CryptoSys PKI Toolkit

The CryptoSys PKI Toolkit provides you with an interface to public key cryptography functions from Visual Basic, VB6, VBA, VB.NET, VB2005, C/C++ and C# programs on any Win32-compatible system (W95/98/Me/NT4/2K/XP/2003/Vista).

You can create and read both enveloped-data (encrypted) and signed-data Cryptographic Message Syntax (CMS, PKCS#7) objects, which you can use in S/MIME email messages; verify the digital signature in a signed-data CMS object; generate and manage RSA public and private keys; carry out "raw" RSA encryption and digital signing, make PKCS#10 certificate request files, and create and manage X.509 certificate files.

Other utilities included in the toolkit are the ability to generate message digest hash values using SHA-1, MD5, MD2, SHA-224/256/384/512; generate HMAC keyed-hash message authentication values, wipe files using 7-pass DOD standards, generate cryptographically-secure random numbers to the strict NIST SP800-90 standard, prompt for a password, and convert to and from base64- and hexadecimal-encoded formats.

Released 2 February 2008:

New version 3.2: see New and Updated in latest version below.

New utility to create SAT Mexico digital signatures: see FirmaSAT.

Features

Provides over 100 core functions to provide PKI cryptography and utilities
Includes detailed 250-page manual
Interfaces for VB6/VBA, C/C++, VB.NET/VB2005 and C#
Create Cryptographic Message Syntax (CMS, PKCS#7) objects suitable to use in S/MIME messages
Create and manage X.509 certificates
Make PKCS#10 certificate request files
Provides RSA public key encryption and signing
Generate and manage RSA public and private keys
Carry out "raw" RSA encryption and decryption
Encrypt key data for transport using the [new in version 3.2] RSA-KEM ("Simple RSA") algorithm
Encrypt with symmetrical block ciphers Triple-DES and [new in version 3.2] AES-128/192/256 in 5 standard modes
Generate message digests (hash values) using SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD2 and MD5
Generate HMAC keyed hash authentication codes
Generate secure random numbers
Convert data to and from base64- and hexadecimal-encoded format
Totally thread-safe.

CryptoSys PKI uses a straightforward Win32 DLL which is compatible with all versions of 32-bit Windows (95/98/Me/NT/2K/XP/2003/Vista). There is no "COM", no "Active-X", and no requirement to "register" it with Windows to use it. The installed executable has a small footprint under 300 KB. Developers can easily distribute it with their projects made in Visual Basic, VBA, C, C++, VB.NET/VB2005 or C# (in fact, in any other programming language that will let you call Win32 API functions - see Extra Interfaces). For more information on how the RSA key data is stored and how the various functions work together, see RSA Key Formats. For some examples, see the Examples section below. For the theory and more detailed explanations of how RSA is used in practical applications, see RSA algorithm including its use in creating ISO/IEC 9796 signatures in the AUTACK scheme. We have prepared some Test Vectors For RSA-KEM, which can be reproduced using CryptoSys PKI.

Note that the CryptoSys PKI Toolkit is totally independent from our original CryptoSys API product. The two packages do different things and do not require the other in order to work: see a Comparison of CryptoSys Features for a summary.

Feedback on the CryptoSys PKI Toolkit

Great product - just what I was looking for - bought a copy this morning.

Good work everyone!

It seems to be a very good and powerful toolkit

Thank you very much for the quick and detailed answer. It helped me a lot and now my program works pretty good, I have signed and encrypted my data successfully.

I wanted to let you know we [purchased] CryptoSys Software to include in an ERP project we are working on in Mexico. I had tried other digital signature products that required the certificate (with private) key first be stored in the Win certificate store and then I wasn't getting the correct signature. So, I guess there is something special about how you are using the .key file that is provided by SAT Mexico. I am very glad I came across your product. Thank you

Manual

Read the latest version of the manual page-by-page (first page 8 kB) - Contents - Function List - Index. The full manual in html format (647 kB) is included in the install distribution and can be found in the folder C:\Program Files\CryptoSysPKI, or you can download a zipped version (128 kB). Please check the Known Issues page. Users of the .NET C# and VB.NET/VB2005 interfaces can browse the on-line .NET help manual.

Download

Download a free Trial Version of the CryptoSys PKI Toolkit now.

The install program and the product functions have been tested on W95, W98, NT4, W2K, XP and Vista systems. The functions have been tested using Visual Basic 6, Microsoft Office VBA (97 and 2003), Microsoft .NET Framework 1.0, Microsoft Visual C++ versions 5, 6, 7 and 8, and Borland C++Builder version 5.5.

The trial version download includes the full manual and test functions in Visual Basic, VB.NET, C and C#. Please read the licence conditions for the trial version. The latest version 3.2 was released on 2 February 2008. The trial period is 60 days from the date first installed on your system.

You need to have administrator rights when installing and uninstalling.

You can purchase a licenced version here. Existing licence holders can download the latest Developer Version here.

Support

For support, please send details of your problem (including programming language and operating system) using our contact page. Please also check the Frequently Asked Questions and Known Issues pages.

For assistance in programming in your language, please see the sections in the manual:

and the extra advice at Programming with the CryptoSys PKI Toolkit.

Examples

There is an example of each function in the manual and a series of tests in VB6/VBA, VB.NET/VB2005, C/C++ and C# provided with the installation download. These test programs should be in C:\Program Files\CryptoSysPKI.

See the PKI Examples Page for more details and more examples.

We get lots of queries asking how to use the RSA_Raw functions to do simple RSA encryption and signing. See Raw RSA Techniques for a guide to methods available in the latest version, including the new EncodeMsg and DecodeMsg functions introduced in version 2.6. If you want more detailed information about the different formats in which RSA keys can be stored, how the keys are used to create X.509 certificates, and all the different functions in the Toolkit that create, read and save the key data, you may find the information in RSA Key Formats useful. See also Importing an RSA key from known parameters.

Mexican Government SAT

The CryptoSys PKI Toolkit now includes full support for the private key files published by the Servicio de Administración Tributaria in Mexico. See SAT Mexico Example for some sample code. New 6 Aug 2007

New utility to create digital signatures in SAT v2.0 format and more now available. See FirmaSAT.

Security interface for the German health care insurances services

The CryptoSys PKI Toolkit complies with the requirements of the security interface for data exchange for the German health service version 1.5. See Data Exchange in the German Health Service with CryptoSys PKI.

CryptoSys PKI Toolkit erfüllt alle Voraussetzungen, die notwendig sind, gemäß der Security Schnittstelle für den Datenaustausch im Gesundheitswesen Version 1.5, um mit den Datenannahmestellen der gesetzlichen Krankenkassen und dem ITSG-Trustcenter zu kommunizieren. Anders als bei DAKOTA stehen hier alle notwendigen Prozeduren in einer einzigen DLL zur Verfügung. Für das Erstellen der Zertifizierungsanfrage, dem Einlesen der Zertifizierungsantwort, dem Signieren / Verschlüsseln der Nachricht und der Speicherung der Daten (Zertifikate, privater Schlüssel, Annahme-pkcs.key) sind Beispiele in VB vorhanden. Sowohl der Zertifikatsantrag (PKCS#10 Format) beim ITSG-Trustcenter als auch die Datenübermittlung (PKCS#7 Format) an AOK, IKK, BKK, LKK, Knappschaft wurden erfolgreich durchgeführt. CryptoSys PKI Toolkit wird im Leistungserbringerverfahren und im Arbeitgeberverfahren erfolgreich eingesetzt.

Extra Interfaces

There are interfaces to or both C# and VB.NET programmers in the .NET Class Library. Dr Richard Koch has kindly provided interfaces to the toolkit in a variety of other programming languages. See Extra Interfaces.

Linux Version

There is a beta release of a Linux Version of CryptoSys PKI. The Toolkit is provided as a static library which can be compiled with your own source code.

Integrity

Check the integrity of your PKI software against our published checksums and message digests.

New security algorithms in Version 3.2

We have introduced a whole new set of combinations of new encryption algorithms in this version.

All three flavours of AES have been added to the set of symmetric encryption functions, previously just Triple DES.
The signature functions for X.509 certificates and signed-data objects have been extended to use the stonger SHA-2 family of message digest algorithms like SHA-256.
The stronger PBES2 algorithms from PKCS#5 v2.1 for password-based key encryption based on AES and the SHA-2 family have been added.
We've introduced [provisionally in version 3.2] a version of the RSA-KEM algorithm for key transportation, both as a stand-alone primitive and as an alternative to the PKCS#1 v1.5 rsaEncryption algorithm in S/MIME enveloped-data objects.
The block-cipher-based key wrap algorithms using AES and Triple DES have also been added: these are used as part of the RSA-KEM algorithm and are provided as separate primitive functions.
We've even added the seemingly-useless SHA-224 message digest algorithm to all the hash and HMAC functions.

Increased combinations of options for algorithms:

Function	Combinations Before	Combinations Now
`CMS_MakeEnvData`	1	24
`CMS_MakeSigData`	2	6
`X509_MakeCert`	3	7
`RSA_SaveEncrPrivateKey` `RSA_MakeKeys`	5	24

That's an extra 50 alternatives for users; and another 50 set of acceptance tests for us to do, for which there aren't any decent test vectors yet. Use at your own risk.

We must add that most of these new additions are overkill for the average user. It's convenient for us to add all the combinations at once, but expect the standard CMS algorithms of rsaEncryption with SHA-1 and Triple DES for encryption, and sha1WithRSAEncryption for signatures to stay as a standard for several years to come. Most other applications will not accept the new AES/SHA-2 algorithms yet, so check with your recipients whether they support them. We note that signatures using SHA-256 are starting to be required and we expect AES-128 will become a commonplace requirement instead of Triple DES soon. Otherwise, most other options (AES-192/256 and SHA-384/512) should be kept in reserve. Please consult your security adviser for the latest recommendations.

Remember that it's the overall security of your entire process that matters, not that you've decided to use AES-256 and SHA-512 just because they are the strongest items on the menu. A security level of 128 bits can be satisfied with AES-128 and SHA-256 and an RSA key of 3072 bits. Any keys and random numbers used should be to the same security level (which is harder to do than you might think). And a password of the same strength needs to be approximately 98 characters long! See NIST Special Publication 800-57 Part 1 section 5.6 for more details on consistent security levels.

When we are dragged up to the cryptography equivalent of the International Court of Justice in The Hague on charges of wilfully giving inexperienced users the ability to use cryptographic algorithms they couldn't hope to use properly, we shall plead the usual excuse that we did warn them and point to the weasel words we included in the small print of the user license :-)

Functions available in the CryptoSys PKI Toolkit:-

* New in Version 3.2

CMS functions

CMS_MakeEnvData - Create an encrypted CMS enveloped-data object for one or more recipients using their X.509 certificates.
CMS_MakeEnvDataFromString - ditto using data directly from a string instead of a file.
CMS_ReadEnvData - Reads and decrypts a CMS enveloped-data object using recipient's private key.
CMS_ReadEnvDataToString - ditto writing data directly into a string instead of a file.
CMS_MakeSigData - Create a CMS signed-data object using sender's private key.
CMS_MakeSigDataFromString - ditto using data directly from a string instead of a file.
CMS_MakeSigDataFromSigValue - ditto using a pre-computed signature value.
CMS_MakeDetachedSig - Create a "detached signature" CMS signed-data object from message digest of content.
CMS_ReadSigData - Reads content from a CMS signed-data object file.
CMS_ReadSigDataToString - ditto writing content data into a string instead of a file.
CMS_GetSigDataDigest - Extracts message digest from a CMS signed-data object file and verifies the signature.
CMS_VerifySigData - Verifies signature and content of a CMS signed-data object file.
CMS_QuerySigData - Queries a CMS signed-data object file for selected information.
CMS_QueryEnvData* - Queries a CMS enveloped-data object file for selected information.

RSA public key functions

RSA_MakeKeys - Generate a RSA key pair and save as a public key file and PKCS-8 EncryptedPrivateKeyInfo file.
RSA_ReadEncPrivateKey - Reads private key string from a PKCS-8 EncryptedPrivateKeyInfo file.
RSA_ReadPrivateKeyInfo - Reads private key string from an (unencrypted) PrivateKeyInfo file.
RSA_SaveEncPrivateKey - Saves a private key string to a PKCS-8 EncryptedPrivateKeyInfo file.
RSA_SavePrivateKeyInfo - Saves a private key string to an (unencrypted) PKCS-8 PrivateKeyInfo file.
RSA_GetPrivateKeyFromPFX - Extracts a private key from a PKCS-12 PKCSShroudedKeybag.
RSA_ReadPublicKey - Reads public key string from a PKCS-1 RSAPublicKey file.
RSA_SavePublicKey - Saves a public key in a PKCS-1 RSAPublicKey file.
RSA_GetPublicKeyFromCert - Extracts a public key from a X.509 certificate.
RSA_KeyBits - Returns length of key in bits given public or private key string.
RSA_KeyBytes - Returns length of key in bytes given public or private key string.
RSA_ToXMLString - Creates an XML string representation of an RSA internal key string.
RSA_FromXMLString - Creates an RSA key string in internal format from an XML string.
RSA_CheckKey - Checks if an RSA key string is valid.
RSA_KeyHashCode - Returns a hash code of a public or private key string.
RSA_KeyMatch - Verifies that a pair of private and public key strings are matched.

Raw RSA functions

RSA_RawPublic - Transforms raw data using an RSA public key.
RSA_RawPrivate - Transforms raw data using an RSA private key.
RSA_EncodeMsg - Creates an EME or EMSA encoded message block according to PKCS#1.
RSA_DecodeMsg - Decodes an EME or EMSA encoded message block according to PKCS#1.
RSA_KemWrap* - Wraps (encrypts) secret key material using RSA-KEM with the recipient's RSA public key.
RSA_KemUnwrap* - Unwraps (decrypts) secret key material using RSA-KEM with the recipient's RSA private key.

X.509 certificate functions

X509_MakeCert - Create an X.509 certificate.
X509_MakeCertSelf - Create a self-signed X.509 certificate.
X509_CertRequest - Creates a PKCS-10 certification signing request (CSR).
X509_VerifyCert - Verifies that an X.509 certificate has been signed by its issuer.
X509_CertIsValidNow - Verifies that an X.509 certificate is currently valid.
X509_CertThumb - Calculates the SHA-1 thumbprint of an X.509 certificate.
X509_CertIssuedOn - Gets the date and time an X.509 certificate was issued.
X509_CertExpiresOn - Gets the date and time an X.509 certificate expires.
X509_CertSerialNumber - Gets the serial number of an X.509 certificate in hexadecimal format.
X509_CertIssuerName - Gets the issuer name of an X.509 certificate.
X509_CertSubjectName - Gets the subject name of an X.509 certificate.
X509_HashIssuerAndSN - Computes the message digest hash of the PKCS #7 issuerAndSerialNumber value.
X509_GetCertFromP7Chain - Extracts an X.509 certificate from a PKCS-7 "certs-only" certificate chain file.
X509_GetCertFromPFX - Extracts an X.509 certificate from a PKCS-12 PFX/.p12 file.
X509_KeyUsageFlags - Returns a bitfield containing the keyUsage flags.
X509_QueryCert - Queries a X.509 certificate file for selected information.
X509_ReadStringFromFile - Creates a base64 string of the X.509 certificate file.
X509_SaveFileFromString - Creates a new X.509 certificate file from a base64 string.

PFX Functions

PFX_MakeFile - Creates a simple PFX (PKCS-12) file from X.509 certificate and (optional) encrypted private key file.
PFX_VerifySig - Verifies a PFX (PKCS-12) file signature.

Block Cipher Functions

CIPHER_Bytes* - Encrypts/decrypts an array of bytes using specified block cipher algorithm and mode.
CIPHER_File* - Encrypts/decrypts a file using specified block cipher algorithm and mode.
CIPHER_Hex* - Encrypts/decrypts a hex-encoded string using specified block cipher algorithm and mode.
CIPHER_KeyWrap* - Wraps a content-encryption key with a key-encryption key.
CIPHER_KeyUnwrap* - Unwraps a content-encryption key with a key-encryption key.
TDEA_BytesMode - Encrypts or decrypts byte data using Triple DES.
TDEA_HexMode - Encrypts or decrypts hexadecimal-encoded data using Triple DES.
TDEA_B64Mode - Encrypts or decrypts base64-encoded data using Triple DES.
TDEA_File - Encrypts or decrypts a file using Triple DES.

Message digest hash functions

HASH_Bytes - Creates a cryptographic hash digest in byte format from byte data.
HASH_File - Creates a cryptographic hash digest in byte format from a file.
HASH_HexFromBytes - Creates a cryptographic hash digest in hex format from byte data.
HASH_HexFromFile - Creates a cryptographic hash digest in hex format from a file.
HASH_HexFromHex* - Creates a cryptographic hash digest in hex format from hex-encoded data.

HMAC functions

HMAC_Bytes - Creates a keyed-hash HMAC in byte format from byte data.
HMAC_HexFromBytes - Creates a keyed-hash HMAC in hex format from byte data.
HMAC_HexFromHex* - Creates a keyed-hash HMAC in hex format from hex-encoded data.

Random number generator functions

RNG_Bytes - Generates a random set of byte data.
RNG_BytesWithPrompt - ditto with a prompt to enter random keystrokes.
RNG_Number - Generates a random number in a given range.
RNG_Initialize - Initializes the RNG from a seed file.
RNG_MakeSeedFile - Creates a new seed file, prompting for entropy.
RNG_UpdateSeedFile - Updates an existing seed file.
RNG_Test - Carries out a health check and a FIPS-140-2 statistical test on the RNG.

Encoding conversion functions

CNV_B64StrFromBytes - Encodes byte data into a base64-encoded string.
CNV_BytesFromB64Str - Decodes a base64-encoded string into bytes.
CNV_B64Filter - Removes non-base64 characters from a string.
CNV_HexStrFromBytes - Encodes byte data into hexadecimal string.
CNV_BytesFromHexStr - Decodes a hexadecimal-encoded string into bytes.
CNV_HexFilter - Removes non-hexadecimal characters from a string.
CNV_Latin1FromUTF8 - Converts a UTF-8 string into Latin-1, if possible.
CNV_UTF8FromLatin1 - Converts a Latin-1 string into UTF-8.
CNV_CheckUTF8 - Checks if a string is valid UTF-8.

Miscellaneous utilities

WIPE_File - Securely wipes a file using 7-pass DOD standards.
WIPE_Data - Zeroises data in memory.
PWD_Prompt - Prompts for a password.
PWD_PromptEx - ditto with option to change the prompt.
PKI_LastError - Get the last error message set by the toolkit.
PKI_ErrorCode - Returns the error code of the first error that occurred when calling the last function.
PKI_ErrorLookup - Gets the error message associated with a given error code.
PKI_Version - Get the release version.
PKI_CompileTime - Get date and time the DLL was last compiled.
PKI_ModuleName - Get the full pathname of the current process's module.
PKI_LicenceType - Returns the ASCII value of the licence type.
PKI_PowerUpTests - Carries out on demand the full set of power-up tests.

* New in Version 3.2

New or Updated in the latest versions

Version 3.2:

(2 February 2008)

Added a new generic block cipher function with AES and Triple DES. See CIPHER_Bytes, CIPHER_Hex, and CIPHER_File.
Added SHA-224 to the selection of message digest hash functions and added the HASH_HexFromHex and HMAC_HexFromHex functions.
Added the option to use the newer PKCS-1 signature algorithms "shaXXXWithRSAEncryption" with SHA-224/256/384/512 for X509_MakeCert[Self] and X509_CertRequest.
Added the ability to make, read and verify CMS signed-data objects using message digest algorithms SHA-224/256/384/512. See CMS_MakeSigData[FromString].
Added the ability to make and read CMS enveloped-data objects using the AES-128/192/256 content encryption algorithms. See CMS_MakeEnvData[FromString].
Added [provisionally in this release] the ability to make and read CMS enveloped-data objects using the RSA-KEM ("Simple RSA") key encryption algorithm. See CMS_MakeEnvData.
Added the primitive functions RSA_KemWrap and RSA_KemUnwrap which will wrap (encrypt) and unwrap (decrypt) secret keying data for a recipient with the recipient's RSA key using the RSA-KEM ("Simple RSA") algorithm; and added the block cipher key wrap functions CIPHER_KeyWrap and CIPHER_KeyUnwrap using AES-wrap and Triple DES wrap. (Note that the RSA function name is RSA_KemWrap, as in Key Encapsulation Mechanism, not KeyWrap.)
Added options to save and read encrypted private keys with improved security using AES-128/192/256 and SHA-224/256/384/512 when using the RSA_SaveEncPrivateKey and RSA_ReadEncPrivateKey functions. Please also read our comments on the new security algorithms.
Added the ability to pass both X.509 certificate data and RSA private and public key data to the X.509 and RSA functions using a PEM-encoded string instead of a file.
Improved the handling of enveloped-data objects by adding the CMS_QueryEnvData function, and included the ability to pass a base64- or PEM-encoded certificate list to CMS_MakeEnvData and CMS_MakeSigData.

Version 3.1:

(2 August 2007)

Added the ability to specify any valid UTF-8 characters in a distinguished name, including CJK characters, when creating an X.509 certificate with X509_MakeCert or X509_MakeCertSelf. See Specifying Distinguished Names for more details.
Added the RSA_KeyMatch function to verify that a pair of RSA private and public key strings are matched.
Added the functionality to all the X.509 certificate functions to allow the user to specify an input X.509 certificate as a base64 string instead of using a file.
Improved the functions that read ASN.1 data to avoid security issues arising from badly-formed data.
Increased the speed when encrypting large files using TDEA_File. To prevent accidental misuse, if an error occurs when using this function, the output file will now not exist.
Specialist Option: Added an alternative TeleTrusT content encryption algorithm to the CMS_MakeEnvData function to conform with the PKI requirements of the German Health System.

Version 3.0:

(27 March 2007)

Introduced a new, more secure, random number generator (RNG) based on NIST SP800-90 and Ferguson and Schneier's "Fortuna" method from Practical Cryptography. See Random Number Generator.
Incorporated extra security by encrypting "internal" RSA key strings to prevent security breaches by accidental disclosure - see Internal key strings. Added the RSA_KeyHashCode function to allow comparison of internal key strings.
Added the SHA-384 and SHA-512 message digest algorithms to the HASH functions.
Added the HMAC functions to compute a keyed hash value, HMAC_HexFromBytes and HMAC_Bytes.
Added functions to query an X.509 certificate file X509_KeyUsageFlags and X509_QueryCert.
Added functions to read in a X.509 certificate file directly as a base64 string and save the string as a file X509_ReadStringFromFile and X509_SaveFileFromString.

Thanks to all users who have suggested improvements and in particular to Bernd Rech for his suggestions, advice and help.

For more information, please contact us.

This page last updated: 30 July 2008