S/MIME Freeware Library	13 March 1998
	Fact Sheet


	What:  	The “S/MIME Freeware Library” (SFL) is a reference implementation of the new MSP-
enhanced S/MIME security protocol entitled the Cryptographic Message Syntax (CMS). CMS 
is based on the Public Key Cryptography Standard #7 specification.  In conjunction with 
CMS, the SFL will fully implement the Enhanced Security Services (ESS) for S/MIME that 
will provide Message Security Protocol (MSP)-equivalent security features including signed 
receipts, security labels, algorithm independence and mail list information.  It is anticipated 
that the Internet Engineering Task Force (IETF) will adopt CMS and ESS as Internet standard 
specifications.  The SFL will support both commercial and government algorithms.

The SFL will implement the following IETF standards:
? S/MIME Version 3 Message Specification
? S/MIME Version 3 Certificate Handling Specification
? Cryptographic Message Syntax
? Enhanced Security Services for S/MIME
 
 	Availability:	An interim release of the SFL is scheduled to be available 31 March 1998.  Further releases 
will be provided as significant capabilities are added.  The target for completion of the SFL is 
June 1998.  Full source and object code for the SFL will be distributed at no cost and with no 
limitations regarding its use and distribution.  The stability of the S/MIME v3 set of 
specifications is a prerequisite for meeting this delivery goal.  The SFL will be delivered for 
the following operating systems:
? Microsoft Windows 95
? Microsoft Windows NT
? Sun OS 4.1.3
? Sun Solaris 2.6
? HP/UX 9.x/10.x (tentatively)
? SCO ODT 3.0/5.0 (tentatively)
? IBM AIX 3.2 (tentatively)
? Apple Macintosh (tentatively)
 
 	Features:	Support for all the optional security features from MSP including:
? Signed receipts – provides signed proof of delivery (similar to registered mail).
? Security labels – provides the capability to label messages with a sensitivity label (i.e., 
confidential, secret, or company proprietary).
? Mail lists – provides the capability to allow mail lists to expand secure messages.
? Algorithm independence – supports Diffie-Hellman (DH) algorithm and Key Exchange 
Algorithm (KEA)
 
 No license or royalty fees:  All source code for the SFL will be provided at no cost and with 
no limitations regarding its use and distribution.  Companies or government organizations 
will be able to use the SFL as part of their applications without paying any royalties or 
licensing fees.  The SFL will use the GNU SNACC freeware Abstract Syntax Notation.1 
(ASN.1) compiler and library.
 
 Supports multiple cryptographic algorithms:  The SFL will support both commercial and 
government algorithms, including SHA-1, DSA, RSA, RC2, DES, DESX, Triple DES, DH, 
MD2, MD5, Skipjack, and KEA.  The SFL will support multiple cryptographic libraries 
including Crypto++, BSAFE and the FORTEZZA library.
 
 High-Level Design:  The SFL will provide both a C and C++ language interface to the 
Application.  The interface to the SFL will be a “high-level” Application Programming 
Interface (API) that will isolate the application from the details of the S/MIME security 
processing.  The API will be kept to a minimum number of powerful functions to perform the 
required S/MIME security services.  ASN.1 encoded objects will be exchanged between the 
Application and SFL to minimize the dependence of the Application on unique data 
structures.
 
 Documentation:  Draft versions of the SFL Software Design Description and API documents 
are now available that describe the SFL and interface between the Application and the SFL.  
 
 Sample SFL Functions:  The SFL builds and processes secure CMS objects including 
ASN.1 encoding and decoding.  Each SFL function processes a single CMS object.  It uses 
underlying external libraries to provide security services such as signing, verifying, 
encrypting and decrypting.  It protects data as a binary blob of data (i.e. it does not parse data 
to be protected; i.e. it does not parse MIME header).  Some example functions (subject to 
change):
 
? SM_Decrypt:  ASN.1 decodes and decrypts an ASN.1 encoded CMS EnvelopedData 
object and returns the decrypted content.
 
? SM_Encrypt:  Encrypts a content provided by the Application and provides the ASN.1 
encoded CMS EnvelopedData object and other outputs.
 
? SM_PreProc:  ASN.1 decodes a CMS object and provides decoded information such as 
the authenticatedAttributes, unauthenticatedAttributes, Certificates, CRLs, ACs, content 
(if not encrypted).
 
? SM_Sign:  Signs content and optional attributes provided by the Application.  It provides 
the ASN.1 encoded CMS SignedData object.  It can be used to add a SignerInfo to a 
SignedData object.

? SM_ValReceipt:  ASN.1 decodes and verifies an ASN.1 encoded CMS SignedData 
object which includes a Receipt object.  It provides the authenticatedAttributes, 
unauthenticatedAttributes.
 
? SM_Verify:  ASN.1 decodes and verifies an ASN.1 encoded CMS SignedData object.  It 
provides the content, authenticatedAttributes, unauthenticatedAttributes and other 
outputs.  If a signed receipt is requested by the signer, then SM_Verify builds one. 

Who:  	J.G. Van Dyke and Associates, Inc. (VDA), a software development company, is developing the 
S/MIME Freeware Library under contract to the National Security Agency (NSA).  Since 1992, 
VDA has been the developer of the reference implementation of the MSP protocol for the 
government.  The latest version implemented MSP v4.0, version 3 X.509 certificates, and 
Partition Rule Based Access Control.


VDA Point of Contact:
John Pawling                        				(301) 953-3600 
J.G. Van Dyke & Associates, Inc.          			(410) 880-6095
141 National Business Pkwy, Suite 210      			FAX: (301) 953-2901
Annapolis Junction, MD  20701              			jsp@jgvandyke.com