CryptoSys Home > PKI Pro

CryptoSys PKI Pro

CryptoSys PKI Pro provides you with an interface to public key cryptography functions from Visual Basic, VB6, VBA, VB.NET, VB20xx, C/C++, C# and Python programs on any modern Windows system XP and above (W11/W10/W8/W7/2008/Vista/2003/XP).

Read the Manual | Features | BUY NOW | Download Trial | Examples

You can create and read enveloped-data, signed-data and compressed-data Cryptographic Message Syntax (CMS, PKCS#7) objects, which you can use in S/MIME email messages; verify the digital signature in a signed-data CMS object; generate and manage RSA and elliptic curve public and private keys; carry out "raw" RSA encryption and digital signing, which you can use in secure XML documents; create and verify ECDSA signatures; make PKCS#10 certificate request files and PFX key storage files, and create and manage X.509 certificate files.

Supports AES-GCM and ChaCha20Poly1305 authenticated encryption, RSA-PSS signatures, RSA-OAEP public key encryption, elliptic curve keys, elliptic curve Diffie-Hellman (ECDH), and ECDSA, Ed25519 and Ed448 signatures in X.509 certificates and CMS signed-data objects.

2024-01-01: Released new CryptoSys PKI Pro v22.1. See New in this version and Intel(R) DRNG support.
2023-10-23: Released CryptoSys PKI Pro v22.0. See Changes in Version 22.0 and Hybrid Public Key Encryption (HPKE).

Python 2024-01-01: Updated Python for CryptoSys PKI v22.1 and its documentation.

New stuff 2023-11-01: Uploaded latest Pascal/Delphi interface v22.0.

2023-01-01: Released CryptoSys PKI v21.0.
Many of the changes in v21 were made to help with the cryptographic requirements for electronic prescriptions in the German Health system.

xmlsq 2020-06-02: New Released xmlsq our new free XML Simple Query utility. xmlsq is a simple lightweight utility to query XML documents using XPath 1.0. Use xmlsq together with CryptoSys PKI to analyze XML-DSIG and XMLENC documents. For example, see how xmlsq is used in XML-DSIG and the Chile SII - Revisited 2020.

Electronic prescriptions in the German Health system
“ We have used CryptoSys PKI for all data exchange with health insurance ever since the transition from PEM to PKCS/CMS some fifteen years ago, and it has always performed flawlessly.

That is why we are pleased that we can now use this tried and trusted toolkit for electronic prescriptions as well, instead of having to deal with the unreliable mess of cryptographic support in .NET and Windows. ”

  —Rechenzentrum für Apotheken Hildegard Schröter GmbH, Lutherstadt Wittenberg, Germany.
See Data Exchange in the German Health Service with CryptoSys PKI
See also:
Try our SC14N utility which performs the canonicalization (C14N) transformation you need to do when creating signed XML documents using XML-DSIG. Save US$40 if you buy SC14N together with CryptoSys PKI.
2020-01-17. Note that CryptoSys PKI is not affected by the Windows CryptoAPI vulnerability (CVE-2020-0601). We do not use the Windows CryptoAPI in any way!

For more details about upgrading from an older version, see Upgrading to CryptoSys PKI Pro.

See how CryptoSys PKI compared in the CMS (RFC 3852) Implementation Report [PDF (98 kB)] back in 2009 (we're implementation #3).

Other utilities included in the toolkit are the ability to generate message digest hash values using SHA-1/224/256/384/512, SHA-3, MD5 and RipeMD160; generate HMAC keyed-hash message authentication values, wipe files using 7-pass DOD standards, generate cryptographically-secure random numbers to the strict NIST SP800-90 standard†, prompt for a password, and convert to and from base64-, base58- and hexadecimal-encoded formats. There are versions for both 32-bit and 64-bit platforms included - see Using on a 64-bit system. If you just need standard symmetrical cryptography, see our sister product CryptoSys API (see comparison PKI vs API).

Latest stuff:
2024-01-12: New stuff New page Generating ECC keys in OpenSSH format.
2024-01-01: New stuff Released CryptoSys PKI v22.1.
2023-10-23: Released CryptoSys PKI v22.0.
2023-01-01: Released CryptoSys PKI v21.0.
2022-02-24: New page XML-DSIG signing with CryptoSys PKI and SC14N with companion page Signing an XML document using XMLDSIG (Part 3).
2022-02-02: Updated How to create a SAT Cancelación document for 2022 CFDi 4.0.
2021-02-03: Updated RSA Key Formats.
2020-12-20: New page Using an RSA private key in a PEM string to sign data.
2020-12-07: New page Using CryptoSys PKI to encrypt and decrypt using XMLENC.
2020-11-18: New Using CryptoSys PKI with .NET Core.
2020-10-29: Encrypt data like PHP encrypt .
2020-05-12: Released new CryptoSys PKI Pro 2.0 (v20.0).
2020-10-01: Complete rewrite of XML-DSIG and the Chile SII - Revisited 2020.
2020-03-09: Updated Python interface to CryptoSys PKI Pro.
2020-01-21: How to create and validate a JSON Web Signature (JWS).
2019-01-21: How to process a PFX file and How to Validate a Certificate Chain.
2016-04-01: Reproducing a raw Bitcoin transaction.
2016-03-08: Released CryptoSys PKI Pro 1.1 (v11.0).
2016-01-27: A complete rewrite of the Delphi/FreePascal interface to CryptoSys PKI Pro.
2015-04-04: Creating output for secure XML documents.
2014-09-09: Complete update of German Health Service page to reflect 2014 V3.0 changes.
2012-09-20: How to generate a UUID compliant with RFC 4122
2012-05-09: Signing an XML document using XMLDSIG (Part 2)
2010-12-04: Accented characters and UTF-8 in XML-DSIG signatures.
2010-11-25: Update on Portugal DGCI Billing Software Certification.
2010-06-25: Writing an interface in another programming language.


Note: Our implementation does not use the Dual EC_DRBG component of NIST 800-90 that allegedly contains an NSA backdoor. Nor does CryptoSys PKI use OpenSSL in any form.

CryptoSys PKI Pro uses a straightforward Windows native DLL which is compatible with all modern versions of Windows XP and above (W10/W8/W7/2008/Vista/2003/XP). There is no "COM", no "Active-X", and no requirement to "register" it with Windows to use it. The installed executable has a small footprint. Developers can easily distribute it with their projects made in Visual Basic, VBA, C, C++, VB.NET/VB2010+ or C# (in fact, in any other programming language that will let you call Win32 API functions including Delphi - see Extra Interfaces). A separate executable compiled for 64-bit systems is also included.

For more information on how the RSA key data is stored and how the various functions work together, see RSA Key Formats. For some examples, see the Examples section below. For the theory and more detailed explanations of how RSA is used in practical applications, see RSA algorithm including its use in creating ISO/IEC 9796 signatures in the AUTACK scheme.

Note that CryptoSys PKI Pro is totally independent from our other CryptoSys API product. The two packages do different things and do not require the other in order to work: see a Comparison of CryptoSys Features for a summary.

Feedback on CryptoSys PKI

“ First of All, GREAT PRODUCT your CryptoSys PKI Toolkit. Really, Congratulation on this Great Product, I really liked it. ”

“ I just got my licensed version and try succesfully to distribute my PKI based application on my alternate notebook : it took me a few seconds and it works fine. I spent in the past a lot of time trying to find a so easy to use software for cryptographic actions. Thanks again ! ”
  -Luc B.

“ Great product - just what I was looking for - bought a copy this morning. ”
  -Raymond S.

“ It seems to be a very good and powerful toolkit ”
  -Bernd R.

“ Thank you very much for the quick and detailed answer. It helped me a lot and now my program works pretty good, I have signed and encrypted my data successfully. ”
  -Dimitris M.

“ I wanted to let you know we [purchased] CryptoSys Software to include in an ERP project we are working on in Mexico. I had tried other digital signature products that required the certificate (with private) key first be stored in the Win certificate store and then I wasn't getting the correct signature. So, I guess there is something special about how you are using the .key file that is provided by SAT Mexico. I am very glad I came across your product. Thank you ”
  - Herman K.

“ Last Tuesday I have completed the certification process in the DGCI. Everything is as they intend. So CryptoSys PKI can "attack" the Portuguese market. :-) ”
  - António


There are three manuals included: a main manual and supplementary ones for .NET and C/C++ programmers. See the documentation page.


Download the latest Trial Edition of CryptoSys PKI Pro now.

Most recent production version 22.1.0 compiled 1 January 2024. Use either

Unzip the zip file and run the install.exe program inside it, or download the exe program directly and run it.

Please note it is a breach of copyright to put a copy of these installation files on another server or to distribute them in any manner except by providing a link to this page.

The Trial Edition is fully-functional and the download includes test functions in Visual Basic (VB6/VBA), VB.NET, C, C++ and C#. The documentation is available online. Please read the licence conditions for the Trial Edition. The trial period is 60 days from the date first installed on your system. Minimum required operating system is Windows XP-SP2 and above (that is, XP/Vista/W7/W8/W10/W11) or Windows Server 2003 and above.

Trouble installing: If Microsoft Defender Smartscreen gives you a warning, see Unrecognized app error. (TL;DR Click "More info" then "Run anyway"). Check that you see "Publisher: D.I. MANAGEMENT SERVICES PTY LIMITED".

Is there a virus in these? Some of the more paranoid anti-virus checkers (notably AntiVir) sometimes show that these downloads contain a "Generic trojan-dropper". This is a false positive. The files are clean. You can upload the files individually to the AV vendors' sites and they will be shown as clean.

All the above files are digitally signed with our signing certificate under the name of D.I. Management Services Pty Limited. You can check the integrity of your DLLs here.

You need to have administrator rights when installing and uninstalling.

You can purchase a licenced version here. Existing licence holders can download the latest Developer Version here.

Interfaces to other programming languages

See Writing an interface in another programming language for advice and examples in how to use CryptoSys PKI with other programming languages, including Visual FoxPro and PowerBuilder.

For Delphi, see the page Using Delphi with CryptoSys API, CryptoSys PKI for more details and some sample code.


Check the integrity of your PKI software against our published checksums and message digests.

Thanks to all users who have suggested improvements and in particular to Bernd Rech for his suggestions, advice and help.


For more information, please send us a message.

This page last updated 12 January 2024