 |
In addition to its built-in capabilities, cryptlib can make use of the crypto
capabilities of a variety of external crypto devices such as:
- Hardware crypto accelerators
- Fortezza cards
- PKCS #11 devices
- Crypto smart cards
- Hardware security modules (HSMs)
- PCI crypto cards
- Dallas iButtons
- Datakeys/iKeys
- PCMCIA crypto tokens
- USB tokens
|
|
These devices will be used by cryptlib to handle functions such as key
generation and storage, certificate creation, digital signatures, and message
en-and decryption. Typical applications include:
- Running a certification authority inside tamper-resistant hardware
- Smart-card based digital signatures
- Message encryption/decryption in secure hardware
|
|
cryptlib manages any device-specific interfacing requirements so that the
programming interface for any crypto device is identical to cryptlib's native
interface, allowing existing applications that use cryptlib to be easily and
transparently migrated to using crypto devices. The ability to mix and match
crypto devices and the software-only implementation allows appropriate
tradeoffs to be chosen between flexibility, cost, and security.
|
