[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
v1.56 Certificate Management Library
J. G. Van Dyke and Associates (VDA), a Wang Government Services Company, has
delivered the Government-Furnished Version 1.56 Certificate Management
Library (CML). The primary difference between the v1.55 and v1.56 CML is
that the v1.56 CML has been tested using the Solaris 2.6 and Linux operating
systems in addition to MS Windows. The v1.56 CML was tested using MS
Windows with the Crypto Token Interface Libraries (CTIL) Dynamically Linked
Libraries (DLL) for the following crypto libraries: RSA BSAFE v3.0, Crypto++
v3.1, Fortezza Cryptologic Interface (CI) v1.52b and Spyrus SPEX/ v1.52b
Release 7b. The v1.56 CML was tested using Solaris 2.6 with the CTILs as
shared objects for the RSA BSAFE v3.0 and Fortezza CI v1.52b libraries. The
v1.56 CML was also tested using Linux, but no CTILs have been tested using
The v1.56 CML is described in the v1.5 CM Application Programming Interface
(API) document. It implements the 1997 X.509 certification path processing
rules and meets SDN.706 requirements. It (optionally) provides local cache
management functions and (optionally) obtains data objects using LDAP v2.
It can (optionally) be used in conjunction with the v1.31 Certificate Path
Development Library (CPDL) developed by CygnaCom Solutions to provide robust
certification path building capabilities such as using cross certificates.
The CML has been used to validate X.509 Certificates and Certificate
Revocation Lists (CRL) signed using Digital Signature Algorithm (DSA) and
RSA. Further enhancements, ports and testing of the CML are still in
process. Further releases of the CML will be provided as significant
capabilities are added.
The v1.56 CML software (including source code and libraries)
(CMLibv1_56.zip), API document (CMv1_5api.doc, CMv1_5api.pdf), test certs
(CM155data.zip) and readme.txt files are stored on the Fortezza Developers
welcomes all feedback regarding the CML software and documents. If bugs are
reported, then VDA will investigate each reported bug and, if required, will
produce a patch or an updated release of the software to repair the bug.
All source code for the CML is being provided at no cost and with no
financial limitations regarding its use and distribution. Organizations can
use the CML without paying any royalties or licensing fees. The CML was
originally developed by the U.S. Government. VDA is enhancing and
supporting the CML under contract to the U.S. Government. The U.S.
Government is furnishing the CML software at no cost to the vendor subject
to the conditions of the CML Public License provided with the CML software.
The CML software is not subject to U.S. Government encryption export
regulations, so it is freely available to everyone.
The v1.56 CML uses the VDA-enhanced SNACC v1.3 ASN.1 Library to
encode/decode objects. VDA has successfully tested the v1.56 CML with the
SNACC and CTIL DLLs delivered in conjunction with the v1.3 S/MIME Freeware
Library available from Fortezza Developer's S/MIME Page
(http://www.armadillo.huntsville.al.us/software/smime). Source code for the
VDA-developed CTILs is available from the Fortezza Developer's S/MIME Page.
The actual crypto libraries are not provided with the CML. They must be
independently obtained from the appropriate source.
The v1.56 CML has been used in conjunction with the v1.31 CPDL to
successfully meet all of the requirements of the Bridge Certification
Authority (CA) Demonstration effort which includes cross-certified Entrust,
Spyrus and Motorola v3 certificate domains. The CML/CPDL successfully
constructed and verified a variety of v3 certification paths including
cross-certificates between the domains. The CMLibv1_56.zip file includes
the CPDL source code and public license. http://www.cygnacom.com/cpl
provides more information regarding the CPDL.
John Pawling, Director - Systems Engineering
J.G. Van Dyke & Associates, Inc;
a Wang Government Services Company