CryptoSysTM PKI is a programmer's toolkit for Windows systems that enables the user to create and read secure cryptographic messages encrypted or signed using RSA public key encryption. It provides strong crypto using established non-patented technology to international standards.
You can create and read both enveloped-data (encrypted) and signed-data Cryptographic Message Syntax (CMS, PKCS#7) objects, which you can use in S/MIME email messages. You can verify the digital signature in a signed-data CMS object; generate and manage RSA public and private keys; carry out "raw" RSA encryption and decryption, and create, read and manage X.509 certificate files and CRLs.
Other utilities included in the toolkit are the ability to generate message digest hash values using SHA-1, MD5, MD2, SHA-224, SHA-256, SHA-384 and SHA-512; generate HMAC keyed-hash message authentication values, wipe files using 7-pass DOD standards, generate cryptographically-secure random numbers to the strict NIST SP800-90 standard, prompt for a password, and convert to and from base64- and hexadecimal-encoded formats.
Public Key Infrastructure (PKI) is defined in [PKIX-MAP] as
The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke Public Key Certificates based on public-key cryptography.
The CryptoSys PKI toolkit provides programmers and developers with most of the useful algorithms you need to create the software for a true PKI. We have appropriated a well-known three-letter-acronym. CryptoSys PKI is a sharp tool. It's up to you to manage the hardware, people, policies, procedures and the overall software security you require.
You might also find an alternative definition of PKI from the Devil's Infosec Dictionary [DEVIL] both amusing and relevant.
A system designed to transfer all of the complexities of strong authentication onto end users.
We have used S/MIME Version 3 Message Specification [SMIME-MSG], and Cryptographic Message Syntax (CMS) [CMS] together with the relevant PKCS documents as our primary reference documents. CMS is a stricter subset of PKCS#7 [PKCS7] and is compatible with it.
The CMS (PKCS#7) objects produced by this toolkit should be readable by S/MIME-compatible email clients like Microsoft Outlook Express if they are wrapped in MIME-conformant email messages. No MIME or email facilities are provided with the toolkit. You need to use your own separate program to create, send and read MIME email messages. The X.509 certificate tools should be compatible with typical certificates issued by Verisign and Thawte. The certificate signing requests (CSRs) it creates are accepted by Verisign's test facility, provided you include the distinguished name attributes they require. There is limited support for Unicode character sets like UTF8String and BMPString in that you can create distinguished names in an X.509 certificate in UTF-8 and read certificates with values encoded in BMPString. But, sorry, there are no facilities to add an MPEG video of you playing with your cat into an X.509 certificate.