MD5Shield Plug-in for Microsoft Windows
MD5Shield is a revocation status provider for applications that use Microsoft Crypto API (CAPI) for certification path processing. Applications call CAPI to validate a certificate. CAPI calls revocation status providers to determine if a certificate is revoked. Typically, revocation status providers use either an Online Certificate Status Protocol (OCSP) response or a certificate revocation list (CRL) to determine the status of the certificate presented by CAPI and return an indication that the certificate is not revoked, the certificate is revoked or the status could not be determined.
MD5Shield does not determine the revocation status of certificates. Instead, it parses the certificate presented by CAPI and determines if the certificate was signed using either MD2 with RSA encryption or MD5 with RSA encryption. If the certificate was signed using one of these algorithms, MD5Shield reports the status of the certificate as revoked, causing the CAPI-enabled application to not rely upon the certificate. If the certificate is not signed using one of these algorithms, MD5Shield reports the status of the certificate as unknown, allowing other revocation status providers to act.
Note: In order for MD5Shield to be used, revocation status checking must be enabled. Here’s where the setting is located for Internet Explorer:
Download MD5Shield and its source code from sourceforge (License).
Send questions or comments to pkif_support AT cygnacom DOT com.