CryptoSys API Library Manual

Security Issues

  1. The functions and methods in this toolkit provide cryptographic primitives intended to be used as part of a security-related application. It is up to you the programmer to ensure that keys, passwords and other private data are kept secret, and to ensure that appropriate security policies and procedures are followed by end users.
  2. CryptoSys API is a 32-bit (or 64-bit) dynamically linked library (DLL) that provides encryption services to applications running on Microsoft Windows® operating systems. On Windows, it is designed for and supports multi-threaded operation.
  3. In FIPS 140-2 terms, CryptoSys API is a multi-chip standalone module, consisting of the file diCryptoSys.dll. It is intended to meet FIPS 140-2 security level 1. The cryptographic boundary for CryptoSys API is defined as the enclosure of the computer on which the cryptographic module is installed. As a pure software product, CryptoSys API provides no physical security by itself. The computer itself must be appropriately physically secured.
  4. Functions that advertise that they create files will overwrite any existing file of the same name without warning.
  5. No other files, temporary or permanent, are ever created by this toolkit.
  6. There is no communications functionality whatsoever in this module. It will never attempt to "dial home" or make any attempt to create a communications socket. If your firewall tells you there is an attempt to create an internet connection, you have a virus or trojan of some sort unrelated to the CryptoSys API module.
  7. The Developer Edition makes no attempts to read or write to the Windows Registry whatsoever under normal operations. However, optional registry settings may be made and will be read and acted on in the unlikely event that a critical error occurs.
  8. The Trial Edition creates and updates registry entries in HKCU\Software\DI Management and reads entries created in HKLM\Software\DI Management. Do not attempt to change these entries.
  9. Developer Editions distributed to end users do not require any registry entries on the user's machine (but see optional registry settings).
  10. The DLL carries out self-tests when it is first attached to the parent Windows process including a check on the integrity of the software module, i.e. the DLL file itself. If this fails, the module will exit the process. This should only happen if someone has tampered with the DLL file.
  11. To check you have a valid version of the CryptoSys API executable, please check the CRC and hash digests published on our web site.
  12. VB6/VBA/C functions that write output to a string or byte array require the output to be "pre-dimensioned" first. Make sure any specified length matches the size of the string or a GPF error will result. It is recommended to write simple wrapper functions to prevent such problems. Examples are given in the Visual Basic 6 declarations modules and in the source code for the COM interface.

[Contents] [Index]

[PREV: Filenames with "International" characters...]   [Contents]   [Index]   
   [NEXT: Self-Tests...]
Copyright © 2001-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-01-07T07:42:00Z.