Re: question about using SFL

[jsp@xxxxxxxxxxxxx (John Pawling)]

Xinhong,

The SFL high-level library is not very useful without one or more
accompanying low-level crypto token libraries.  If you were to create a
"stubbed out" SFL Crypto Token Interface Library (CTIL) that does not
actually perform any crypto functions, then you could use the SFL high-level
library in conjunction with the stubbed-out CTIL to build and process ASN.1
encoded CMS objects which include bogus signature values and which are not
actually encrypted.  This might be useful for laboratory test purposes, but
obviously it doesn't provide useful security services.

We are initially developing a SFL CTIL for the freeware Crypto++ library to
provide 3DES, D-H and DSA.  The vendor would need to download the Crypto++
freeware library from the Crypto++ Home Page
(http://www.eskimo.com/~weidai/cryptlib.html) and then compile it with the
SFL source code that is obtained from us.  This combination would provide
useful security services.

================================
John Pawling, jsp@xxxxxxxxxxxxx                             
J.G. Van Dyke & Associates, Inc.   
www.jgvandyke.com         
================================


At 01:42 PM 3/26/98 -0800, Xinhong Yuan wrote:
>Hi,
>I am a new comer to this mailing list. my question is that if I use SFL
>only and I don't care about the lower level like cti or bsafe, do I
>still have to get those libraries besides sfl?
>
>
>
>Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
>Content-Transfer-Encoding: 7bit
>Content-Description: Card for Xinhong Yuan
>Content-Disposition: attachment; filename="vcard.vcf"
>
>Attachment Converted: C:\PCE\ATTACH\vcard.vcf
>