Anybody planning to wrap this in a perl-callable package? Posted-Date: Tue, 10 Sep 1996 18:32:27 -0400 (EDT) X-Sender: farber@linc.cis.upenn.edu Date: Tue, 10 Sep 1996 18:32:25 -0400 From: Dave Farber <farber@central.cis.upenn.edu> Subject: IP: Microsoft Releases Beta Version of CryptoAPI 2.0 Mime-Version: 1.0 Precedence: list To: interesting-people@eff.org (interesting-people mailing list) X-Proccessed-By: mail2list I am sorry for the bad formatting. It is how I got it From: Mahesh Prakriya <maheshp@microsoft.com> To: "'farber@cis.upenn.edu'" <farber@central.cis.upenn.edu> Subject: FW: Microsoft Releases Beta Version of CryptoAPI 2.0 Date: Tue, 10 Sep 1996 15:20:03 -0700 Encoding: 296 TEXT FYI. Its OK to forward this message to your interesting people list. Mahesh >---------- >From: Dawn Zeh >Sent: Tuesday, September 10, 1996 11:37 AM >To: IPTD News >Subject: Microsoft Releases Beta Version of CryptoAPI 2.0 > >News from your Library > >Abstract: Envisioning a new category of secure Internet applications, >Microsoft today announced cross-platform technology that allows millions of >developers to add strong >security to existing and future software programs. CryptoAPI version 2.0, >which >Microsoft is making available in beta today >(http://www.microsoft.com/intdev/security/), provides the underlying >technology necessary to add security >features to applications, such as the ability to digitally sign a document >and send it over the Internet or verify an individual's identity in an >exchange of personal, financial or medical information. CryptoAPI 2.0 >creates the foundation for a public key infrastructure (PKI), which will >provide end users with a highly secure environment for communicating and >conducting business over the Internet. > > ***************** >Microsoft Releases Beta Version of CryptoAPI 2.0 > > Provides Millions of Developers With Foundation for Highly Secure Internet >Applications > > REDMOND, Wash., Sept. 10 /PRNewswire/ -- Envisioning a new category of >secure >Internet applications, Microsoft Corp. (Nasdaq: MSFT) today announced >cross-platform technology that allows millions of developers to add strong >security to existing and future software programs. CryptoAPI version 2.0, >which >Microsoft is making available in beta today (http://www.microsoft.com >/intdev/security/), provides the underlying technology necessary to add >security >features to applications, such as the ability to digitally sign a document >and >send it over the Internet or verify an individual's identity in an exchange >of >personal, financial or medical information. CryptoAPI 2.0 creates the >foundation for a public key infrastructure (PKI), which will provide end >users >with a highly secure environment for communicating and conducting business >over >the Internet. > > Until now, adding cryptographic capabilities to software was extremely >difficult for most developers. Each vendor of a cryptographic solution >required >software developers to write specific code to take advantage of that vendor's >service. In addition, applications that needed to be used outside the United >States required significant revision to comply with export regulations. The >challenge developers face in providing different types of cryptography in >software programs is analogous to the difficulty software developers had in >supporting printers from different manufacturers before the Microsoft(R) >Windows(R) operating system provided a common way to recognize printers. > > CryptoAPI 2.0 provides cross-platform, operating-system-level support for >cryptography in the same way that today's operating systems provide device >drivers for printers. As a result, developers can easily use a variety of >cryptographic solutions -- from exportable, 40-bit software encryption to >extremely strong, 1,024-bit hardware encryption -- without rewriting their >applications. CryptoAPI 2.0 also frees developers from the need to develop >their own cryptography, providing built-in, replaceable cryptographic >modules. > > CryptoAPI 2.0 is available to developers using a variety of programming >languages, including the Visual Basic(R) programming system, the Visual >C++(R) >development system set, and Java(TM). In addition to traditional programming >interfaces, the cryptographic features are being delivered as a set of COM >interfaces, providing developers with maximum flexibility in how they build >cryptography-enabled applications. > > CryptoAPI 2.0 provides the following key benefits: > > -- It eliminates the need for application developers to create their own >cryptography by providing an interface to third-party cryptographic service >provider (CSP) modules that deliver cryptographic technology from specific >vendors. > > -- CryptoAPI's modular design allows developers to work with a full range >of >CSPs that provide either software- or hardware-based cryptography, such as >software algorithms or smart cards. > > -- Replaceable cryptographic modules let developers create applications for >worldwide use without having to worry about encryption export issues. >Replaceable cryptographic modules also enable developers to easily upgrade >cryptographic technology as it becomes available without having to modify >their >applications. > > -- CryptoAPI frees developers from the financial obligation of licensing >cryptographic technologies directly from CSP vendors. > > At Microsoft's Security Design Review today, which is being attended by >more >than 150 independent software vendors, Microsoft will demonstrate beta >versions >of CSP modules from BBN Corp., Cylink and Spyrus, in addition to the >Microsoft >CSP module, which is based on technology from RSA Data Security. > > "CryptoAPI makes it easy for developers to create applications with the >world's most widely used encryption technology from RSA," said Jim Bidzos, >president of RSA. "The availability of exportable and upgradeable >cryptography >provides developers with security functions that are effective throughout the >world." > > CryptoAPI 2.0 Technical Details > > CryptoAPI 2.0 adds high-level interfaces to the Windows family of operating >systems for common cryptographic operations such as authentication, signing >and >encryption/decryption services. These cryptography operations make it easier >for developers to do the following: > > -- Encrypt and decrypt messages, files, programs, passwords, forms, >credit-card numbers or any other data either residing locally on a PC or >being >transmitted over a network, including the Internet > > -- Create and manage public and private keys for public key-based >encryption > > -- Create and manage digital certificates Digitally sign a message or data >to >ensure that a recipient knows the identity of its creator and that the data >hasn't been tampered with or altered > > "People need to know whom they're doing business with on the Internet," >said >Stratton Sclavos, president and CEO of VeriSign Inc. "CryptoAPI 2.0 lets >developers easily create applications that can recognize industry-standard >identification methods, such as VeriSign's Digital IDs. We're excited to be >working with Microsoft and other companies to create a cross-platform public >key >infrastructure that allows the Internet to be a secure channel for conducting >business." > > Microsoft expects CryptoAPI 2.0 to be available on several platforms. On >Aug. >21, Microsoft announced it is licensing CryptoAPI to RSA Data Security, >including the rights to incorporate CryptoAPI into RSA's BSAFE and other >security toolkit products, to port CryptoAPI to new platforms, and to build >on >Microsoft's base set of cryptography services. CryptoAPI 1.0 is now shipping >in >Microsoft Internet Explorer 3.0 and the Windows NT(R) operating system >version >4.0. Microsoft also expects that the functionality of CryptoAPI calling >RSA's >cryptographic engine will be shipped for Macintosh and 16-bit versions of >Windows operating systems in early 1997. > > CryptoAPI Accessible to Developers for Visual Basic and Java > > Microsoft also announced today that CryptoAPI 2.0 is available to millions >of >developers using Visual Basic and Java, making it easier to add cryptography >and >certificate functionality to their applications. A set of COM interfaces >encapsulating CryptoAPI's certificate and cryptographic functionality is now >available on Microsoft's Web site. > > "Providing CryptoAPI as COM interfaces enables the millions of developers >using tools such as Visual Basic to incorporate cryptography and certificate >features easily into our applications," said David Mendlen, an architect for >Ameritech Cellular who uses Visual Basic. "Building exportable applications >with >flexible and renewable security lets us provide added value to all of our >customers without having to rewrite applications for foreign markets." > > "Microsoft is demonstrating its commitment to helping all developers, >including those using Visual Basic and Java to create secure applications for >a >global market," said Brad Silverberg, senior vice president of the Internet >platform and tools division at Microsoft. "By providing companies and >developers with easy access to cryptography, CryptoAPI 2.0 will accelerate >the >development of a cost-effective public key infrastructure, giving end users a >richer and safer computing experience." > > Support From Major Cryptographic Service Providers > > In addition to the bundled CSP based on RSA technology for CryptoAPI 1.0 >and >CryptoAPI 2.0 beta version provided by Microsoft, six additional corporations >announced they will provide CSP modules for CryptoAPI. Atalla (a Tandem >company), Northern Telecom Inc. (Nortel Secure Networks) and Trusted >Information >Systems have committed to provide CSP modules in the future, and at the >Security >Design Review, Microsoft is demonstrating beta versions of CSP from BBN >Corp., >Cylink and Spyrus. > > The BBN CSP module supports hardware-based cryptographic key generation and >storage using BBN's SafeKeyper certificate signing unit. BBN is a leading >provider of Internet and internetworking services to businesses and >organizations. > > Cylink's CSP provides developers with a wide variety of public key >cryptography services including Diffie-Hellman key management, DES >encryption, >DSS digital signatures and standards-based document hashing. Cylink is a >leading provider of network security and management systems. > > The Spyrus CSP supports their EES LYNKS Privacy Card, a tamper-resistant >PCMCIA card that implements multiple U.S. government and commercial >algorithms >for key transport, key wrap, hash and digital signature. In addition, for >government organizations, Spyrus will ship a CSP that works with Fortezza- >compliant PCMCIA cards. Spyrus is a leading provider of information security >technology, addressing a wide range of security requirements in commercial >and >government organizations. > > About Microsoft Internet Security Framework > > The Microsoft Internet Security Framework (MISF) is a comprehensive set of >cross-platform, interoperable security technologies for electronic commerce >and >online communications that support Internet security standards. MISF >technologies implemented to date include Authenticode technology, CryptoAPI >1.0 >and CryptoAPI 2.0 (beta version), support for client authentication, support >for >secure socket layer (SSL) and private communications technology (PCT) secure >channel protocols, and a beta implementation of the Secure Electronic >Transactions (SET) protocol for credit-card transactions. Upcoming MISF >technologies include a certificate server (demonstrated at the design >review), >PFX 1.0 (alpha version demonstrated at design review), and a "wallet." > > In addition, MISF technologies allow corporations to make use of their >existing investments in network security by integrating with the robust >Windows >NT security model. Windows NT provides mechanisms to control access to all >system and network resources, the auditing of all security-related events, >sophisticated password protection, and the ability to lock out intruders. >Windows NT also provides a single logon for users and centralmanagement of >user >accounts for administrators. For more information on the Microsoft Internet >Security Framework, visit http://www.microsoft.com/intdev/security/. > > About Microsoft > > Founded in 1975, Microsoft is the worldwide leader in software for personal >computers. The company offers a wide range of products and services for >business and personal use, each designed with the mission of making it easier >and more enjoyable for people to take advantage of the full power of personal >computing every day. > > NOTE: Microsoft, Windows, Visual Basic, Visual C++ and Windows NT are >either >registered trademarks or trademarks of Microsoft Corp. in the United States >and/or other countries. Java is a trademark of Sun Microsystems Inc. > > /NOTE TO EDITORS: If you are interested in viewing additional information >on >Microsoft please check out the Microsoft Web page at >http://microsoft.com/corpinfo/ on Microsoft's corporate information pages. > > /CONTACT: Julie Hatchett of MacKenzie Kesselring, 801-359-1005, or >julieh@mkinc.com/ >09:02 EDT > >7776 09/10/96 09:02 EDT HT >:TICKER: MSFT >:SUBJECT: SOFT NPRD WA >Copyright (c) 1996 PR Newswire >Received by NewsEDGE/LAN: 9/10/96 6:42 AM > >THE ABOVE MATERIAL IS COPYRIGHTED AND SHOULD NOT BE >REPRODUCED OR DISTRIBUTED OUTSIDE OF MICROSOFT. > Brad Cox; bcox@gmu.edu; 703 968-8229 GMU Program on Social and Organizational Learning http://www.virtualschool.edu/mon Middle of Nowhere Web A Project with Paradoxical Goals