CryptoSysTM PKI is a programmer's toolkit for Windows systems that enables the user to create and read secure cryptographic messages encrypted or signed using RSA public key encryption. It provides strong crypto using non-patented technology.
You can create and read both enveloped-data (encrypted) and signed-data Cryptographic Message Syntax (CMS, PKCS#7) objects, which you can use in S/MIME email messages. You can verify the digital signature in a signed-data CMS object; generate and manage RSA public and private keys; carry out "raw" RSA encryption and decryption, and create and read X.509 certificate files.
Other utilities included in the toolkit are the ability to generate message digest hash values using SHA-1, MD5, MD2, SHA-224, SHA-256, SHA-384 and SHA-512; generate HMAC keyed-hash message authentication values, wipe files using 7-pass DOD standards, generate cryptographically-secure random numbers to the strict NIST SP800-90 standard, prompt for a password, and convert to and from base64- and hexadecimal-encoded formats.
Public Key Infrastructure (PKI) is defined in [PKIX-MAP] as
The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke Public Key Certificates based on public-key cryptography.
The CryptoSys PKI toolkit provides programmers and developers with most of the useful algorithms you need to create the software for a true PKI. We have appropriated a well-known three-letter-acronym. CryptoSys PKI is a sharp tool. It's up to you to manage the hardware, people, policies, procedures and the overall software security you require.
We have used S/MIME Version 3 Message Specification [SMIME-MSG], and Cryptographic Message Syntax (CMS) [CMS] together with the relevant PKCS documents as our primary reference documents. CMS is a stricter subset of PKCS#7 [PKCS7] and is compatible with it.
The CMS (PKCS#7) objects produced by this toolkit should be readable by S/MIME-compatible email clients like Microsoft Outlook Express if they are wrapped in MIME-conformant email messages. No MIME or email facilities are provided with the toolkit. You need to use your own separate program to create, send and read MIME email messages. The X.509 certificate tools should be compatible with typical certificates issued by Verisign and Thawte. The certificate requests it creates are accepted by Verisign's test facility, provided you include the distinguished name attributes they require. However, there is only limited support for Unicode character sets like UTF8String and BMPString. And, sorry, there are no facilities to add an MPEG video of you playing with your cat into an X.509 certificate.