[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

v1.9.3 Certificate Management Library (CML) Now Available

To: "Pawling, John" <John.Pawling@xxxxxxxxxxxxxxxx>
Subject: v1.9.3 Certificate Management Library (CML) Now Available
From: "Pawling, John" <John.Pawling@xxxxxxxxxxxxxxxx>
Date: Tue, 18 Sep 2001 11:57:11 -0400
List-archive: <http://www.imc.org/imc-cml/mail-archive/>
List-id: <imc-cml.imc.org>
List-unsubscribe: <mailto:imc-cml-request@imc.org?body=unsubscribe>
Sender: owner-imc-cml@xxxxxxxxxxxx


Getronics Government Solutions has delivered the Version 1.9.3 
Certificate Management Library (CML) for Microsoft Windows, 
Sun Solaris and Linux.  The v1.9.3 CML is freely available
to everyone from the Getronics CML web page at:
<http://www.getronicsgov.com/hot/cml_home.htm>.
This release fixes bugs present in previous CML releases.  

Applications requiring Public Key Infrastructure (PKI) security 
services can use the CML to meet their X.509 certificate and 
Certificate Revocation List (CRL) processing requirements.  
The v1.9.3 CML is described in the v1.9 CML Application Programming
Interface (API) document.  It implements the 2000 X.509 Recommendation
certification path processing rules and SDN.706 profile.  It meets
the majority of the IETF PKIX RFC 2459 Certificate/CRL Profile
requirements.  There are some unsupported features such as 
Delta CRLs.  It Abstract Syntax Notation One (ASN.1) decodes X.509
Certificates and CRLs.  The v1.9.3 CML requires the v1.3 R6 Enhanced
SNACC ASN.1 software that is freely available from:
<http://www.getronicsgov.com/hot/snacc_home.htm>.

The CML uses the accompanying Storage and Retrieval Library (SRL)
(optionally) to provide local certificate and CRL storage management 
functions.  The SRL (optionally) provides remote directory retrieval
capabilities using the Lightweight Directory Access Protocol (LDAP).
The CML uses path building software based on the v2.0 Certificate 
Path Development Library (CPDL) developed by CygnaCom Solutions, 
a division of Entrust, to provide robust certification path 
building capabilities such as using cross certificates. 

The CML has been thoroughly tested including validating X.509 
Certificates and CRLs created by a variety of Certification 
Authority (CA) products, and signed using the Digital Signature
Algorithm (DSA) and RSA algorithms.  Further enhancements, 
ports and testing of the CML are still in process.  Further
releases of the CML will be provided as significant 
capabilities are added. 

The following enhancements are included in the v1.9.3 CML release 
(compared with the v1.9.2 release):

 1. Fixed linked list bugs in loadDSAparameters() function in 
    CM_Cache.cpp source file that caused CML_CreateSession to
    fail to return when adding multiple trusted certificates to
    the SRL.
 
 2. Fixed bug in CMU_DSAEncodePQGparms() function in CM_encode.cpp 
    source file in which it was using the AsnInt class for the 
    DSA P, Q and G parameters instead of using the CSM_BigIntegerStr
    class.  This caused the DSA parameters to be improperly encoded
    which (in some cases) caused the Crypto Token Interface Library 
    (CTIL) to return an error (ex: MSB is 1) indicating that the 
    DSA parameters were not encoded as valid unsigned ASN.1 INTEGER
    values. 

The following v1.9.3 CML files are available from the Getronics CML
web page:
1) Windows_CML_Lib_v1.9.3.ZIP: MS Windows Dynamically Linked Libraries 
2) Windows_CM_Tool_v1.9.3.ZIP: CM_Tool executable
3) Solaris_CML_Lib_v1.9.3.tar.Z: Sun Solaris Libraries 
4) Solaris_CM_Tool_v1.9.3.tar.z: CM_Tool for Solaris
5) Linux_CML_Lib_v1.9.3.tar.Z: Linux Libraries
6) Linux_CM_Tool_v1.9.3.tar.z: CM_Tool for Linux
7) CML_source_v1.9.3.tar.Z: Source, including Windows project files 
8) CMAPI_data.tar.Z: Test Certs and CRLs used to test CML

The v1.9 CML API document (CMv1.9api.doc, CMv1.9api.pdf), v1.9 SRL API 
document (SRLv1.9api.doc, SRLv1.9api.pdf), and v1.9.3 CML readme file
are also available from the Getronics CML web page.

All source code for the CML is being provided at no cost and with no
financial limitations regarding its use and distribution. Organizations 
can use the CML without paying any royalties or licensing fees.  The
CML was originally developed by the U.S. Government.  Getronics is 
enhancing and supporting the CML under contract to the U.S. Government.
The U.S. Government is furnishing the CML software at no cost to the
vendor subject to the conditions of the CML Public License provided
with the CML software.  

The CML makes calls to an algorithm-independent Crypto Token Interface 
Library (CTIL) API.  The CTIL architecture enables the CML to be used
with a variety of crypto libraries and tokens. The v1.9.3 CML uses the
v1.3 R6 Enhanced SNACC ASN.1 C Library to encode and decode objects.
Getronics has successfully tested the v1.9.3 CML with the SNACC and 
CTIL libraries delivered with the v1.10 S/MIME Freeware Library (SFL).  
Source code for the Getronics-developed CTILs is available from 
<http://www.getronicsgov.com/hot/sfl_home.htm>.  The actual crypto 
libraries are not provided with the CML or SFL.  They must be 
independently obtained from the appropriate source.  

The v1.9.3 CML uses path building software based on the v2.0 CPDL
to successfully meet all of the requirements of the Bridge
Certification Authority Demonstration Phase II that includes cross-
certified Entrust, Spyrus, Baltimore, and Motorola v3 certificate 
domains.  The CML_source.tar.Z file includes the Getronics-enhanced
CPDL source code and public license.  More info regarding the CPDL
is available from: <http://www.cygnacom.com/products/index.htm>.

The National Institute of Standards and Technology (NIST) is 
providing a standard test suite of X.509 certificate paths
<http://csrc.nist.gov/pki/testing/x509paths.html> that can be
used for testing applications against RFC 2459.  The CML was 
used to successfully process the NIST test data.

NIST is using the CML and SFL as part of the NIST S/MIME Test 
Facility (NSMTF) that they are planning to host (see 
<http://csrc.ncsl.nist.gov/pki/smime/>).  Organizations will
be able to use the NSMTF to help determine if their products 
comply with the IETF S/MIME v3 specifications and the Federal
S/MIME v3 Clent Profile.

The Internet Mail Consortium (IMC) has established a CML web page
<http://www.imc.org/imc-cml> and a CML mail list which is used to: 
distribute information regarding CML releases; discuss CML-related 
issues; and allow CML users to provide feedback, comments, bug 
reports, etc.  Subscription information for the imc-cml mailing list 
is at the IMC web site listed above.  

All comments regarding the CML source code and documents are welcome. 
This CML release announcement was sent to several mail lists, but
please send all messages regarding the CML to the imc-cml mail list
ONLY. Please do not send messages regarding the CML to any of the IETF
mail lists.  We will respond to all messages sent to the imc-cml mail 
list.

===========================================
John Pawling, John.Pawling@xxxxxxxxxxxxxxxx
Getronics Government Solutions, LLC
===========================================

Prev by Date: RE: SRL_DatabaseFlush bug !!?
Next by Date: SRL Configuration File
Previous by thread: SRL_DatabaseFlush bug !!?
Next by thread: SRL Configuration File
Index(es):
- Date
- Thread