MSoft crypto API's

jim bell jimbell at pacifier.com
Wed Jul 10 14:44:12 PDT 1996


At 01:04 PM 7/10/96 +0800, Enzo Michelangeli wrote:

>> 
>> "  Microsoft's Crypto APIs will be available to third-party vendors
>> writing applications with embedded security. But the hardware or
>> software Crypto-engines for these applications will need to be
>> digitally signed by Microsoft before they will work with the APIs.
>> Under an unusual arrangement with the NSA, Microsoft will act as a
>> front man for the powerful U.S. spy agency, checking on whether the
>> vendors' products comply with U.S. export rules."


>More details are available from MS' web pages at:
>http://www.microsoft.com/win32dev/apiext/capi4.htm
>and:
>http://www.microsoft.com/intdev/security/cryptapi.htm
>
>I understand that NSA may have accepted the arrangement because only
>signed CSP's will be loaded under the CAPI, and MS will only sign them in
>Redmond. So, strong CSP modules developed outside the US will not be useable
>there because, once gone to Redmond, won't be re-exportable.

However, see my commentary to Mike Ingle.  If it's a foreign manufacturer 
we're talking about, then even though  the export of the signed package 
might arguably be illegal, ONLY ONE copy of it needs to be exported, 
possibly by some anonymous person who has nothing to do with either company. 
 The export will be illegal, but once exported any recipients would 
presumably be able to do anything they want with the program.


>The interesting part is that the basic, but crippled, CSP (PROV_RSA_FULL) 
>will be supplied for free by MS:

So they DIDN'T want their pieces of silver, huh?



Jim Bell
jimbell at pacifier.com






More information about the cypherpunks-legacy mailing list