 |
cryptlib employs the IETF-standardised Cryptographic Message Syntax (CMS,
formerly called PKCS #7) format as its native data format. CMS is the
underlying format used in the S/MIME secure mail standard, as well as a number
of other standards covering secure EDI and related systems like HL7 messaging.
As an example of its use in secure EDI, cryptlib provides security services for
the Sypmhonia EDI messaging toolkit
which is used to communicate medical lab reports, patient data, drug
prescription information, and similar information requiring a high level of
security.
|
|
The complexity of the S/MIME format means that the few other toolkits which are
available require a high level of programmer knowledge of S/MIME processing
issues. In contrast cryptlib's enveloping interface makes the process as
simple as pushing raw data into an envelope and popping the processed data back
out, a total of three function calls, plus one more call to add the appropriate
encryption or signature key. The code to create an S/MIME signed message is as
follows:
CRYPT_ENVELOPE cryptEnvelope;
int bytesCopied;
cryptCreateEnvelopeEx( &cryptEnvelope, CRYPT_FORMAT_SMIME, CRYPT_UNUSED );
/* Push in the signing key */
cryptAddEnvComponentNumeric( cryptEnvelope, CRYPT_ENVINFO_SIGNATURE, sigKeyContext );
/* Push in the data and pop out the processed data */
cryptPushData( cryptEnvelope, data, dataLength, &bytesCopied );
cryptPushData( cryptEnvelope, NULL, 0, NULL );
cryptPopData( cryptEnvelope, processedData, processedDataBufsize, &bytesCopied );
cryptDestroyEnvelope( cryptEnvelope );
To encrypt insteadof sign, change the second function call to:
/* Push in the certificate */
cryptAddEnvComponentNumeric( cryptEnvelope, CRYPT_ENVINFO_PUBLICKEY, certificate );
That's all that's necessary (you can copy this code directly into your
application to S/MIME-enable it).
|
