Points of particular importance are highlighted using the graphic to
the left.PKIFv2 is a C++ software library designed to simplify the task of adding PKI support to applications. PKIFv2 provides application developers a set of extensible classes that perform or provide an interface to a variety of PKI-related functionality, including:
· Cryptographic message creation and processing (CMS)
· Certification path development and validation
· Certificate and CRL storage and retrieval (LDAP, CAPI certificate stores)
· Revocation status determination (CRLs, OCSP)
· Message digest generation (MD5, SHA-1, SHA-256, SHA-384, SHA-512)
· Hash message authentication code (HMAC-SHA-1, HMAC-SHA-256)
· Random number generation
· Digital signature generation and verification (RSA, DSA)
· Data encryption and decryption (RSA, Triple DES, DES, AES128, AES192, AES256)
· OCSP request generation and response processing
* AES128, AES192, AES256, SHA-256, SHA-384, SHA-512, HMAC-SHA-1, HMAC-SHA-256 are only supported when using Netscape Security Services
Extensions to the basic PKIFv2 library are available to provide the following functionality:
· TSP request generation and response processing (RFC 3161)
· Simple GUI elements using PKIFv2 components
This PKIF help guide is intended for application developers, system administrators who are using PKIFv2 to PK-enable an application or administering a machine with PKIF installed in their administrative capacity. It provides instruction regarding installation, build environment configuration, a comprehensive reference book and sample code.
Points of particular importance are highlighted using the graphic to
the left.
PKIFv2 is currently undergoing a Common Criteria evaluation. The PKIFv2 distribution package includes material that is outside the evaluated configuration. The following components, and their constituent parts, are not part of the target of evaluation:
PKIFv2 contains over 2000 external interfaces however the evaluated interface for PKIFv2 is provided in the following list: TSFI. Applications may use other interfaces provided by PKIFv2, without adversely affecting the PKIFv2 security functionality.
Application security note: PKIFv2 does not provide complete protection to the application. An application must use the IT environment and sound programming to protect itself. For example, the PKIFv2 DLLs (Windows) and PKIF LIB files (other platforms) must be located such that the application cannot be attacked by replacing PKIFv2 files with a Trojan.