| The Open–source PKI Book: A guide to PKIs and Open–source Implementations | ||
|---|---|---|
| Prev | Chapter 8. Supported Crypto hardware and Software architectures | Next |
CDSA eases the process of adding security to software products. By writing to one common API, a software developer can add authentication services (such as smart card readers), encryption services (such as DES) and the ability to manage security processes (key recovery, export restrictions, prevention of attacks on the internal software pieces).
CDSA is a specification developed by Intel and the current version, version 2 has been adopted by the The Open Group, which is an API standards organisation. The CDSA standard is available in hard–copy and electronic form (HTML and PDF) from the Common Security: CDSA and CSSM, Version 2 (with corrigenda) page at the The Open Group website.
Currenly, the source code for CDSA is available for the Windows platform. Intel and Bull are developing a Linux port of CDSA and it is expected that it will be available in September 2000.
In order for CDSA to be usable in Linux, it needs software cryptographic support for symmetric and asymmetric cryptographic algorithms. For the previous version of CDSA, version 1.2, there was no publicly available cryptographic support or Cryptographic Service Provider (CSP) as it is called. CSP can come in two flavours, hardware implementation on an expansion card or a software version. For development purposes, it is important to have at least a software version.
CDSA has adaptation layers to use existing CSPs and it is possible, in the case there is no native CDSA CSP for Linux, to use one that has OpenSSL as the backend. Such a CSP based on OpenSSL was announced on the Jonah mailling list, however the correspondance e–mail to the free e–mail account does not seem to be active.