The best way to illustrate what cryptlib can do is with an example. The following code digitally signs a message and then encrypts it using a mixture of public-key and conventional encryption.

  /* Create an envelope for the message */
  cryptCreateEnvelope( &cryptEnvelope );

  /* Push in the message recipients name and our own signature key */
  cryptAddResourceNumeric( cryptEnvelope, CRYPT_ENVELOPE_RECIPIENT, recipientName );
  cryptAddResourceNumeric( cryptEnvelope, CRYPT_ENVELOPE_SIGNATURE, signatureKey );

  /* Push in the message data and pop out the signed and encrypted result */
  cryptPushData( cryptEnvelope, message, messageSize, &bytesIn );
  cryptPopData( cryptEnvelope, encryptedMessage, encryptedSize, &bytesOut );

  /* Clean up */
  cryptDestroyEnvelope( cryptEnvelope );

This performs the same task as a program like PGP, using just 6 function calls. All data management is handled automatically by cryptlib, so there's no need to worry about encryption modes and algorithms and keylengths and key types and initialisation vectors and other details (although cryptlib provides the ability to specify all this if you feel the need).

The code shown above results in cryptlib performing the following actions:

• Hash the message using the default hash algorithm (usually SHA-1).
• Sign the hash using the given signature key.
• Generate a random session key for the default encryption algorithm (usually triple DES).
• Look up the recipients public key in the key database.
• Encrypt the session key using the receipients public key.
• Encrypt the signed data with the session key.
• Pass the result back to the user.