CryptoSysTM PKI Pro is an interface to public key cryptography functions and associated cryptography utilities for Visual Basic, C/C++ and C# programmers on Windows systems. It provides strong crypto using established non-patented technology to international standards.
You can create and read secure cryptographic messages encrypted or signed using RSA public key encryption. The results can be used in XML documents using the XML-DSIG and XML-ENC specifications.
You can create and read enveloped-data (encrypted), signed-data and compressed-data Cryptographic Message Syntax (CMS, PKCS#7) objects, which you can wrap in S/MIME entities and use in S/MIME email messages. You can verify the digital signature in a signed-data CMS object; generate and manage RSA public and private keys; carry out "raw" RSA encryption and decryption, and create, read and manage X.509 certificate files and CRLs.
You can create signatures using ECDSA with elliptic curves over primes. You can create new keys and read existing curves in the standard formats.
Other utilities included in the toolkit are the ability to generate message digest hash values using SHA-1, SHA-2, SHA-3, RIPEMD-160, MD5, MD2; generate HMAC keyed-hash message authentication values, wipe files using 7-pass DOD standards, generate cryptographically-secure random numbers to the strict NIST SP800-90 standard, prompt for a password, and convert to and from base64- and hexadecimal-encoded formats.
Public Key Infrastructure (PKI) is defined in [PKIX-MAP] as
The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke Public Key Certificates based on public-key cryptography.
The CryptoSys PKI Pro toolkit provides programmers and developers with most of the useful algorithms you need to create the software for a true PKI. We have appropriated a well-known three-letter-acronym. CryptoSys PKI Pro is a sharp tool. It's up to you to manage the hardware, people, policies, procedures and the overall software security you require.
You might also find an alternative definition of PKI from the Devil's Infosec Dictionary [DEVIL] both amusing and relevant.
A system designed to transfer all of the complexities of strong authentication onto end users.
We have used S/MIME Version 3 Message Specification [SMIME-MSG], and Cryptographic Message Syntax (CMS) [CMS] together with the relevant PKCS documents as our primary reference documents. CMS is a stricter subset of PKCS#7 [PKCS7] and is compatible with it.
The CMS (PKCS#7) objects produced by this toolkit should be readable by S/MIME-compatible email clients like Thunderbird if they are wrapped in MIME-conformant email messages. You need to use your own separate program to create, send and read MIME email messages. You can create most of the cryptographic elements required in the [XML-DSIG] and [XML-ENC] specifications to insert into XML documents, but there are no explicit XML processing facilities. The X.509 certificate tools should be compatible with typical certificates issued by Verisign and Thawte. The certificate signing requests (CSRs) it creates are accepted by Verisign's test facility, provided you include the distinguished name attributes they require. As of [v12.0] there is actually a facility to add an MPEG video of you playing with your cat into an X.509 certificate, should you wish.