptoSys and show how to store the compressed plaintext in a simple packet structure before encryption. Another technique of compression and encryption is shown in our demonstration VB6 project of MySecret with CryptoSys API.

New Random Number Generator (RNG): Version 4 of CryptoSys API includes a new improved thread-safe random number generator (RNG) based on the strict NIST SP 800-90 standard. This is compliant with FIPS PUB 140-2. To that end, we publish the full details of the random number algorithms used in CryptoSys. Your comments and review are welcome.

The CryptoSys API functions allow you to encrypt, decrypt, hash and authenticate data in a variety of formats, as well as generating secure random keys to use in your applications. Your input data can generally be in a byte array, encoded as a hexadecimal string, or in a file. The functions can process the data in a one-off manner, or, for longer inputs, you can call the "update" functions sequentially after initialising. The block cipher algorithms work in Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB) and Counter (CTR) modes. You can generate random keys and nonces in a secure manner. All functions are thread-safe. See the Examples page.

Features

Interfaces for VB6/VBA, C/C++, C#, VB.NET/VB2005 and VBScript/COM/ASP programmers.
Block cipher encryption with AES, DES, Triple DES and Blowfish algorithms.
Key wrap with AES and Triple DES.
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5 and MD2 message digest hash algorithms.
HMAC message authentication.
CMAC message authentication (OMAC1).
Data compression and decompression algorithms.
Password-based key derivation function (PKCS #5 v2 PBKDF2).
Secure random number generator to FIPS-140-2 and NIST SP 800-90.
PC1 stream cipher encryption compatible with RC4.
CRC-32 checksum functions
Carry out encryption and hash digest operations in one-off manner or in repeated blocks.
Input data as a hex string, byte array or directly from a file.
Built-in hexdecimal and base64 encoding and decoding functions.
Small executable footprint.
Runs on any Win32 operating system: 95/98/NT4/2K/XP/2003/Vista. X64 version also available.
Independent of Microsoft Cryptographic API.
Does not use COM or Active-X or require registering with RegSvr32 to use (except optional ActiveX interface).
A Linux Version is available separately.
Thread-safe operation in all modes.
Automatic self-checking of software integrity and key functions on start up.

Changes in Version 4.1

Added key wrap functions with AES and Triple DES.
Added SHA-224 message digest to generic HASH and HMAC functions.
Upgraded password key derivation PBKDF2 functions to include SHA-2 hash functions as per PKCS#5 v2.1.
Includes executables compiled for Windows 64-bit (x64) computers.
Carried out an expensive product rebrand (well, we changed the colour of the CryptoSys API logo).

Changes in Version 4.0

Added generic HASH functions to provide SHA-384 and SHA-512 as well as existing hash digest functions.
Added generic MAC functions to provide HMAC and CMAC message authentication code algorithms.
Introduced new random number generator to strict NIST SP800-90 specification.

Changes in Version 3.2

Added CFB, OFB and CTR modes for all block ciphers. See Block Cipher Modes.
Added padding and unpadding functions for block ciphers. See Padding Functions.
Introduced the .NET class library as a more convenient and safer interface for C# and VB.NET programmers. Interface source code in C# is included.
Added hex version of password key derivation and RC4-compatible stream cipher functions PBE_Kdf2Hex and PC1_Hex.
Added base64 support for block ciphers, e.g. AES128_B64Mode.
Added base64 conversion functions CNV_BytesFromB64Str and CNV_B64StrFromBytes.
Various minor speed tweaks and improvements in error handling and thread local storage.

What do I get?

There are over 150 cryptographic functions in the CryptoSys API. The installed footprint is small, around 350 kB. It comes with an easy to use installation program, demo projects, sample test source code, and a complete manual with examples.

How does it work?

The CryptoSys API uses a straightforward and independent Win32 DLL which is compatible with all versions of 32-bit Windows (95/98/Me/NT4/2K/XP/2003/Vista). There is no "COM", no "Active-X", and no requirement to "register" it with Windows to use it. The products do not use or rely on the Microsoft Cryptographic API (CRAPi [sic]) cryptographic providers in any way. Developers can distribute to their clients by simply copying a single file into the correct directory. For those users who do want ActiveX capability so they can call it from an ASP page, there is an ActiveX Interface.

Penguin graphic courtesy of Larry Ewing <lewing@isc.tamu.edu> Linux Version: There is also a beta Linux Version with a static library which you are free to test and use on your own Linux system. We created the static library on a Fedora Core 1 system and we've tested it on other Red Hat and Ubuntu systems without problems. If it compiles OK and the detailed tests run without error then we are pretty confident that it will work for you.

Read the Manual

Read the latest version of the CryptoSys API manual page-by-page (first page 12 kB) - Contents - Function List - Index. The full manual in "stand-alone" HTML format (784 kB) is included in the install distribution and can be found in the folder C:\Program Files\CryptoSys, or you can download a zipped version (123 kB).

Please also see the Frequently Asked Questions, Errata and Examples pages.

How do I get it?

There are three versions available. All have identical functions.

The Personal Version is free for personal use on a stand-alone computer.
The Server Trial Version is also free and allows you to test the functions with an ActiveX interface on IIS and ASP applications for 30 days.
The licensed Developer Version works without restrictions in any environment, including IIS/ASP.

Please test the CryptoSys API before purchasing using either the Personal or Server Trial version.

All versions include the full manual and test functions in Visual Basic, C, VB.NET and C#. The Server and Developer Versions include an ActiveX interface which can be called from ASP pages and other COM applications. The source code for the ActiveX and DotNet Class Library DLLs is included.

The install program and the product functions have been tested on W95, W98, NT4, W2K and XP systems. The functions have been tested using Visual Basic 6, Microsoft Office VBA (97 and 2003), Microsoft .NET Framework 2.0, Microsoft Visual C++ versions 5, 6, 7 and 8, and Borland C++Builder version 5.5.

What's the difference between the Personal and Server Versions?

Both the Personal and Server Versions have the same core cryptographic functions except the ActiveX interface does not work with the Personal Version. The Personal Version is for use on a stand-alone personal computer. It does not expire but has a pop-up when it is first used. The Server Version is designed for use on both a server in an IIS/ASP environment or on a stand-alone or networked computer. Either version may be used for evaluating the licensed Developer Version, which works in any environment.

Hint: If for some reason you are having problems getting the Personal Version to work, try installing the Server version instead.

Delphi

The functions in CryptoSys API can be called from a Delhi program in the same way you would call Win32 API functions. You need to provide a function statement with the correct parameters and types, and an external reference to 'diCryptoSys.dll'.

Sebastian Jäschke provided this simple interface to Delphi showing how to call the SHA2_FileHexHash function to generate the SHA-256 digest of a file.

Humberto Souza has provided a Delphi program showing how to encrypt and decrypt using the BLF_HexMode function together with conversions to and from base64 and hex encoding for strings. Humberto's full code and executable is in Delphi_example1.1.zip (216 kB) (we have not tested this code). Last updated 2008-09-18.

What interfaces are available?

The core product can be accessed directly using the classic Visual Basic, VBA, C and C++ programming languages. There are interfaces included in the installation download for .NET (C# and VB.NET) and ActiveX/COM. Browse the on-line .NET help manual. A beta Linux version is also available.

Writing your own interface

Hint: If you are considering writing an interface to CryptoSys API, please note that the DLL is a simple Win32 DLL not an ActiveX one, and that only 32-bit signed integers (LONG) and ANSI strings (LPSTR) are used throughout. You call the functions in the same way you call Win32 API functions like GetUserName. Refer to the sections of the manual on Return Values and Type Conversions.

Delphi

See above.

GUPTA Team Developer

Jeff Luther has produced an interface using GUPTA Team Developer (TD v1.5). See Jeff's Code Samples and scroll down to find CRC-32 checksum, and MD5, SHA-1 & SHA-256 hash calculations.

Interfaces to CryptoSys PKI

Users have sent in interfaces to the API's sister product CryptoSys PKI in PowerBuilder, the D programming language, Stony Brook Iso Modula-2 and PowerBASIC. Although not directly created for the CryptoSys API, those interfaces should give you enough hints on how to create an interface in your language. See Extra Interfaces.

Do I have a valid version?

Check the integrity of your CryptoSys API software.

How do I create keys and manage padding when encrypting?

Please refer to our brief introductions to Using Keys in Cryptography and Using Padding in Encryption.

Does CryptoSys API do Public Key Cryptography?

No. For public key cryptography, see our CryptoSys PKI Toolkit. If you just need to exchange keys in a secure manner, look at our CryptoSys KeyExchange product.

Legacy products

The CryptoSys Blowfish and CryptoSys Hash products have been withdrawn. All functions in both products are available in CryptoSys API, which is fully supported and has interfaces for C# and VB.NET programmers. Existing licence holders can still Download a Developer Version of CryptoSys Blowfish and Download a Developer Version of CryptoSys Hash.

More Cryptographic Code

For free cryptographic code written by David Ireland, including Blowfish in Visual Basic, a full set of multiple-precision arithmetic routines written in ANSI C, base64 encoding; CRC-16, CRC-24 and CRC-32 routines; the MySecret Blowfish utility, and more, visit DI Management's Cryptography Software Code Page.

This page last updated: 17 September 2008