S/MIME

cryptlib employs the IETF-standardised Cryptographic Message Syntax (CMS, formerly called PKCS #7) format as its native data format. CMS is the underlying format used in the S/MIME secure mail standard, as well as a number of other standards covering secure EDI and related systems like HL7 medical messaging and the Session Initiation Protocol (SIP) for services such as Internet telephony and instant messaging. As an example of its use in secure EDI, cryptlib provides security services for the Symphonia EDI messaging toolkit which is used to communicate medical lab reports, patient data, drug prescription information, and similar information requiring a high level of security.
The S/MIME implementation uses cryptlib's enveloping interface which allows simple, rapid integration of strong encryption and authentication capabilities into existing email agents and messaging software. The resulting signed enveloped data format provides message integrity and origin authentication services, the encrypted enveloped data format provides confidentiality. In addition cryptlib's S/MIME implementation allows external services such as trusted timestamping authorities (TSAs) to be used when a signed message is created, providing externally-certified proof of the time of message creation. The complexity of the S/MIME format means that the few other toolkits that are available require a high level of programmer knowledge of S/MIME processing issues. In contrast cryptlib's enveloping interface makes the process as simple as pushing raw data into an envelope and popping the processed data back out, a total of three function calls, plus one more call to add the appropriate encryption or signature key.
Alongside the PKCS #7/CMS/SMIME formats, cryptlib supports the PGP/OpenPGP message format, allowing it to be used to send and receive PGP-encrypted email and data. As with the S/MIME implementation, the PGP implementation uses cryptlib's enveloping interface to allow simple, rapid integration of strong encryption and authentication capabilities into existing email agents and messaging software. Since the enveloping interface is universal, the process involved in creating PGP and S/MIME messages is identical except for the envelope format specifier, allowing a one-off development effort to handle any secure message format.
The complexity of the S/MIME and PGP/OpenPGP formats means that the few other toolkits that are available require a high level of programmer knowledge of S/MIME and PGP/OpenPGP processing issues. In contrast cryptlib's enveloping interface makes the process as simple as pushing raw data into an envelope and popping the processed data back out, a total of three function calls, plus one more call to add the appropriate encryption or signature key. The code to create an S/MIME signed message is as follows:

  CRYPT_ENVELOPE cryptEnvelope;
  int bytesCopied;

  cryptCreateEnvelope( &cryptEnvelope, CRYPT_FORMAT_SMIME );

  /* Push in the signing key */
  cryptSetAttribute( cryptEnvelope, CRYPT_ENVINFO_SIGNATURE, sigKeyContext );

  /* Push in the data and pop out the processed data */
  cryptPushData( cryptEnvelope, data, dataLength, &bytesCopied );
  cryptFlushData( cryptEnvelope );
  cryptPopData( cryptEnvelope, processedData, processedDataBufsize, &bytesCopied );

  cryptDestroyEnvelope( cryptEnvelope );
To encrypt instead of signing, change the second function call to:

  /* Push in the certificate */
  cryptSetAttribute( cryptEnvelope, CRYPT_ENVINFO_PUBLICKEY, certificate );
That's all that's necessary (you can copy this code directly into your application to S/MIME-enable it). To do the same for PGP/OpenPGP, just change the CRYPT_FORMAT_SMIME to CRYPT_FORMAT_PGP.