PKEnabling Toolkits - PowerPoint PPT Presentation

About This Presentation
Title:

PKEnabling Toolkits

Description:

Microsoft's Crypto API (CAPI) is a general purpose software-based toolkit that ... The CAPI SDK is freely downloadable at www.microsoft.com ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 14
Provided by: ValuedGate1808
Category:

less

Transcript and Presenter's Notes

Title: PKEnabling Toolkits


1
PK-Enabling Toolkits
  • August 27, 2001

2
CSOS Interfaces
STATUS CHECKING
ENROLLMENT
Entrust Web Connector
X.500 Directory
Network Interface LDAP v3 Port 389 PKI
Interface LDAP Request
Network Interface HTTP Port 80 PKI
Interface PKCS 10 Request PKCS 7 Response
3
CSOS Client Operations
  • Signing (FIPS 186-2)
  • Signature Algorithm Support DSA, RSA, ECC
  • Hash ? SHA-1
  • Verification
  • Validity Check (Is the certificate expired?)
  • Signature verification (SHA-1)
  • Certificate status check (LDAP)
  • Extension checks

4
How does choosing the right toolkit affect your
application?
  • Toolkits vary in the functionality in which they
    support (Transparent key rollover, PKCS 11
    support etc.)
  • Some toolkits have features that may be only
    meaningful with specific CA products. (.epf)
  • Toolkits vary on which algorithms they support
    (RSA, Elliptical Curve, Diffie-Hillman etc.)
  • Does the toolkit meet FIPS 140-1 certification?

5
Issues
  • Are the toolkits standards-based? Interoperable
    with popular COTS PKIs?
  • Support for PKCS 7 and PKCS 10 (Cert. Request
    and Response)
  • Support for PKCS 11 (Ability to store
    certificate on a smart card) If desired
  • Certificate Store- How certificates and access to
    keys are managed

6
Issues (Continued)
  • Are toolkits affected by certain web browsers?
    (IE vs. Netscape)
  • Platform Support
  • FIPS Web Site ? http//csrc.nist.gov/cryptval/
  • RSA Crypto-C (Cert 163 8/15/2001)
  • Microsoft CAPI Modules (Cert 60, 68, 75, 103,
    106, 110 8/05/1999 to 08/15/2000
  • Entrust Crypto Kernel (Cert 130 12/20/2000)

7
Platform Support
AIX
8
RSA BSAFE Toolkit
  • RSA BSAFE provides a line of products to support
    PK-Enabling applications.
  • Supports PKCS 7, PKCS 10 and PKCS 11
  • Multi vendor support for Windows, Solaris, Linux,
    HP-UX, AIX
  • Support for all necessary algorithms
  • Customer support via. Professional Services
    Division

9
Microsoft Crypto API Toolkit
  • Microsofts Crypto API (CAPI) is a general
    purpose software-based toolkit that provides a
    library of key cryptographic modules.
  • Provides the ability for developers to use key
    cryptographic functions without the need to
    understand PKI
  • Uses common APIs, transparent to applications,
    multi-product support (via multi CSP support)
  • The CAPI SDK is freely downloadable at
    www.microsoft.com
  • No support is currently available for this toolkit

10
Entrust Toolkit
  • The Entrust toolkit provides the ability to add
    digital signatures and encryption to
    applications.
  • Provides multi-CA support
  • No specific client is required to sign and
    validate a file
  • Support for PEM and PKIX standards
  • Freely downloadable at www.entrust.com
  • Support available for a nominal fee

11
FIPS 140-1, -2 Validation
  • Standard is defined by National Institute of
    Standards and Technology (NIST)
  • Security Level 1 a cryptographic module is not
    required to employ authentication mechanisms to
    control access to the module. It will then be
    required that one or more roles be implicitly or
    explicitly selected by the operator
  • Security Level 2 a cryptographic module shall
    employ role-based authentication to control
    access to the module

12
FIPS 140-1, -2 Validation
  • Security Levels 3 4 a cryptographic module
    shall employ identity-based authentication
    mechanisms to control access to the module
  • FIPS 140-1 testing ends May 25, 2002
  • After May 25, 2002, all previous validations
    against FIPS 140-1 WILL STILL BE RECOGNIZED.

13
Questions?
Write a Comment
User Comments (0)
About PowerShow.com