[Top] [All Lists]

v1.6 S/MIME Freeware Library & Mail List

2000-04-12 13:15:10

J.G. Van Dyke and Associates (VDA), a Wang Government Services Company, has 
delivered Version 1.6 of the S/MIME Freeware Library (SFL) source code and 
Application Programming Interface (API).  The SFL source code files are 
freely available to everyone from the Fortezza Developer's S/MIME Page

The SFL implements the IETF S/MIME v3 RFC 2630 Cryptographic Message 
Syntax (CMS) and RFC 2634 Enhanced Security Services (ESS) specifications. 
It also implements portions of the RFC 2633 Message Specification and 
RFC 2632 Certificate Handling document.  When used in conjunction with
the Crypto++ freeware library, the SFL implements the RFC 2631 
Diffie-Hellman (D-H) Key Agreement Method specification.  It has been 
successfully tested using the MS Windows NT/95/98 and Solaris 2.7 operating 
systems.  Further enhancements, ports and testing of the SFL are still in 
process.  Further releases of the SFL will be provided as significant 
capabilities are added. 

The SFL has been successfully used to sign, verify, encrypt and decrypt
objects using: S/MIME v3 mandatory-to-implement algorithms (DSA, E-S D-H,
provided by the Crypto++ 3.1 library; RSA suite of algorithms provided by
RSA BSAFE v4.2 and Crypto++ 3.1 libraries; and Fortezza suite of algorithms 
provided by the Fortezza Crypto Card.  The SFL uses the VDA-enhanced SNACC
ASN.1 C++ Library to encode/decode objects. The v1.6 SFL release includes:
High-level library; Free (a.k.a. Crypto++) Crypto Token Interface Library
BSAFE CTIL; Fortezza CTIL; SPEX/ CTIL; PKCS #11 CTIL (still being tested);
enhanced GNU SNACC v1.3 rev 0.07 ASN.1 Compiler and C++ Library; test
test drivers and test data.  All CTILs were tested as Dynamically Linked 
Libraries (DLL) using MS Windows.  The Fortezza, BSAFE and Crypto++ CTILs
tested with the respective security libraries as shared objects using
Solaris 2.7.  

The SFL has been successfully used to exchange signedData and envelopedData 
messages with the Microsoft (MS) Internet Explorer Outlook Express v4.01 and

Netscape Communicator 4.X S/MIME v2 products.  Signed messages have been 
exchanged with the RSA S/MAIL, WorldTalk and Entrust S/MIME v2 products. 

The SFL has also been used to perform S/MIME v3 interoperability testing
Microsoft that exercised the majority of the features specified by RFCs
2631 and 2634.  This testing included the RSA, mandatory S/MIME V3 and
suites of algorithms.  We have also performed limited S/MIME v3 testing with

Baltimore and Entrust.  

The following enhancements are included in the v1.6 SFL release (compared
the v1.5 release):

1) We used the SFL to successfully process all of the SFL-supported sample
data included in the S/MIME WG "Examples of S/MIME Messages" document.  We
also used the SFL to construct sample data (such as signed receipts) to be
added to the document. We automated this SFL testing (through the use of
test drivers and configuration files) so that it can be easily repeated and
modified by us or independently by a third party.  We developed sample
objects that illustrate each feature in the Examples document that the SFL
supports.  This self-contained environment uses the specified certificates
(DSA, RSA, and DH) in the login as described in the document.  This
directory resides in "./smimeR1.6/test/specMatrix.d/CMS_Examples.d"; the
binaries are named as in the document (e.g. 5.4.bin, etc.).  The config
files used to generate these examples are in the "config.d" subdirectory.
The certificate build config files are in the "certs.d/config.d"

2) We successfully completed RFC 2634 signed receipt interoperability
testing between the SFL and
Microsoft.  We added a check to the SFL to ensure that the application
always includes in the receiptRequest attribute a receiptsTo e-mail address
to which the signed receipt is to be sent.

3) We verified that the SFL can produce and process the SFL-supported
features documented in the S/MIME v3 interoperability matrices created by
Jim Schaad.  We automated this SFL testing so that it can be easily repeated
and modified by us or independently by a third party.  We have developed
sample objects that illustrate each feature in the matrix that the SFL
supports.  We updated the Interop.xls document (contained in the
"./smimeR1.6/test/specMatrix.d" subdirectories) to indicate the testing
performed using the SFL.  Within this document, each feature row contains a
reference to a binary file in the "CMS_Examples.d" directory that
demonstrates that feature if applicable.  These additional file names are
preceded by the name "ExInterop..." to distinguish them from the
"examples-03.txt" example binaries.

4) Fixed a number of bugs in the SFL and test drivers found during the
aforementioned interoperability testing.  Features improved in the SFL
include: proper SignedData and SignerInfo version numbers;
creating/processing encrypted messages without a User Key Material (UKM);
added SubjectKeyIdentifier (SKI) processing in SignedData and EnvelopedData
(Originator only, the RecipientInfos automatically use SKI for Fortezza/SPEX
CTILs); and EnvelopedData unprotectedAttrs from the test config file.  We
also corrected the following bugs in the test driver/configuration files
used to create X.509 Certificates for SFL testing: corrected inconsistent
UTC and General Time Dates; included dates past 1999; corrected object
identifiers (OID) for algorithms; and regenerated certificates to include
unsigned integers.
5) List template processing has been fixed to use the same "CSM_ListC"
template from the common libCert DLL.  The old convention required a new
name for this list class in each DLL; the new convention uses the same
CSM_ListC template class from libCert.  This forces the compiler to build
the logic for the actual class lists uniquely in the new DLL (see references
to CSM_ListC in the SFL for an example).  This simplifies the list logic in
support libraries and any new user libraries interested in using the list

6) CertificateBuilder utility has been improved in functionality and tested
more thoroughly.  This utility can view, edit, and create certificates
(including extensions) as well as generate a variety of public/private keys
for processing by the SFL.  A new command line CertificateBuilderCL has been
created (it does not yet allow the building of keys, private or public).
The command line utility has not yet been tested on Unix.

7) Tested SFL with the C++ version of the SNACC ASN.1 library enhanced to
support PrintableString, TeletexString, NumericString, IA5String,
VisibileString, BMPString, UniversalString and UTF8String character string
types.  We added an optional function to SNACC to convert ASN.1 OCTET
STRINGs to single- or multi-byte character strings (as appropriate).  

8) Developed new test code and configuration files to implement test cases;

9) Performed regression testing to ensure that aforementioned enhancements
not break existing SFL functionality.

We are still in the process of enhancing and testing the SFL.  Future
will include: completion of PKCS #11 CTIL testing; SPEX/ CTIL 
encrypt/decrypt/ESDH capabilities; finish CertificateBuilder command line 
utility; enhancing CertificateBuilder to support creation of Attribute 
Certificates; modify PKCS #12 code in test utilities to provide
interoperable key 
storage; add MIME support for test drivers; add "Certificate Management 
Messages over CMS" ASN.1 encode/decode functions; add enhanced test
bug fixes; support for other crypto APIs (possible); and support for other
operating systems. 

The SFL is developed to maximize portability to 32-bit operating 
systems.  In addition to testing on MS Windows and Solaris 2.7, we plan to
the SFL to the following operating systems: Linux, HP/UX 11, IBM AIX 3.2 
(possibly), SCO 5.0 (possibly) and Macintosh (possibly).

The following SFL files are available from the Fortezza Developer's S/MIME

1) SFL Documents: Fact Sheet, Software Design Description, API, CTIL API, 
Software Test Description, Implementers Guide, Overview Briefing and Public 
2) Zip file containing SNACC v1.3 rev 0.07 ASN.1 Compiler
C++ Library source code compilable for Unix and MS Windows NT/95/98/2000
that has been 
enhanced by VDA to implement the Distinguished Encoding Rules and to support
multiple-byte character strings.  Project files and makefiles are included. 
This file includes a sample test project demonstrating the use of the SNACC

3)  Zip file containing all SFL source code including: 
SFL Hi-Level source code; VDA-enhanced SNACC-generated ASN.1 source 
code; project files.  This file also contains test driver source code, 
sample CMS/ESS test data and test X.509 Certificates.  This file also 
includes test utilities to create X.509 Certificates that each include 
a D-H, DSA or RSA public key.  SNACC release and debug libraries
are compiled for MS Windows NT/95/98/2000. MS Windows NT/95/98/2000
project files and Unix makefiles are included for the SNACC code and

4)  Source code for the following CTILs: Test (no crypto), 
Crypto++, BSAFE, Fortezza, SPEX/ and PKCS #11.  The Win95/98/NT/2000
projects are 
also included.  (NOTE: The Free (a.k.a. Crypto++) CTIL includes
source code to use the RSA public key algorithm implemented within the
Crypto++ library.  As with all of the external crypto token libraries, the 
Crypto++ library is not distributed as part of the SFL source code.  
To use the Crypto++ library with the SFL, the application developer must 
independently obtain the Crypto++ library from the Crypto++ Web Page 
<> and then compile it with 
the VDA-developed Crypto++ CTIL source code.  The RSA public key 
algorithm is covered by U.S. Patent 4,405,829 "Cryptographic Communication 
System and Method".  Within the U.S., users of the RSA public key algorithm 
provided by the external Crypto++ library must obtain a license from RSA 
granting them permission to use the RSA algorithm.)

5) csmime.mdl contains SFL Class diagrams created using Microsoft 
Visual Modeler (comes with MS Visual Studio 6.0, Enterprise Tools).
The file can also be viewed using Rational Rose C++ Demo 4.0
45 day evaluation copy which can be obtained from
Not all classes are documented in the MDL file at this time.

All source code for the SFL is being provided at no cost and with no 
financial limitations regarding its use and distribution. 
Organizations can use the SFL without paying any royalties or 
licensing fees.  VDA is developing the SFL under contract to the U.S. 
Government.  The U.S. Government is furnishing the SFL source code at no 
cost to the vendor subject to the conditions of the "SFL Public 
License" available from the VDA SFL Page and Fortezza Developer's 
S/MIME Page.

On 14 January 2000, the U.S. Department of Commerce, Bureau of 
Export Administration published a new regulation implementing an update to
the U.S. Government's encryption export policy 
<>.  In accordance with the 
revisions to the Export Administration Regulations (EAR) of 14 Jan 2000,
the downloading of the SFL source code is not password controlled.

The SFL is composed of a high-level library that performs generic CMS 
and ESS processing independent of the crypto algorithms used to 
protect a specific object.  The SFL high-level library makes calls to 
an algorithm-independent CTIL API.  The underlying, external crypto
token libraries are not distributed as part of the SFL 
source code. The application developer must independently obtain these 
libraries and then link them with the SFL.  For example, the SFL uses 
the freeware Crypto++ library to obtain 3DES, D-H and DSA.  To use 
the SFL with Crypto++ the vendor must download the Crypto++ freeware 
library from the Crypto++ Web Page and then compile it with the  
VDA-developed Crypto++ CTIL source code.  

The Internet Mail Consortium (IMC) has established an SFL web page
<>.  The IMC has also established an SFL
mail list which is used to: distribute information regarding SFL
releases; discuss SFL-related issues; and provide a means for SFL
users to provide feedback, comments, bug reports, etc.  Subscription
information for the imc-sfl mailing list is at the IMC web site
listed above.

All comments regarding the SFL source code and documents are welcome. 
We recommend that comments should be sent to the imc-sfl mail list.  
We will respond to all messages on that list.

John Pawling, Director - Systems Engineering
J.G. Van Dyke & Associates, Inc;
a Wang Government Services Company

<Prev in Thread] Current Thread [Next in Thread>
  • v1.6 S/MIME Freeware Library & Mail List, Pawling, John <=