Internationally Available Strong Crypto Products

A summary of standards, protocols and products.

By Seán Boran

Most security magazines and websites cover U.S. products, but these are not much use to International users who are penalised by the U.S. export restrictions.

This paper is devoted to Persons needing strong crypto Internationally. It first appeared as a series of three articles on SecurityPortal in September 1999. This is an updated version.

Note 20.Feb.01:
U.S. Export restrictions have relaxed significantly, especially with EU countries and the RSA algorithm is no longer patented. It is still not trivial to export crypto products from the U.S. however, even free crypto.

Therefore the effort to develop strong crypto products outside the U.S. will have to continue form some time.

Operating systems like OpenBSD, SuSE Linux and even U.S. based Solaris and RedHat now bundle strong crypto products.

For quick reference, a detailed table of contents is provided:

  1. Introduction:
      Strong cryptography? 
      U.S. Export restrictions
  2. Secured telnet/remote UNIX connections: SSH
  3. File encryption: PGP, F-Secure, Linux, More.
  4. Secure Email: PGP, S/MIME, SSL, Non-standard.
  5. Virtual Private Networks (VPNs):
       IPsec products
        PPTP products
  6. Development Libraries: Commercial, Free, References.
  7. Secured web services: Browsers, Web servers, other services via SSL.
  8. Changes to this article

We welcome your feedback on this article.


There are several mechanisms which can be used to reduce security risks to data and IT systems, ranging from policies, physical protection, firewalls, hardened operating systems, access control, authentication and encryption. Encryption functions are used in many technical security mechanisms, but very few products containing "strong" encryption are available Internationally.

This article discusses what strong cryptography is, what the restrictions are and give a brief overview of strong products in the following categories.

What is strong cryptography?

Cryptography is the translation of information (known as plaintext) into a coded form (known as cypertext) using a key.  In a strong cryptosystem, the plaintext can only be recovered by the use of the decryption key.
There are several possible weaknesses in a crypto system, and the strength of the system is the strength of the weakest link.

The definition of "strong" concentrates on the issue of key lengths, but strong keys are useless if the above issues are not addressed. Other weakness that can render strong cryptography useless are: not protecting keys physically, not using strong passphrases or social engineering attacks.
Here we define strong encryption as that which uses key sizes greater than or equal to 1568 bits for Public Keys (RSA, DH and ElGamal) and 90 bits for Shared (symmetric) keys. This is probably enough to protect against large organisations for the next decade. Many people refer to strong cryptography as "128 bit", but this only refers to share key (or symmetric) algorithms. 128 bit symmetric keys should be safe for 50 years at least.

"Strong" for new encryption systems such as Elliptical curve or Quantum cryptography is not included in this definition.

What are the International restrictions?

September 16, 1999: The U.S. have announced a major shift in export restrictions, which should come into effect on 15th Dec.'99. The following is an edited extract from the White house press statement:

The strategy rests on three principles: a one-time technical review of encryption products in advance of sale, a streamlined post-export reporting system, and a process that permits the government to review the exports of strong encryption to foreign government and military organizations and to nations of concern.

In support of public safety, the President is transmitting to the Congress legislation that seeks to assure that law enforcement has the legal tools, personnel, and equipment necessary to investigate crime in an encrypted world via the Cyberspace Electronic Security Act of 1999.

See also:
  White house press statement
  Office of strategic trade and foreign policy controls
  Export Administration Regulations
  Cyberspace Electronic Security Act.

The situation before September 16 is documented below, until the new policy comes into affect and strong crypto products start shipping:

The U.S. and certain other countries consider encryption to be a weapon and strictly control exports. This is basically crippling the efforts to include standard encryption in Applications, Internet services, and Operating systems.  In general, the U.S. allows export of 56 bit shared key systems (DES, 56-bit RC-2/4/5, 56-bit CAST) and 1024 bit public key systems, except to "terrorist countries".
The last key relaxation of the export rules was in December 1998.

Some other countries (Iraq, France...) forbid encryption except when a key has been deposit in an escrow (so the legal authorities can listen to all communications if they need).  Other countries allied to the U.S. also enforce the U.S. restrictions by allowing strong encryption domestically, but restricting exports.
Germany has lifted export restrictions from 1st September 1999.

Even if the U.S. has effectively lifted the ban and does not reimpose it in the future, the continued use of strong international crypto products is recommended:

Introduction References


Secured telnet/remote UNIX connections

Secure Shell (SSH)

Note: Since this article was published, an article specifically on SSH was written by the author. It is more up-to date and detailed. See ssh-part1.html or the Version on SecurityPortal.

SSH is authored by Tatu Yionen, Espoo, Finland and is a secure replacement for Telnet, rlogin, rcp, rsh and provides secured TCP tunnels. Optional compression of traffic is provided and can also be used together with many authentication schemes such as SecurID, Kerberos, S/KEY to provide a highly secure remote access point to UNIX servers.

It is very well designed, supports numerous encryption algorithms (RSA, Triple DES, IDEA, Blowfish, ... ), is backward compatible with the Berkeley "r" commands and supports automatic encryption of X sessions.

The are two major protocols versions SSH1 and SSH2. SSH2 is only available in commercial form at the moment.
Efforts are underway to make SSH2 an official Internet Standard, see .

File encryption

There are no standards for file encryption, with the possible exception of PGP which has become a defacto standard. The PKCS#7 standard used in S/MIME could be used for file encryption, but no vendor seems have to implemented it.

PGP File Encryption

PGP is principally an email encryption program, but also very interesting for file encryption. The Windows version has an excellent GUI, the UNIX version has only a command line interface. Network Associates support the commercial version.
See also,,, .

  1. Symmetric or Asymmetric encryption of files (local or on a network server) on a file-by-file  or directory basis, to protect the privacy of files.
  2. Signing of files (local or on a network server) on a file-by-file basis, to verify who files belong to and confirm that they have not changed.
  3. Secure deletion (overwriting) of files.
  4. PGPdisk offers encrypted logical drives (using symmetric keys)
  5. The fact that secure email is possible means that one set of keys is used for both functions and the user only has to learn how to use one program.

F-Secure Desktop & Filecrypto

F-Secure Desktop V2.0, from Finland allows symmetric encryption of files on Windows systems with a GUI. F-secure Desktop ( is interesting for:

  1. Protecting files for long term storage or transport: Taking a bundle of files, creating an "encrypted package", sending this package (via email or diskette) to someone else anywhere in the world and allowing them to securely decrypt the files, without having F-Secure desktop themselves.
    Of course the encryption key must be shared "out of band".
  2. Protect files from an attacker who has physical access: Encryption of files (local or on a network server) on a file-by-file basis, to protect the privacy of files.
  3. Automatic encryption of a list of confidential files when you log out and decryption when you login in. This mode is only recommended for local files, NOT files on network servers.
  4. Secure deletion of confidential files.

FileCrypto 3 is an extension of the F-Desktop product discussed above, with automatic "on the fly" encryption and decryption of "secret files". Files are only decrypted into memory when loaded from disk, so files are always encrypted on disk and so there is no (long) decryption on login and encryption on logout as with F-Desktop.

Linux Encrypted Filesystems

  1. The International Kernel Patch and associated Encrypted Home Directory patch
  2. Encrypted filesystem drivers PPDD
  3. TCFS (Transparent Crypto File System)

More file encryption products

Sentry 2020: Softwinter, an Israeli company, produce a strong encryption tool for NT and Windows CE!. It sets up a "virtual encrypted drive" that is in fact a file on the system. This file is encrypted and can only be mounted as a standard drive using Sentry and enter a password. This drive can then be used as a normal drive, except that it is encrypted.

Sapher Server Ltd., from England produce a software called Secrets for Windows which supports symmetric and asymmetric algorithms and includes macros for easy usage within Microsoft Office Applications.

Cryptext: How about a free NT/Win95 file encryption program? Nick Payne has produced a file encryption tool for Win95/98 & NT called Cryptext, that uses RC4 and SHA-1. It is available in the English, French, German, Portuguese and Spanish languages. V3.2 can be downloaded from

CodedDrag V2.1 is a extended Shareware encryption tool for Win95/NT. See

RITS Private file: A 16bit Windows product which uses DES to encrypt files. A 32 bit version with additional support for asymmetric encryption should be released soon. The user interface is quite primitive, with no explorer extensions or drag and drop. Several files can't be bundles together into one archive either.

FLYCRYPT for Windows'95 is a shareware "Transparent" encryption program capable of encrypting files in a selected folder using two strong ciphering algorithms: BLOWFISH (key of length 448 bit, 32 rounds) and GOST 28147-89 (key of length 256 bit, 32 rounds).

Ironware (Czech republic) produce the Ironware Folder  PC encryption tool . IDEA or Blowfish algorithms are used to encrypt "marked" folders on shutdown and decrypt them on startup (like F-Secure Desktop above). Several users with different passwords can use the same PC.

Deutsche Telekom TELESEC offer Sfile, for signing and encryption of files, with a chipcard interface.

Enigma98 is a product of Cryptosoft GmbH, Germany which offers symmetric encryption (many ciphers) for 16 and 32bit Windows users.

Secure Email

For secure email applications, there are currently two standards, PGP and S/MIME. Whereas PGP is probably the dominant method of exchanging secure Email today, S/MIME is expected to become the standard over the next year or two, because it is backed by most of major players (RSA, Microsoft, Netscape, Lotus). PGP5 is very interesting, in both free & commercial forms. It should be considered for any short to medium term solution. A pity that it is not S/MIME compatible!

PGP Email

PGP (Pretty Good Privacy) is an encryption system developed by Philip Zimmerman for ensuring data confidentiality and (partially) proof of origin. It is primarily used together with Internet email products for signing and/or encryption of information. Local files may also be signed/encrypted. It has been around for a long time.
PGP was originally developed in the U.S., but was exported internationally by distributing the source code in book (paper) form. This has caused friction with certain U.S. Government agencies.  PGP  works on almost every platform from mainframes to PCs. A good overview of all the history of PGP versions and supported algorithms can be found at .
PGP is being standardised by the IETF under the OpenPGP banner. See

There are two principal international versions:

  1. The old "standard" version was stopped at 2.6.3 (released Feb.96). IDEA was the symmetric algorithm, RSA the public key algorithm supported.
  2. Version 5 was released in late 1997. This improved version provides an easy-to-use GUI for PCs and Macintosh and directory services publishing/lookup out of the box.
    It supports IDEA, CAST and 3DES algorithms for symmetric encryption.
    Version 6 was released in early 1999. Seems to be backward compatible with V5, but offers quite a few new interesting features. Very professional looking. V6 is not available for UNIX (only MAC & Win32).
    PGP can work as an Email plugin for Eudora, Exchange / Outlook, Outlook Express or as an external program (for other Email clients).



Secure MIME (Multi Purpose Mail Extensions)  is a proposed Internet standard for secure message exchange, developed by RSA, adopted by several vendors and now undergoing the IETF standards process.  S/MIME is based on existing standards - MIME bodies and PKCS objects. There are two versions, V2 was finalised in March 1998, V3 is not yet finalised.
S/MIME is based on RFC 2311 and RFC 2313, which specify how PKCS#7 is used for message encryption/signing, PKCS#1 for RSA encryption, X509 for certificate formats (v1 &v3) and PKCS#10 for certificate requests.

Algorithms: Symmetric key DES, 3DES and RC2 40-128bit, public key 512-2048 bit RSA and SHA-1 / MD5 hashing algorithms are used in S/MIME 2.


SSL for Email encryption

Secure Sockets Layer (SSL - see below) can be used to protect Email during transport, but does not offer user authentication, nor digital signatures/non-repudiation. The use of SSL for protecting POP, IMAP, SMTP is discussed in Part III/ Secured Web Services.

Non standard Email encryption products

Ascom offer a secure email product for Exchange which is based on their patented IDEA algorithm. See .

Sapher Server Ltd., from England produce Secrets for Exchange for encrypting emails.

Ironware (Czech republic) produce the Ironware Mail tool . IDEA or Blowfish algorithms are used to encrypt "marked" folders on shutdown and decrypt them on startup (like F-Secure Desktop above). Several users with different passwords can use the same PC.

ABI-Software Development of Toronto, Canada offer free email encryption software.

InvisiMail, developed in New Zealand, is an encrypting mail proxy (which can be installed on the desktop, LAN SMTP server or Intern et gateway), with spam filtering, content scanning, anti-virus protection, digital signing, sender authentication and policy management. It works with most current Email clients (Microsoft, Netscape, Eudora, etc.) on Win32 (Linux versions are planned). X.509 certificates.
InvisiMail is not S/MIME or PGP compatible (InvisiMail uses it's own RPK (Raike Public Key) algorithm to encode and decode messages), but support is planned for both in the near future.


VPN Introduction

VPNs (Virtual Private Networks) are use to protect the privacy and integrity of information
exchanged between two parties over an untrusted network. VPNs provide a means of securing network traffic and authenticating entities by providing a gateway at each point of access into a business. Based on the IPsec standards (increasingly), VPNs provide the necessary data privacy, access control, data integrity and authentication services at a low level in the network and are independent of the
applications using the network.

The term "client" (or VPN client) refers to the initiating part presumably on an insecure
network and the "server"  is on the other side, waiting for
connections. A "gateway" is a special server that connects clients to "clear text" servers, providing secured traffic to the client, but clear text traffic to the destination server. Examples of VPN usage:

VPN Protocols

IPsec IPv6 is the up-and-coming replacement for the current V4 Internet Protocol. V6 is needed especially for it's much greater address range, but it also provides security features for improved integrity, authentication and confidentiality not found in the current V4. IPsec is the name given to the V6 security protocols (covered in RPCs 1825 to 1829). IPsec can be used with IPv4 and is hopefully the standard that will bring us VPNs that interoperate. See

IPsec is located on the network layer and can encrypt all data above this layer (including for example the transport headers). The are two basic encryption modes:

In their initial connection, each pair of entities negotiates the security policy that is to be used in their subsequent communications. This key exchange protocol is known as IKE (formerly ISAKMP/Oakley) and is based on Diffie-Hellman (DH).
Algorithms supported: MD5 and SHA-1 hashing, DSS and RSA signatures, DES / 3DES / Blowfish symmetric encryption, RSA Public Key encryption along with support for X509 v3 certificates.

PKI certs provide reliable authentication and secure key negotiation by allowing each party to protect their key by either signing it and verifying with digital signatures, or encrypting and decrypting it with their public-private key pairs. Lookup of revoked certificates is provided by directories, which are used to publish revoked certificates within the PKI.

IPSec can operate in two modes, either tunnel or transport mode. In transport mode the ordinary IP header is used to deliver the packets, in tunnel mode the IP header contains the address of a security gateway, which knows how to verify/decrypt the payload and forward it to the final destination (obtained from an encapsulated IP header in the protected payload). Tunnel mode is typically used for VPNs.

ICSA run an IPsec certification process to ensure interoperability between products. See  and 

SKIP  offers link level encryption, the encryption taking place below the transport layer. It also includes a scheme for authentication, key management and certification authority. Many different encryption algorithms may be used (3DES, DES, RC4, the public key exchange is based on Diffie-Hellman). SKIP could be used for encrypted VPNs (end-to-end, firewall-firewall or end-to-firewall) or encrypted client to server communication. SKIP was developed by Sun Microsystems, who put the source code into the public domain. 
SKIP was proposed as an Internet Standard at the December 1995 IETF meeting by Sun. The IETF allowed SKIP to proceed as a proposed and elective/optional standard. Version 0.5 was released in November 1995. The current version is V2.
SKIP was not adopted by IPsec, probably because of political reasons, technically it was years ahead of IPsec, which came on stream in 1999.

L2TP (layer 2 tunnelling protocol) is based on PPTP (point-to-point tunnelling protocol) and Cisco's L2F (layer 2 forwarding) and addresses many of the problems found in both. PPTP is included for free with Windows 2000/NT4/95/98, but export restricted and with some security implementation issues.
L2TP will use IPsec for authentication & encryption, with a fallback to CHAP/PAP. It is quicker that PPTP, using UDP rather than TCP.
The IETF is considering L2TP, see and

IPsec Products

PPTP Products

Other VPNs Products

Development Libraries

Be careful when choosing libraries, quality of implementations differ. In particular the quality of random number generation, obfuscation of clear-text in memory and even clean algorithms varies greatly. Access to full sources makes debugging and verification easier. Commercial libraries are often pricey (tens of thousands of dollars..).

Commercial crypto Libraries

  1. PGP: The C/C++ PGPsdk is available from Network Associates runs on Solaris, Linux, Win95/NT, MAC.
  2. Baltimore Technologies   have been in the encryption game for over 20 years and have an established crypto pedigree. They are based in Ireland, England and Australia.
    Baltimore offer the CST encryption libraries in C. SMT is an S/MIME toolkit. An SSL, Java SSL and PKI library are also available.
    J/Crypto is a pure Java library, that implements encryption, hashing & certificate management. V3 was used by the author for secure Applet-Proxy-Server communications.
  3. Switzerland/ r3 Engineering: see note on Entrust below.
  4. Denmark: Cryptomathic
  5. Germany:
  6. Canada: Certicom offer toolkit that include plugins for Microsoft CAPI and Intel CDSA. SSL and smart cards libraries are available.
  7. C2 net offer a SSL crypto engine and SafePassage Secure Tunnel for adding encrypted TCP tunnels to applications. (a bit like SSH TCP tunnels).
  8. Australia: Eracom offer crypto hardware for UNIX (SCO) and Windows, with DES and RSA interfaces and development libraries in Java (JCE) and C (PKCS#11 / Cryptoki).
  9. New Zealand: RPK Security offer the RPK Encryptonite Software Toolkit which implements the RPK algorithm in C/Java/Delphi or as a DLL or ActiveX control.

Free crypto libs

OpenSSL  is a further development of Eric Young's SSLeay and is the foundation for many products. Extract from the "readme":
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
OpenSSL includes low level crypto functions, such as the algorithms in SSL and some high level PKCS functions (more are needed!). It is being actively developed.
... if your Company want's to contribute to free crypto, look no further!
Mod_ssl, OpenLDAP and OpenCA build on OpenSSL.
SSLeay references: Introducing SSL and Certificates using SSLeaySSLeay Programmer Reference, SSLeay SSLeay and SSLapps FAQ

Wei Dai's Crypto++ 3.1 is a multi-platform C++ crypto library. It does not include high level functions such as PKCS.

Adam Shostack provides a comparison of algorithms implemented in various free libraries

Entrust is a U.S. company, that bought out the Swiss cypto company "r3 Security Engineering". Apparently this allows them to provide crypto internationally. In fact, they are giving away complete libraries "sort-of free" - see . The following is an extract from the license:
....Entrust Technologies hereby grants to you a non-exclusive, non-transferable, internal license to use one (1) copy of the Entrust/Toolkit solely to develop Licensee Applications and Licensee Applets. Any attempt to use information received as a part of an Entrust/Toolkit for any other purpose including, but not limited to, the creation of an emulator of the Entrust family of products or an emulator of the Entrust/Toolkit constitutes a breach of this License......
Licensee Applications and Licensee Applets: Entrust Technologies grants you a non-exclusive, non-transferable right to use and distribute copies of those portions of the Entrust/Toolkit (excluding the Entrust/Engines) incorporated into Licensee Applications or Licensee Applets by way of permitted use of an Entrust/Toolkit. You shall not distribute the Entrust/Engine whether separately or as part of a Licensee Application or Licensee Applet. You shall not otherwise sell, license, distribute or in any other manner commercially exploit any part of an Entrust/Toolkit. You shall not modify the Entrust/Engines.

==> I'm not sure how significant the Entrust/Engines limitation above, is.


Perl with SSL:
CryptixPerl: There is an older Cryptix library V1.16 in Perl with a PGP interface (last update April '97). Perl version doesn't look easy to use and high-level key management functions seem to be missing.


  1. PGPlib: V1.1/Jan'98 from Tage Stabell-Kuloe in Norway.
    PGP 2.6.x compatible C library, UNIX (especially NetBSD 1.2, FreeBSD, HP-UX and Linux). Uses SSLeay crypto functions.
  2. PGPlib for Windows, V1.0/July'98 which implements common PGP functions in C
  3. CTC: V2.1/Jan'99 by Ian Miller and Mr. Tines in England. Free PGP 2.x & 5.x compatible C++ crypto library for UNIX, .
  4. PGP::Sign is a Perl library for PGP 2.x or 5.x or GnuPG with signing only. V0.14/Feb.'99, Russ Allbery See CPAN or
  5. PGP::Pipe is a Perl wrapper for PGP 2.x command line, by Gerard Hickey. V0.3/Aug.'96. Looks good, a pity it doesn't support the PGP5 library. Find it on CPAN.
  6. PGPTools: PGP library in C.
  7. The GNU privacy guard is supplied with source code, so it could be made into a library.


  1. The Australian ABA is a clean room implementation of the Java Cryptography Extension (JCE) API as defined by Sun Microsystems, plus a provider of underlying crypto algorithms. This package does not include any native code. ABA's principal (commercial) product is a java based Ecommerce solution called SecuEpayment.   The license is not restrictive, looks good.
  2. Cryptix-java
  3. Java SSH implementations also include crypto engines:
    Gourio's Applet

Crypto library References

Garbo, Crypto CD                                              pointers to crypto SW                                                excellent: a "must visit"                                           Schneier: Blowfish, Twofish                                    E.Young's DES, SSL                                                cryptix Java, C, Perl                    Wei Dai's C++ lib                                                     Tatu Ylonen's SSH           Crypto+Law -- sci.crypt Archives -- International Association for Cryptologic Research   Classical Crypto Explanation                    an index to lots of crypto news articles                                 links to crypto sites, a bit old

Secured web services

Secured web services are based on the use of standard application protocols over SSL. Netscape's secure socket layer is a "plug-in" socket layer (port 443 for HTTP) offering client & server authentication, integrity checking, compression and encryption. It is currently an Internet draft (not yet approved).
It is designed to fit on the transport layer in the TCP/IP stack (like Berkeley sockets), but below applications (such as telnet, ftp, HTTP). SSL was introduced in July 1994.

TLS (Transport Layer Security)  In 1995, the IETF started work on the adoption of SSL as an Internet Standard, known as TLS. A draft of the protocol was published in March 1997, based on SSL 3.0. Some differences are the use of HMAC instead of MD5 for integrity checking and a slightly different set of encryption algorithms that are supported. or

Strong Browsers

Strong Web servers

HTTP over SSL is the most common usage of SSL. https:// is used rather than http:// to connect to a secured site. If you use Netscape Navigator 2&3, the broken key on the bottom left corner will become "unbroken" indicating that the session is encrypted. One tooth on the key indicates 40bit and 2 teeth indicate 128 bit encryption.

Other services over SSL

General SSL wrappers:



FTP over SSL

rsh/rlogin/rcp over SSL

Telnet / tn3270 over SSL


Changes to this article

14.Sep'99 Originally published as two articles on SecurityPortal
06.Dec'99 Minor fixes.
04.Apr'00 Improved TOC. Update U.S. Export links. Link to SSH article.
10.May'00 Fix links.
20.Feb.01 OpenPGP link
23.May.01 John Nevado [] wrote in to say: 
"We are a small aggressive software company that started out in The West Indies due to the Wassenaar Arrangement, but who are now based in Stockholm Sweden. We were given the first General Export License for strong crypto for the mass market and have started exporting our product SafeIT E-mail Encryption from Sweden. We aim to provide the strengths of strong crypto in a user friendly package."

Another untested product: sigma secure email: link1, link2

Sean Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2001, Sean Boran, All Rights Reserved