ietf-smime
[Top] [All Lists]

v1.10 S/MIME Freeware Library Now Available

2001-04-24 13:52:38
All,

Getronics Government Solutions has delivered Version 1.10 of the 
S/MIME Freeware Library (SFL) source code.  The SFL source code files 
are freely available to everyone from the Getronics Government 
Solutions web site at <http://www.getronicsgov.com/hot/sfl_home.htm>.    

The SFL implements the IETF S/MIME v3 RFC 2630 Cryptographic Message 
Syntax (CMS) and RFC 2634 Enhanced Security Services (ESS) specifications. 
It also implements portions of the RFC 2633 Message Specification and 
RFC 2632 Certificate Handling document.  When used in conjunction with
the Crypto++ v4.1 freeware library, the SFL implements the RFC 2631 
Diffie-Hellman (D-H) Key Agreement Method specification.  It has been 
successfully tested using the MS Windows NT/98/2000, Linux and Solaris 
2.7 operating systems.  Further enhancements, ports and testing of the SFL
are 
still in process.  Further releases of the SFL will be provided as
significant 
capabilities are added. 

The SFL has been successfully used to sign, verify, encrypt and decrypt 
CMS/ESS objects using: S/MIME v3 mandatory-to-implement algorithms (DSA, E-S
D-
H, 3DES) provided by the Crypto++ v4.1 library; RSA suite of algorithms
provided 
by the RSA BSAFE v4.2 and Crypto++ v4.1 libraries; and Fortezza suite of 
algorithms provided by the Fortezza Crypto Card.  The v1.10 SFL uses the
v1.3 R6 
Enhanced SNACC ASN.1 Library to encode/decode objects. The v1.10 SFL release

includes: SFL High-level library; Free (a.k.a. Crypto++) Crypto Token
Interface 
Library (CTIL); BSAFE CTIL; Fortezza CTIL; SPEX/ CTIL; PKCS #11 CTIL; v1.3
R6
Enhanced SNACC ASN.1 Compiler and Library; test utilities; test drivers; and

test data.  All CTILs were tested as Dynamically Linked Libraries (DLL)
using
MS Windows.  The Fortezza, BSAFE and Crypto++ CTILs were tested with the 
respective security libraries as shared objects using Linux and Solaris 2.7.


The SFL has been successfully used to exchange signedData and envelopedData 
messages with the Microsoft (MS) Internet Explorer Outlook Express v4.01, 
Netscape Communicator 4.X and Entrust S/MIME v2 products.  Signed messages 
have been exchanged with the RSA S/MAIL and WorldTalk S/MIME v2 products. 

The SFL has also been used to perform S/MIME v3 interoperability testing
with 
Microsoft that exercised the majority of the features specified by RFCs 
2630, 2631 and 2634.  This testing included the RSA, mandatory S/MIME V3 and

Fortezza suites of algorithms.  We used the SFL to successfully process all
of 
the SFL-supported sample data included in the S/MIME WG "Examples of S/MIME 
Messages" document.  We also used the SFL to generate S/MIME v3 sample 
messages that were included in the "Examples" document.
We have also performed limited S/MIME v3 testing with Baltimore.  

The following enhancements are included in the v1.10 SFL and CTIL releases
(compared with the v1.9 releases):

1) Tested using common v1.3 R6 Enhanced SNACC ASN.1 Library, v1.10 CTILs 
and LIBCERT libraries shared with the v1.5 Access Control Library (ACL) 
and v1.9.1 Certificate Management Library (CML).

2) Corrected the SFL to use the id-dsa-with-sha1 object identifier for
Digital Signature Algorithm (DSA) signatures as specified in RFC 2630.

3) Corrected the SFL to properly implement the following requirement as
specified in RFC 2630, Section 12.3.1: "For key agreement of RC2 
key-encryption keys, 128 bits must be generated as input to the key 
expansion process used to compute the RC2 effective key [RC2]."  

4) Fixed bugs in CertificateBuilder test utility use of Crypto++ 4.1
to generate keys.

5) Added DSA and Secure Hash Algorithm (SHA)-256 code to Common
CTIL Class.

6) Enhanced "common CTIL" Class so that it is truly common to all 
CTILs (provides SHA-1, SHA-256, DSA and Advanced Encryption
Standard (AES)).  Modified LibCert to use "common CTIL" capability.

7) Fixes bugs in SPEX/ CTIL and Free3 CTIL.

8) Performed regression testing to ensure that aforementioned 
enhancements did not break existing SFL functionality.

The use of the v1.10 SFL is described in the v1.9 SFL Application 
Programming Interface (API) and v1.9 SDD API documents.  The v1.0 SMP 
Components Setup Manual that describes the component installation
procedures for the v1.10 SFL, v1.9.1 CML, and v1.3 R6 Enhanced SNACC
libraries.

We are still in the process of enhancing and testing the SFL.  Future 
releases will include: additional PKCS #11 CTIL testing; finish 
CertificateBuilder command line utility; enhancing 
CertificateBuilder to support creation of Attribute Certificates; 
add "Certificate Management Messages over CMS" ASN.1 encode/decode 
functions; add enhanced test routines; bug fixes; support for other 
crypto APIs (possible); and support for other operating systems. 

The SFL is developed to maximize portability to 32-bit operating 
systems.  In addition to testing on MS Windows, Linux and Solaris 2.7, 
we plan to port the SFL to the following operating systems: HP/UX 11, IBM
AIX 
3.2 (possibly), SCO 5.0 (possibly) and Macintosh (possibly).

The following SFL files are available from <http://www.GetronicsGov.com/>:

1) SFL Documents: Fact Sheet, Software Design Description, API, CTIL 
API, Software Test Description, Implementers Guide, Overview Briefing and 
Public License.     

2) smimeR1.10.tar.gz:  Source code, MS Windows NT/95/98/2000 project files
and 
Unix makefiles for SFL Hi-Level library.

3) snacc13r6rn.tar.gz (source code and binaries available from Getronics 
Enhanced SNACC web page: <http://www.getronicsgov.com/hot/snacc_home.htm>): 
Source code, MS Windows NT/95/98/2000 project files and Unix makefiles for
v1.3 R6 Enhanced SNACC ASN.1 Compiler and Library.  Source code is
compilable for Linux, Solaris 2.7 and MS Windows NT/95/98/2000 that has 
been enhanced by GGS to implement the Distinguished Encoding Rules.  This
file includes a sample test project demonstrating the use of the SNACC
classes.  

4) smCTIR1.10.tar.gz:  Source code, MS Windows NT/98/2000 project files and 
Unix makefiles for the following CTILs: Test (no crypto), Crypto++, BSAFE, 
Fortezza, SPEX/ and PKCS #11.  The CTIL source code includes PKCS #12 
software developed by the OpenSSL Project for use in the OpenSSL Toolkit
<http://www.openssl.org/>

5) smLibCR1.10.tar.gz: Source code, MS Windows NT/98/2000 project files and 
Unix makefiles for the LIBCERT library that provides ASN.1 and certificate 
processing services used by the SFL, ACL and CML.

6) smTest1.10.tar.gz: Source code, MS Windows NT/98/2000 project files and 
Unix makefiles for test drivers used to test the SFL.  This file also
includes 
sample CMS/ESS test data and test X.509 Certificates.  This file also
includes 
test utilities to create X.509 Certificates that each include 
a D-H, DSA or RSA public key.  

7) csmime.mdl contains SFL Class diagrams created using Microsoft 
Visual Modeler (comes with MS Visual Studio 6.0, Enterprise Tools).
The file can also be viewed using Rational Rose C++ Demo 4.0
45 day evaluation copy which can be obtained from
<http://www.rational.com/uml/resources/practice_uml/index.jtmpl>.
Not all classes are documented in the MDL file at this time.

All source code for the SFL is being provided at no cost and with no 
financial limitations regarding its use and distribution. 
Organizations can use the SFL without paying any royalties or 
licensing fees.  Getronics is developing the SFL under contract to the U.S. 
Government.  The U.S. Government is furnishing the SFL source code at 
no cost to the vendor subject to the conditions of the "SFL Public 
License".

On 14 January 2000, the U.S. Department of Commerce, Bureau of 
Export Administration published a new regulation implementing an update 
to the U.S. Government's encryption export policy 
<http://www.bxa.doc.gov/Encryption/Default.htm>.  In accordance with 
the revisions to the Export Administration Regulations (EAR) of 14 Jan 
2000, the downloading of the SFL source code is not password controlled.

The SFL is composed of a high-level library that performs generic CMS 
and ESS processing independent of the crypto algorithms used to 
protect a specific object.  The SFL high-level library makes calls to 
an algorithm-independent CTIL API.  The underlying, external crypto
token libraries are not distributed as part of the SFL 
source code. The application developer must independently obtain these 
libraries and then link them with the SFL.  For example, the SFL can be 
used with the freeware Crypto++ library to obtain 3DES, D-H, RSA and 
DSA. To use the SFL with Crypto++ the vendor must download the Crypto++ 
freeware library from the Crypto++ Web Page 
<http://www.eskimo.com/~weidai/cryptlib.html>
and then compile it with the GGS-developed Crypto++ CTIL source code.  
 
The National Institute of Standards and Technology (NIST) is providing 
test S/MIME messages (created by Getronics) at 
<http://csrc.nist.gov/pki/testing/x509paths.html>.  
Getronics used the SFL to successfully process the NIST test data.

The Internet Mail Consortium (IMC) has established an SFL web page
<http://www.imc.org/imc-sfl>.  The IMC has also established an SFL
mail list which is used to: distribute information regarding SFL
releases; discuss SFL-related issues; and provide a means for SFL
users to provide feedback, comments, bug reports, etc.  Subscription
information for the imc-sfl mailing list is at the IMC web site
listed above.

All comments regarding the SFL source code and documents are welcome.  
This SFL release announcement was sent to several mail lists, but 
please send all messages regarding the SFL to the imc-sfl mail list 
ONLY.  Please do not send messages regarding the SFL to any of the IETF 
mail lists.  We will respond to all messages sent to the imc-sfl mail 
list.

============================================
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
============================================ 


<Prev in Thread] Current Thread [Next in Thread>
  • v1.10 S/MIME Freeware Library Now Available, Pawling, John <=