I was browsing the source code for one of our main applications. And I found a file that implements a C++ class for security. This file has a curious include of another file named "wincrypt.h". I have come to find out that this include file is the Microsoft Cryptographic API. I figured I could learn a lot by studying this file. Or more precisely, I could identify some topics from this file that I need to research further.
The file referenced the term "entrust" under the heading of RSA. Now I know that RSA is or was a company. But I am not familiar with what entrust is yet. I need to study up. The file also referenced the acronyms PKCS and DMS under the heading of DSS. Now I know that PKCS stands for Public Key Cryptographic Standards. However I am not confident of what DMS and DSS stand for.
There were DES block ciphers enumerated in the file. Some of them had names like DESX, IDEA, CAST, and RC5. Now I know that DES stands for Data Encryption Standard. And I have previously written about RC5 when I discussed SSL. However the other acronyms have no meaning to me. I am starting to get the feeling that just about everything relating to cryptography has an acronym name.
The header file also had some terms under the heading of Fortezza. They were SKIPJACK and TEK. Now I have written about how SKIPJACK is a block cipher. And I have also written about Fortezza when discussing SSL. However I am not sure what TEK stands for.
Sometimes I found that I really did not know what the heck the code was talking about. For example, there was a heading for a KP mode. I am at a loss since I do not even know what the group stands for. I do know that some terms for these modes I need to learn are CBC, CFB, OFB, interleaved, pipelined, and masking.
I was happy that most of the time I recognized the header for groups in the source file. For example, I know what a stream cipher is. Two such ciphers listed in the code were RC4 and SEAL. Previously I have written about RC4. However I have never heard about SEAL.
For now I plan to write another post about some more goodies I have uncovered in the Microsoft Crypto API header file. Long term I want to research the unknown topics and become very familiar with them. Perhaps it is time to get some training on this.
Good-fast-cheap. Pick two. - I got invited to a meeting with the customer today. There was a problem in production. And the customer wanted answers. When it came time, I explained wha...