S/MIME

cryptlib employs the IETF-standardised Cryptographic Message Syntax (CMS, formerly called PKCS #7) format as its native data format. CMS is the underlying format used in the S/MIME secure mail standard, as well as a number of other standards covering secure EDI and related systems like HL7 messaging. As an example of its use in secure EDI, cryptlib provides security services for the Sypmhonia EDI messaging toolkit which is used to communicate medical lab reports, patient data, drug prescription information, and similar information requiring a high level of security.
Unlike most other implementations, cryptlib's RSA-certified S/MIME implementation provides full-strength encryption and signatures (typically 2048-bit RSA combined with triple DES encryption) by default, providing a much higher level of security than the default 40-bit RC2 found in mail software like Netscape and Outlook Express, for which a simple Windows screen saver can break the encryption.
The S/MIME implementation uses cryptlibs enveloping interface which allows simple, rapid integration of strong encryption and authentication capabilities into existing email agents and messaging software. The resulting signed data format provides message integrity and origin authentication services, the enveloped data format provides confidentiality.
The complexity of the S/MIME format means that the few other toolkits which are available require a high level of programmer knowledge of S/MIME processing issues. In contrast cryptlib's enveloping interface makes the process as simple as pushing raw data into an envelope and popping the processed data back out, a total of three function calls, plus one more call to add the appropriate encryption or signature key. The code to create an S/MIME signed message is as follows:

  CRYPT_ENVELOPE cryptEnvelope;
  int bytesCopied;

  cryptCreateEnvelopeEx( &cryptEnvelope, CRYPT_FORMAT_SMIME, CRYPT_UNUSED );

  /* Push in the signing key */
  cryptAddEnvComponentNumeric( cryptEnvelope, CRYPT_ENVINFO_SIGNATURE, sigKeyContext );

  /* Push in the data and pop out the processed data */
  cryptPushData( cryptEnvelope, data, dataLength, &bytesCopied );
  cryptPushData( cryptEnvelope, NULL, 0, NULL );
  cryptPopData( cryptEnvelope, processedData, processedDataBufsize, &bytesCopied );

  cryptDestroyEnvelope( cryptEnvelope );
To encrypt insteadof sign, change the second function call to:

  /* Push in the certificate */
  cryptAddEnvComponentNumeric( cryptEnvelope, CRYPT_ENVINFO_PUBLICKEY, certificate );
That's all that's necessary (you can copy this code directly into your application to S/MIME-enable it).

cryptlib Information / Peter Gutmann / pgut001@cs.auckland.ac.nz
Information last updated 25 May 1999