About the Crypto API

Last week I read an article in CoDe magazine by Alex Feldstein about the Crypto API. This comes at a good time as I continue to study the C header file for this API. I was delighted to hear that there is a user manual for the Windows Crypto API. Unfortunately I do not know where to get it. I have since found the Crypto API documentation on the Microsoft Developer Network (MSDN). Perhaps that is the user manual.

Cryptography in general is the science of keeping messages secure. A hash is a function that can be applied to a plain text password. The client program can send the hash alone, thereby eliminating the need for sending the actual password. That makes sense. I think that is how Oracle authenticates database users with their passwords.

The Crypto API implements Public Key Cryptography functionality. This is also known as Asymmetric Encryption. It is also known as Public Key Infrastructure (PKI). You encrypt data with the public key. The recipient decrypts the data with their private key. A well known system for this is Diffie-Hellman. Some implementations of Diffie-Hellman are RSA, PGP, and Entrust.

Digital signatures also used public and private keys. The United States Government uses the Digital Signature Algorithm (DSA) from the US Digital Signature Standard (DSS). Although this does not fully explain these terms, at least I now know what some of these strange acronyms stand for.

The Windows Crypto API is implemented with a set of dynamic link libraries (DLLs). It is a part of Microsoft Windows. It has an abstraction layer. The Crypto API uses encryption servers called Cryptographic Service Providers (CSPs). The applications do not directly access the CSPs. They go through the Crypto API,. A session is established between the Crypto API and the client application. This session is the context needed for calling the API functions. You can export a session key to something called a key blob.

My next step is to continue pouring through the MSDN documentation on the Crypto API. There are a lot of topics under the Crypto API. I have been taking vigorous notes while I read through. So far I am up to 10 pages of notes. After I have finished reading, and have digested the information, I shall post further about it.