Interfacing with a Cryptographic Service Provider (CSP)
The CSP architecture provides a safe way for multiple applications to access
cryptographic and signature services. Instead of being passive sets of
encryption routines, CSPs are independently functioning cryptographic modules capable of
authenticating the user and checking for user assent to actions.
For example, some CSPs will require a PIN to be entered before a digital
signature is generated, while some require a smart card, and still others have no
authentication at all. The quality of protection for keys within the system is a
design parameter of the CSP itself and not the system as a whole. This lets the
same applications run in a variety of security contexts without modification.
The amount of access that applications have to the cryptographic internals has
been carefully restricted. This was done to facilitate writing applications
that are both secure and portable. The following three design rules apply:
- Applications cannot directly access keying material. Because all keying
material is generated within the CSP and used by the application through opaque
handles, there is no risk of an application or its associated DLLs either divulging
keying material or choosing keying material from poor random sources.
- Applications cannot specify the details of cryptographic operations. The CSP
interface only allows applications to specify broad actions to take (for
example, encrypt data using algorithm X and sign data). The actual implementation of
the cryptographic operations is the responsibility of the CSP. This limits the
scope of the API because esoteric protocols require application intervention,
but make a basic set of operations readily available to all applications.
- Applications do not handle user authentication data. User authentication is
done by the CSP. In this way, CSPs that have better authentication capabilities
(for example, biometric inputs and data keys) will function without needing to
change the application's authentication model. It also prevents applications
from divulging user secrets.
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
