By Seán Boran
Most security magazines and websites cover U.S. products, but these are not much use to International users who are penalised by the U.S. export restrictions.
This paper is devoted to Persons needing strong crypto Internationally. It first appeared as a series of three articles on SecurityPortal in September 1999. This is an updated version.
U.S. Export restrictions have relaxed significantly, especially with EU countries and the RSA algorithm is no longer patented. It is still not trivial to export crypto products from the U.S. however, even free crypto.
Therefore the effort to develop strong crypto products outside the U.S. will have to continue form some time.
Operating systems like OpenBSD, SuSE Linux and even U.S. based Solaris and RedHat now bundle strong crypto products.
For quick reference, a detailed table of contents is provided:
We welcome your feedback on this article.
There are several mechanisms which can be used to reduce security risks to data and IT systems, ranging from policies, physical protection, firewalls, hardened operating systems, access control, authentication and encryption. Encryption functions are used in many technical security mechanisms, but very few products containing "strong" encryption are available Internationally.
This article discusses what strong cryptography is, what the restrictions are and give a brief overview of strong products in the following categories.
Cryptography is the translation of information (known as plaintext) into a coded form (known as cypertext) using a key. In a strong cryptosystem, the plaintext can only be recovered by the use of the decryption key.
There are several possible weaknesses in a crypto system, and the strength of the system is the strength of the weakest link.
- The secrecy of the symmetric or private key.
- The difficulty of guessing the key or trying all possible keys. The key length determines the encryption strength of an algorithm. All cryptographic algorithms are vulnerable to "brute force" attacks (trying all possible key combinations).
- Bad implementation:
- "Pseudo" random number generators used in encryption engines may be (too) predictable. They must be at least as difficult to predict as it is difficult to guess the encryption key.
- Algorithms can be incorrectly implemented.
- Backdoors may exist.
- Bad design:
- Certain algorithms are easily inverted (easy to analyse and break), examples are those used in WinWord, Pkzip, WordPerfect etc.
- Algorithms which are not published and subjected to peer review should not be considered as strong, "security through obscurity" is not a defence against the determined, financially powerful attacker.
- Known plaintext attack: by encrypting many known texts and analysing the output, it may be possible to guess how the algorithm works.
- Mathematics advances each year, so new mathematical ideas can weaken existing cryptosystems (examples are the discovery of differential and linear cryptanlysis in recent years). The strength of current Public key systems is based on the difficulty of the mathematical factoring and discrete-logarithm problem. It is possible that new mathematical methods for solving these problems be found, making guessing keys easier.
The definition of "strong" concentrates on the issue of key lengths, but strong keys are useless if the above issues are not addressed. Other weakness that can render strong cryptography useless are: not protecting keys physically, not using strong passphrases or social engineering attacks.
Here we define strong encryption as that which uses key sizes greater than or equal to 1568 bits for Public Keys (RSA, DH and ElGamal) and 90 bits for Shared (symmetric) keys. This is probably enough to protect against large organisations for the next decade. Many people refer to strong cryptography as "128 bit", but this only refers to share key (or symmetric) algorithms. 128 bit symmetric keys should be safe for 50 years at least.
"Strong" for new encryption systems such as Elliptical curve or Quantum cryptography is not included in this definition.
September 16, 1999: The U.S. have announced a major shift in export restrictions, which should come into effect on 15th Dec.'99. The following is an edited extract from the White house press statement:
The strategy rests on three principles: a one-time technical review of encryption products in advance of sale, a streamlined post-export reporting system, and a process that permits the government to review the exports of strong encryption to foreign government and military organizations and to nations of concern.
- Any encryption commodity or software of any key length may be exported under license exception (i.e., without a license), after a technical review, to individuals, commercial firms, and other non-government end users in any country except for the seven state supporters of terrorism.
- Any retail encryption commodities and software of any key length may be exported under license exception, after a technical review, to any end user in any country, except for the seven state supporters of terrorism.
- Streamlined post-export reporting will provide government with an understanding of where strong encryption is being exported, while also reflecting industry business models and distribution channels.
- Sector definitions and country lists are eliminated.
In support of public safety, the President is transmitting to the Congress legislation that seeks to assure that law enforcement has the legal tools, personnel, and equipment necessary to investigate crime in an encrypted world via the Cyberspace Electronic Security Act of 1999.
White house press statement
Office of strategic trade and foreign policy controls
Export Administration Regulations
Cyberspace Electronic Security Act.
The situation before September 16 is documented below, until the new policy comes into affect and strong crypto products start shipping:
The U.S. and certain other countries consider encryption to be a weapon and strictly control exports. This is basically crippling the efforts to include standard encryption in Applications, Internet services, and Operating systems. In general, the U.S. allows export of 56 bit shared key systems (DES, 56-bit RC-2/4/5, 56-bit CAST) and 1024 bit public key systems, except to "terrorist countries".
The last key relaxation of the export rules was in December 1998.
- Exceptions: Exports to Canada & Australia, to financial institutions, health/medical institutions, subsidiaries of U.S. companies.
- Exports to named "terrorist" countries Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria. are forbidden.
- Vendors have started building Interfaces into which strong encryption products can be plugged, assuming they're available internationally. E.g. Eudora Pro has a Plugin API which could allow seamless integration strong international encryption unit, without break U.S. law. Other examples are Sun (Solaris DES & Diffie Hellman libraries), Microsoft (Crypto API), Qualcomm (Eudora Pro + PGP) and various S/MIME & PGP Plugins.
Some other countries (Iraq, France...) forbid encryption except when a key has been deposit in an escrow (so the legal authorities can listen to all communications if they need). Other countries allied to the U.S. also enforce the U.S. restrictions by allowing strong encryption domestically, but restricting exports.
Germany has lifted export restrictions from 1st September 1999.
Even if the U.S. has effectively lifted the ban and does not reimpose it in the future, the continued use of strong international crypto products is recommended:
- To encourage healthy international competition.
- To maintain pressure on the U.S. who might just re-introduce the old restrictions in the future.
- To make it more difficult for U.S govt. agencies to persuade vendors to build in backdoors, recovery keys etc.
- The use of open source crypto should be actively sponsored to encourage peer review and sharing of knowledge.
Secure Shell (SSH)
Note: Since this article was published, an article specifically on SSH was written by the author. It is more up-to date and detailed. See ssh-part1.html or the Version on SecurityPortal.
SSH is authored by Tatu Yionen, Espoo, Finland and is a secure replacement for Telnet, rlogin, rcp, rsh and provides secured TCP tunnels. Optional compression of traffic is provided and can also be used together with many authentication schemes such as SecurID, Kerberos, S/KEY to provide a highly secure remote access point to UNIX servers.
It is very well designed, supports numerous encryption algorithms (RSA, Triple DES, IDEA, Blowfish, ... ), is backward compatible with the Berkeley "r" commands and supports automatic encryption of X sessions.
The are two major protocols versions SSH1 and SSH2. SSH2 is only available in
commercial form at the moment.
Efforts are underway to make SSH2 an official Internet Standard, see www.ietf.org/html.charters/secsh-charter.html .
There are no standards for file encryption, with the possible exception of PGP which has become a defacto standard. The PKCS#7 standard used in S/MIME could be used for file encryption, but no vendor seems have to implemented it.
PGP is principally an email encryption program, but also very interesting for file encryption. The Windows version has an excellent GUI, the UNIX version has only a command line interface. Network Associates support the commercial version.
See also www.pgpi.com, www.pgp.com, www.nai.com, www.OpenPGP.com .
- Symmetric or Asymmetric encryption of files (local or on a network server) on a file-by-file or directory basis, to protect the privacy of files.
- Signing of files (local or on a network server) on a file-by-file basis, to verify who files belong to and confirm that they have not changed.
- Secure deletion (overwriting) of files.
- PGPdisk offers encrypted logical drives (using symmetric keys)
- The fact that secure email is possible means that one set of keys is used for both functions and the user only has to learn how to use one program.
F-Secure Desktop V2.0, from Finland allows symmetric encryption of files on Windows systems with a GUI. F-secure Desktop (www.datafellows.com/f-secure) is interesting for:
- Protecting files for long term storage or transport: Taking a bundle of files, creating an "encrypted package", sending this package (via email or diskette) to someone else anywhere in the world and allowing them to securely decrypt the files, without having F-Secure desktop themselves.
Of course the encryption key must be shared "out of band".
- Protect files from an attacker who has physical access: Encryption of files (local or on a network server) on a file-by-file basis, to protect the privacy of files.
- Automatic encryption of a list of confidential files when you log out and decryption when you login in. This mode is only recommended for local files, NOT files on network servers.
- Secure deletion of confidential files.
FileCrypto 3 is an extension of the F-Desktop product discussed above, with automatic "on the fly" encryption and decryption of "secret files". Files are only decrypted into memory when loaded from disk, so files are always encrypted on disk and so there is no (long) decryption on login and encryption on logout as with F-Desktop.
Sentry 2020: Softwinter, an Israeli company, produce a strong encryption tool for NT and Windows CE!. It sets up a "virtual encrypted drive" that is in fact a file on the system. This file is encrypted and can only be mounted as a standard drive using Sentry and enter a password. This drive can then be used as a normal drive, except that it is encrypted.
SapherServer Ltd., from England produce a software called Secrets for Windows which supports symmetric and asymmetric algorithms and includes macros for easy usage within Microsoft Office Applications.
Cryptext: How about a free NT/Win95 file encryption program? Nick Payne www.pcug.org.au/~njpayne has produced a file encryption tool for Win95/98 & NT called Cryptext, that uses RC4 and SHA-1. It is available in the English, French, German, Portuguese and Spanish languages. V3.2 can be downloaded from ftp.funet.fi/pub/crypt/utilities/file
CodedDrag V2.1 is a extended Shareware encryption tool for Win95/NT. See www.fim.uni-linz.ac.at/codeddrag/codedrag.htm
RITS Private file: A 16bit Windows product which uses DES to encrypt files. A 32 bit version with additional support for asymmetric encryption should be released soon. The user interface is quite primitive, with no explorer extensions or drag and drop. Several files can't be bundles together into one archive either.
FLYCRYPT for Windows'95 is a shareware "Transparent" encryption program capable of encrypting files in a selected folder using two strong ciphering algorithms: BLOWFISH (key of length 448 bit, 32 rounds) and GOST 28147-89 (key of length 256 bit, 32 rounds). www.softclub.net/~mahabit/
Ironware (Czech republic) produce the Ironware Folder PC encryption tool . IDEA or Blowfish algorithms are used to encrypt "marked" folders on shutdown and decrypt them on startup (like F-Secure Desktop above). Several users with different passwords can use the same PC.
Deutsche Telekom TELESEC offer Sfile, for signing and encryption of files, with a chipcard interface.
Enigma98 is a product of Cryptosoft GmbH, Germany which offers symmetric encryption (many ciphers) for 16 and 32bit Windows users.
For secure email applications, there are currently two standards, PGP and S/MIME. Whereas PGP is probably the dominant method of exchanging secure Email today, S/MIME is expected to become the standard over the next year or two, because it is backed by most of major players (RSA, Microsoft, Netscape, Lotus). PGP5 is very interesting, in both free & commercial forms. It should be considered for any short to medium term solution. A pity that it is not S/MIME compatible!
PGP (Pretty Good Privacy) is an encryption system developed by Philip Zimmerman for ensuring data confidentiality and (partially) proof of origin. It is primarily used together with Internet email products for signing and/or encryption of information. Local files may also be signed/encrypted. It has been around for a long time.
PGP was originally developed in the U.S., but was exported internationally by distributing the source code in book (paper) form. This has caused friction with certain U.S. Government agencies. PGP works on almost every platform from mainframes to PCs. A good overview of all the history of PGP versions and supported algorithms can be found at www.stat.uga.edu/~rmarquet/pgpvers.html .
PGP is being standardised by the IETF under the OpenPGP banner. See www.ietf.org/html.charters/openpgp-charter.html
There are two principal international versions:
- The old "standard" version was stopped at 2.6.3 (released Feb.96). IDEA was the symmetric algorithm, RSA the public key algorithm supported.
- Version 5 was released in late 1997. This improved version provides an easy-to-use GUI for PCs and Macintosh and directory services publishing/lookup out of the box.
It supports IDEA, CAST and 3DES algorithms for symmetric encryption.
Version 6 was released in early 1999. Seems to be backward compatible with V5, but offers quite a few new interesting features. Very professional looking. V6 is not available for UNIX (only MAC & Win32).
PGP can work as an Email plugin for Eudora, Exchange / Outlook, Outlook Express or as an external program (for other Email clients).
- PGP is freely available for non-commercial use., with two principal versions: one for the USA using the RSAREF encryption library and an international version using a non-USA equivalent of RSAREF. www.pgp.net www.pgpi.com
- A commercial version is available from PGP International (Network Associates) in the Netherlands, for International users www.pgpinternational.com.
- GNU Privacy Guard: is a free (GPL) implementation of the OpenPGP standard, primarily developed on Linux and Hurd. V1.0 was released 7th September'99. www.gnupg.org .
- There are many Windows GUI's for the older PGP2, e.g. www.aegisrc.com.
Secure MIME (Multi Purpose Mail Extensions) is a proposed Internet standard for secure message exchange, developed by RSA, adopted by several vendors and now undergoing the IETF standards process. S/MIME is based on existing standards - MIME bodies and PKCS objects. There are two versions, V2 was finalised in March 1998, V3 is not yet finalised.
S/MIME is based on RFC 2311 and RFC 2313, which specify how PKCS#7 is used for message encryption/signing, PKCS#1 for RSA encryption, X509 for certificate formats (v1 &v3) and PKCS#10 for certificate requests.
Algorithms: Symmetric key DES, 3DES and RC2 40-128bit, public key 512-2048 bit RSA and SHA-1 / MD5 hashing algorithms are used in S/MIME 2.
- MailSecure from Baltimore Technologies, is an Win32 S/MIME plugin for Eudora, Microsoft Exchange (V4/V5), Messaging, Outlook (97/98) and Lotus Notes 4.6. A standalone tool for mail encryption is also available. Private keys can be stored on smartcard or file. Public keys can be retrieved via email, file (PKCS#7) LDAP or X.500. Separate encryption and authentication keys may be used.
Baltimore have been active in crypto for 20 years and provide references which inspire confidence in their ability to securely implement encryption algorithms.
- TrustedMIME is a strong S/MIME solution from SSE (Secure Solutions Experts - a Siemens subsidiary). It is a Win32 plugin for Microsoft Exchange (V4/V5), Messaging, Outlook (97/98) and Lotus Notes 4.6. Private keys can be stored on smartcard or file. Public keys can be retrieved via email, file (PKCS#7) LDAP or X.500.
First on the market with a Notes solution. Offers a flexible certificate search path, allows clear signing in Outlook98 and integrates well with Exchange address book.
- The Email client supplied with Netscape Communicator 4 and later supports S/MIME. It is normally U.S. exported restricted, but with the fortify utility www.fortify.net/, full encryption strength can be switched back on in International versions. Runs on UNIX as well as windows. GUI could be better.
- Mozilla (the version of Netscape Communicator 5 with free source code) is available with strong crypto, called cryptozilla that uses SSLeay. It hasn't yet reached release status. Is it still being actively developed?
Secure Sockets Layer (SSL - see below) can be used to protect Email during transport, but does not offer user authentication, nor digital signatures/non-repudiation. The use of SSL for protecting POP, IMAP, SMTP is discussed in Part III/ Secured Web Services.
Ascom offer a secure email product for Exchange which is based on their patented IDEA algorithm. See www.ascom.ch/systec/mail/exchange/technica.htm .
Sapher Server Ltd., from England produce Secrets for Exchange for encrypting emails.
Ironware (Czech republic) produce the Ironware Mail tool . IDEA or Blowfish algorithms are used to encrypt "marked" folders on shutdown and decrypt them on startup (like F-Secure Desktop above). Several users with different passwords can use the same PC.
ABI-Software Development of Toronto, Canada offer free email encryption software.
InvisiMail, developed in New Zealand, is an encrypting mail proxy (which can be installed on the desktop, LAN SMTP server or Intern et gateway), with spam filtering, content scanning, anti-virus protection, digital signing, sender authentication and policy management. It works with most current Email clients (Microsoft, Netscape, Eudora, etc.) on Win32 (Linux versions are planned). X.509 certificates.
InvisiMail is not S/MIME or PGP compatible (InvisiMail uses it's own RPK (Raike Public Key) algorithm to encode and decode messages), but support is planned for both in the near future.
VPNs (Virtual Private Networks) are use to protect the privacy and integrity of
exchanged between two parties over an untrusted network. VPNs provide a means of securing network traffic and authenticating entities by providing a gateway at each point of access into a business. Based on the IPsec standards (increasingly), VPNs provide the necessary data privacy, access control, data integrity and authentication services at a low level in the network and are independent of the
applications using the network.
The term "client" (or VPN client) refers to the initiating part presumably on
network and the "server" is on the other side, waiting for
connections. A "gateway" is a special server that connects clients to "clear text" servers, providing secured traffic to the client, but clear text traffic to the destination server. Examples of VPN usage:
IPsec IPv6 is the up-and-coming replacement for the current V4 Internet Protocol. V6 is needed especially for it's much greater address range, but it also provides security features for improved integrity, authentication and confidentiality not found in the current V4. IPsec is the name given to the V6 security protocols (covered in RPCs 1825 to 1829). IPsec can be used with IPv4 and is hopefully the standard that will bring us VPNs that interoperate. See www.ietf.org/html.charters/ipsec-charter.html ,
IPsec is located on the network layer and can encrypt all data above this layer (including for example the transport headers). The are two basic encryption modes:
- Authentication Header (AH): The only the data to be transmitted (payload) is encrypted. The headers are not encrypted. Authentication of entity and data origin, integrity and replay protection is offered.
- Encapsulated Security Payload (ESP): The whole IP packet is encrypted and a new unencrypted header is attached to the packet. This is known as "tunnel mode" and provides both integrity, confidentiality, authentication and replay protection. It is cipher independent, but DES is proposed as the default cipher. Tunnel mode can allow unencrypted communications on the LAN and automatic encryption for WAN connections.
In their initial connection, each pair of entities negotiates the security policy that is to be used in their subsequent communications. This key exchange protocol is known as IKE (formerly ISAKMP/Oakley) and is based on Diffie-Hellman (DH).
Algorithms supported: MD5 and SHA-1 hashing, DSS and RSA signatures, DES / 3DES / Blowfish symmetric encryption, RSA Public Key encryption along with support for X509 v3 certificates.
PKI certs provide reliable authentication and secure key negotiation by allowing each party to protect their key by either signing it and verifying with digital signatures, or encrypting and decrypting it with their public-private key pairs. Lookup of revoked certificates is provided by directories, which are used to publish revoked certificates within the PKI.
IPSec can operate in two modes, either tunnel or transport mode. In transport mode the ordinary IP header is used to deliver the packets, in tunnel mode the IP header contains the address of a security gateway, which knows how to verify/decrypt the payload and forward it to the final destination (obtained from an encapsulated IP header in the protected payload). Tunnel mode is typically used for VPNs.
ICSA run an IPsec certification process to ensure interoperability between products. See
www.icsa.com and www.anxo.com/whatis.htm#csp
SKIP www.skip.org offers link level encryption, the encryption taking place below the transport layer. It also includes a scheme for authentication, key management and certification authority. Many different encryption algorithms may be used (3DES, DES, RC4, the public key exchange is based on Diffie-Hellman). SKIP could be used for encrypted VPNs (end-to-end, firewall-firewall or end-to-firewall) or encrypted client to server communication. SKIP was developed by Sun Microsystems, who put the source code into the public domain.
SKIP was proposed as an Internet Standard at the December 1995 IETF meeting by Sun. The IETF allowed SKIP to proceed as a proposed and elective/optional standard. Version 0.5 was released in November 1995. The current version is V2.
SKIP was not adopted by IPsec, probably because of political reasons, technically it was years ahead of IPsec, which came on stream in 1999.
L2TP (layer 2 tunnelling protocol) is based on PPTP (point-to-point tunnelling protocol) and Cisco's L2F (layer 2 forwarding) and addresses many of the problems found in both. PPTP is included for free with Windows 2000/NT4/95/98, but export restricted and with some security implementation issues.
L2TP will use IPsec for authentication & encryption, with a fallback to CHAP/PAP. It is quicker that PPTP, using UDP rather than TCP.
The IETF is considering L2TP, see search.ietf.org/internet-drafts/draft-ietf-pppext-12tp-11.txt and search.ietf.org/internet-drafts/draft-ietf-pppext-12tp-security-02.txt
Be careful when choosing libraries, quality of implementations differ. In particular the quality of random number generation, obfuscation of clear-text in memory and even clean algorithms varies greatly. Access to full sources makes debugging and verification easier. Commercial libraries are often pricey (tens of thousands of dollars..).
- PGP: The C/C++ PGPsdk is available from Network Associates www.pgpinternational.com/product/sof-dev.html runs on Solaris, Linux, Win95/NT, MAC.
- Baltimore Technologies have been in the encryption game for over 20 years and have an established crypto pedigree. They are based in Ireland, England and Australia.
Baltimore offer the CST encryption libraries in C. SMT is an S/MIME toolkit. An SSL, Java SSL and PKI library are also available.
J/Crypto is a pure Java library, that implements encryption, hashing & certificate management. V3 was used by the author for secure Applet-Proxy-Server communications.
- Switzerland/ r3 Engineering: see note on Entrust below.
- Denmark: Cryptomathic
- Canada: Certicom offer toolkit that include plugins for Microsoft CAPI and Intel CDSA. SSL and smart cards libraries are available.
- C2 net offer a SSL crypto engine and SafePassage Secure Tunnel for adding encrypted TCP tunnels to applications. (a bit like SSH TCP tunnels).
- Australia: Eracom offer crypto hardware for UNIX (SCO) and Windows, with DES and RSA interfaces and development libraries in Java (JCE) and C (PKCS#11 / Cryptoki).
- New Zealand: RPK Security offer the RPK Encryptonite Software Toolkit which implements the RPK algorithm in C/Java/Delphi or as a DLL or ActiveX control.
OpenSSL www.openssl.org is a further development of Eric Young's SSLeay and is the foundation for many products. Extract from the "readme":
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
OpenSSL includes low level crypto functions, such as the algorithms in SSL and some high level PKCS functions (more are needed!). It is being actively developed.
... if your Company want's to contribute to free crypto, look no further!
Mod_ssl, OpenLDAP and OpenCA build on OpenSSL.
SSLeay references: Introducing SSL and Certificates using SSLeay, SSLeay Programmer Reference, SSLeay SSLeay and SSLapps FAQ
Wei Dai's Crypto++ 3.1 www.eskimo.com/~weidai/cryptlib.html is a multi-platform C++ crypto library. It does not include high level functions such as PKCS.
Adam Shostack provides a comparison of algorithms implemented in various free libraries www.homeport.org/~adam/crypto/
Entrust is a U.S. company, that bought out the Swiss cypto company "r3 Security Engineering". Apparently this allows them to provide crypto internationally. In fact, they are giving away complete libraries "sort-of free" - see devnet.entrust.ch . The following is an extract from the license:
....Entrust Technologies hereby grants to you a non-exclusive, non-transferable, internal license to use one (1) copy of the Entrust/Toolkit solely to develop Licensee Applications and Licensee Applets. Any attempt to use information received as a part of an Entrust/Toolkit for any other purpose including, but not limited to, the creation of an emulator of the Entrust family of products or an emulator of the Entrust/Toolkit constitutes a breach of this License......
Licensee Applications and Licensee Applets: Entrust Technologies grants you a non-exclusive, non-transferable right to use and distribute copies of those portions of the Entrust/Toolkit (excluding the Entrust/Engines) incorporated into Licensee Applications or Licensee Applets by way of permitted use of an Entrust/Toolkit. You shall not distribute the Entrust/Engine whether separately or as part of a Licensee Application or Licensee Applet. You shall not otherwise sell, license, distribute or in any other manner commercially exploit any part of an Entrust/Toolkit. You shall not modify the Entrust/Engines.
==> I'm not sure how significant the Entrust/Engines limitation above, is.
Perl with SSL: www.neuronio.pt/SSLeay.pm.html.
CryptixPerl: There is an older Cryptix library V1.16 in Perl with a PGP interface (last update April '97). Perl version doesn't look easy to use and high-level key management functions seem to be missing.
- PGPlib: V1.1/Jan'98 from Tage Stabell-Kuloe in Norway.
PGP 2.6.x compatible C library, UNIX (especially NetBSD 1.2, FreeBSD, HP-UX and Linux). Uses SSLeay crypto functions. ftp://dslab1.cs.uit.no/pub/PGPlib.tar.gz www.pasta.cs.uit.no/~tage/ www.cryp.to/pgplib-dev-archive/
- PGPlib for Windows, V1.0/July'98 which implements common PGP functions in C www.cam.org/~droujav/pgp/pgplib.html
- CTC: V2.1/Jan'99 by Ian Miller and Mr. Tines in England. Free PGP 2.x & 5.x compatible C++ crypto library for UNIX, ftp.demon.co.uk/pub/mac/pgp/ .
- PGP::Sign is a Perl library for PGP 2.x or 5.x or GnuPG with signing only. V0.14/Feb.'99, Russ Allbery firstname.lastname@example.org. See CPAN or www.eyrie.org/~eagle/software/
- PGP::Pipe is a Perl wrapper for PGP 2.x command line, by Gerard Hickey. V0.3/Aug.'96. Looks good, a pity it doesn't support the PGP5 library. Find it on CPAN.
- PGPTools: PGP library in C. www.unicorn.com//pgp/pgptools.html
- The GNU privacy guard is supplied with source code, so it could be made into a library. www.gnupg.org
- The Australian ABA is a clean room implementation of the Java Cryptography Extension (JCE) API as defined by Sun Microsystems, plus a provider of underlying crypto algorithms. This package does not include any native code. ABA's principal (commercial) product is a java based Ecommerce solution called SecuEpayment. www.aba.net.au/solutions/crypto/jce.html The license is not restrictive, looks good.
- Cryptix-java www.systemics.com/doc/cryptix
- Java SSH implementations also include crypto engines:
Gourio's Applet www.cl.cam.ac.uk/~fapp2/software/java-ssh/
Garbo, Crypto CD
www.cs.hut.fi/crypto/ pointers to crypto SW
ftp.funet.fi/pub/crypt excellent: a "must visit"
www.counterpane.com/ Schneier: Blowfish, Twofish
ftp.psy.uq.oz.au/pub/Crypto/ E.Young's DES, SSL
www.systemics.com/ cryptix Java, C, Perl
www.eskimo.com/~weidai/cryptlib.html Wei Dai's C++ lib
www.cs.hut.fi/ssh/ Tatu Ylonen's SSH
ftp://ripem.msu.edu/pub/crypt/sci.crypt/ -- sci.crypt Archives
www.swcp.com/~iacr/ -- International Association for Cryptologic Research
www.cs.adfa.oz.au/teaching/studinfo/csc/lectures/classical.html Classical Crypto Explanation
www.cryptosoft.com/snews/snews.htm an index to lots of crypto news articles
cryptography.org/freecryp.htm links to crypto sites, a bit old
Secured web services are based on the use of standard application protocols over SSL.
Netscape's secure socket layer is a "plug-in" socket layer (port 443 for HTTP)
offering client & server authentication, integrity checking, compression and
encryption. It is currently an Internet draft (not yet approved).
It is designed to fit on the transport layer in the TCP/IP stack (like Berkeley sockets), but below applications (such as telnet, ftp, HTTP). SSL was introduced in July 1994.
TLS (Transport Layer Security) In 1995, the IETF started work on the adoption of SSL as an Internet Standard, known as TLS. A draft of the protocol was published in March 1997, based on SSL 3.0. Some differences are the use of HMAC instead of MD5 for integrity checking and a slightly different set of encryption algorithms that are supported. www.consensus.com/ietf-tls or www.ietf.org/html.charters/tls-charter.html
HTTP over SSL is the most common usage of SSL. https:// is used rather than http:// to connect to a secured site. If you use Netscape Navigator 2&3, the broken key on the bottom left corner will become "unbroken" indicating that the session is encrypted. One tooth on the key indicates 40bit and 2 teeth indicate 128 bit encryption.
General SSL wrappers:
LDAP over SSL: OpenLDAP www.openldap.org
IMAP/POP over SSL
FTP over SSL
rsh/rlogin/rcp over SSL
Telnet / tn3270 over SSL
14.Sep'99 Originally published as two articles on SecurityPortal
06.Dec'99 Minor fixes.
04.Apr'00 Improved TOC. Update U.S. Export links. Link to SSH article.
10.May'00 Fix links.
20.Feb.01 OpenPGP link
23.May.01 John Nevado [email@example.com] wrote in to say:
"We are a small aggressive software company that started out in The West Indies due to the Wassenaar Arrangement, but who are now based in Stockholm Sweden. We were given the first General Export License for strong crypto for the mass market and have started exporting our product SafeIT E-mail Encryption from Sweden. We aim to provide the strengths of strong crypto in a user friendly package." www.SafeIT.com
Another untested product: sigma secure email: link1, link2
Sean Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
|© Copyright 2001, Sean Boran, All Rights Reserved|