[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
v1.5 SFL Freely Available to All!!
J.G. Van Dyke and Associates (VDA), a Wang Government Services Company, has
delivered Version 1.5 of the S/MIME Freeware Library (SFL) source code and
Application Programming Interface (API). The SFL source code files are
freely available to everyone from the Fortezza Developer's S/MIME Page
<http://www.armadillo.huntsville.al.us/software/smime> (with no password
control). On 14 January 2000, the U.S. Department of Commerce, Bureau of
Export Administration published a new regulation implementing an update to
the U.S. Government's encryption export policy
<http://www.bxa.doc.gov/Encryption/Default.htm>. In accordance with the
revisions to the Export Administration Regulations (EAR) of 14 Jan 2000,
the downloading of the SFL source code is no longer password controlled.
The SFL implements the IETF S/MIME v3 RFC 2630 Cryptographic Message
Syntax (CMS) and RFC 2634 Enhanced Security Services (ESS) specifications.
It also implements portions of the RFC 2633 Message Specification and
RFC 2632 Certificate Handling document. When used in conjunction with
the Crypto++ freeware library, the SFL implements the RFC 2631
Diffie-Hellman (D-H) Key Agreement Method specification. It has been
successfully tested using the MS Windows NT/95/98 and Solaris 2.7 operating
systems. Further enhancements, ports and testing of the SFL are still in
process. Further releases of the SFL will be provided as significant
capabilities are added.
The SFL has been successfully used to sign, verify, encrypt and decrypt
objects using: S/MIME v3 mandatory-to-implement algorithms (DSA, E-S D-H,
provided by the Crypto++ 3.1 library; RSA suite of algorithms provided by
RSA BSAFE v4.2 and Crypto++ 3.1 libraries; and Fortezza suite of algorithms
provided by the Fortezza Crypto Card. The SFL uses the VDA-enhanced SNACC
ASN.1 Library to encode/decode objects. The v1.5 SFL release includes: SFL
level library; Free (a.k.a. Crypto++) Crypto Token Interface Library (CTIL);
BSAFE CTIL; Fortezza CTIL; SPEX/ CTIL; PKCS #11 CTIL (still being tested);
enhanced GNU SNACC v1.3 rev 0.07 ASN.1 Compiler and Library; test utilities;
test drivers and test data. All CTILs were tested as Dynamically Linked
Libraries (DLL) using MS Windows. The Fortezza, BSAFE and Crypto++ CTILs
tested with the respective security libraries as shared objects using
The SFL has been successfully used to exchange signedData and envelopedData
messages with the Microsoft (MS) Internet Explorer Outlook Express v4.01 and
Netscape Communicator 4.X S/MIME v2 products. Signed messages have been
exchanged with the RSA S/MAIL, WorldTalk and Entrust S/MIME v2 products.
The SFL has also been used to perform S/MIME v3 interoperability testing
Microsoft that exercised the majority of the features specified by RFCs
2631 and 2634. This testing included the RSA, mandatory S/MIME V3 and
suites of algorithms. We have also performed limited S/MIME v3 testing with
Baltimore and Entrust. We are also participating in the IETF S/MIME WG
interoperability testing documented in the "Examples of S/MIME Messages"
document. We have used the SFL to successfully process all of the correct
signedData and envelopedData messages included in the document. We are
continuing to set up test config files to use the SFL to test the other
included in the document such as signed receipts. We also plan to provide
sample messages for inclusion in the document.
The following enhancements are included in the v1.5 SFL release (compared
the v1.4 release):
1) SNACC: Fixed ASN.1 INTEGER bug in which one-byte values were improperly
2) Fixed many memory leaks;
3) Full CounterSignature test suite (autohiAllSFLd.cfg);
4) CertificateBuilder utility generates private/public key pairs and
certificates (there is a "README.txt" file in the root directory regarding
5) PKCS #11 CTIL project (SFL integrators need to separately obtain a PKCS
crypto library, but this project provides a good template for PKCS #11). We
are still testing the PKCS #11 CTIL.
6) Developed new test code and configuration files to implement test cases;
7) Performed regression testing to ensure that aforementioned enhancements
not break existing SFL functionality.
We are still in the process of enhancing and testing the SFL. Future
will include: completion of PKCS #11 CTIL testing; SPEX/ CTIL
encrypt/decrypt/ESDH capabilities; finish CertificateBuilder command line
utility; modify PKCS #12 code in test utilities to provide interoperable key
storage; add "Certificate Management Messages over CMS" ASN.1 encode/decode
functions; add enhanced test routines; bug fixes; support for other crypto
(possible); and support for other operating systems.
The SFL is developed to maximize portability to 32-bit operating
systems. In addition to testing on MS Windows and Solaris 2.7, we plan to
the SFL to the following operating systems: Linux, HP/UX 11, IBM AIX 3.2
(possibly), SCO 5.0 (possibly) and Macintosh (possibly).
The following SFL files are available from the Fortezza Developer's S/MIME
1) SFL Documents: Fact Sheet, Software Design Description, API, CTIL API,
Software Test Description, Implementers Guide, Overview Briefing and Public
2) snacc1_5VDA.zip: Zip file containing SNACC v1.3 rev 0.07 ASN.1 Compiler
Library source code compilable for Unix and MS Windows NT/95/98 that has
enhanced by VDA to implement the Distinguished Encoding Rules. Project
and makefiles are included. This file includes a sample test project
demonstrating the use of the SNACC classes.
3) smimeR15.zip: Zip file containing all SFL source code including:
SFL Hi-Level source code; VDA-enhanced SNACC-generated ASN.1 source
code; project files. This file also contains test driver source code,
sample CMS/ESS test data and test X.509 Certificates. This file also
includes test utilities to create X.509 Certificates that each include
a D-H, DSA or RSA public key. SNACC release and debug libraries
are compiled for MS Windows NT/95/98. MS Windows NT/95/98
project files and Unix makefiles are included for the SNACC code and
4) smR15CTI.zip: Source code for the following CTILs: Test (no crypto),
Crypto++, BSAFE, Fortezza, SPEX/ and PKCS #11. The Win95/98/NT projects are
also included. (NOTE: The Free (a.k.a. Crypto++) CTIL includes
source code to use the RSA public key algorithm implemented within the
Crypto++ library. As with all of the external crypto token libraries, the
Crypto++ library is not distributed as part of the SFL source code.
To use the Crypto++ library with the SFL, the application developer must
independently obtain the Crypto++ library from the Crypto++ Web Page
<http://www.eskimo.com/~weidai/cryptlib.html> and then compile it with
the VDA-developed Crypto++ CTIL source code. The RSA public key
algorithm is covered by U.S. Patent 4,405,829 "Cryptographic Communication
System and Method". Within the U.S., users of the RSA public key algorithm
provided by the external Crypto++ library must obtain a license from RSA
granting them permission to use the RSA algorithm.)
5) csmime.mdl contains SFL Class diagrams created using Microsoft
Visual Modeler (comes with MS Visual Studio 6.0, Enterprise Tools).
The file can also be viewed using Rational Rose C++ Demo 4.0
45 day evaluation copy which can be obtained from
Not all classes are documented in the MDL file at this time.
All source code for the SFL is being provided at no cost and with no
financial limitations regarding its use and distribution.
Organizations can use the SFL without paying any royalties or
licensing fees. VDA is developing the SFL under contract to the U.S.
Government. The U.S. Government is furnishing the SFL source code at no
cost to the vendor subject to the conditions of the "SFL Public
License" available from the VDA SFL Page and Fortezza Developer's
The SFL is composed of a high-level library that performs generic CMS
and ESS processing independent of the crypto algorithms used to
protect a specific object. The SFL high-level library makes calls to
an algorithm-independent CTIL API. The underlying, external crypto
token libraries are not distributed as part of the SFL
source code. The application developer must independently obtain these
libraries and then link them with the SFL. For example, the SFL uses
the freeware Crypto++ library to obtain 3DES, D-H and DSA. To use
the SFL with Crypto++ the vendor must download the Crypto++ freeware
library from the Crypto++ Web Page and then compile it with the
VDA-developed Crypto++ CTIL source code.
The Internet Mail Consortium (IMC) has established an SFL web page
<http://www.imc.org/imc-sfl>. The IMC has also established an SFL
mail list which is used to: distribute information regarding SFL
releases; discuss SFL-related issues; and provide a means for SFL
users to provide feedback, comments, bug reports, etc. Subscription
information for the imc-sfl mailing list is at the IMC web site
The SFL documents and VDA-enhanced SNACC source code are also
available from the VDA SFL Web Page
All comments regarding the SFL source code and documents are welcome.
We recommend that comments should be sent to the imc-sfl mail list.
We will respond to all messages on that list.
John Pawling, Director - Systems Engineering
J.G. Van Dyke & Associates, Inc;
a Wang Government Services Company