BAE Systems - Knowledge Bank


				Home > Knowledge Bank > SMP

S/MIME Freeware Library (SFL)

Capabilities

The S/MIME Freeware Library (SFL) implements the IETF S/MIME v3 RFC 3369 Cryptographic Message Syntax (CMS) and RFC 2634 Enhanced Security Services (ESS) specifications. It supports all of the optional ESS security features such as signed receipts, security labels, secure mail list information, and signing certificate attributes. It implements portions of the RFC 2633 Message Specification, RFC 2632 Certificate Handling, and RFC 3370 CMS Algorithms specifications. When used in conjunction with the Crypto++ freeware library, the SFL implements the RFC 2631 Diffie-Hellman (D-H) Key Agreement Method specification.

The SFL is composed of a high-level library that performs generic CMS and ESS processing independent of the crypto algorithms used to protect a specific object. The SFL high-level library makes calls to an algorithm-independent CTIL API. The underlying, external crypto token libraries are not distributed as part of the SFL source code. The application developer must independently obtain these libraries and then link them with the SFL. For example, the SFL can be used with the freeware Crypto++ library to obtain 3DES, D-H, RSA and DSA. To use the SFL with Crypto++ the vendor must download the Crypto++ freeware library from the Crypto++ Web Page and then compile it with the BAE Systems-developed Crypto++ CTIL source code.

The SFL uses the BAE Systems-developed, freeware Certificate Management Library (CML) to ASN.1 decode Certificates and Certificate Revocation Lists. The application can call the SFL to use the CML to build and validate certification paths required to support the building (encryption) and processing (decryption/verification) of S/MIME v3 messages. The application can configure the SFL to make internal calls to the BAE Systems-developed, freeware Access Control Library (ACL) to perform SDN.801 rule-based access control checks related to message originators and recipients.

RFC 2876 "Use of the KEA and SKIPJACK Algorithms in CMS" describes the conventions for using the CMS EnvelopedData and EncryptedData content types with the KEA and SKIPJACK encryption algorithm. The document is intended to promote interoperability between implementations using KEA and SKIPJACK with CMS. The cmskeahints.txt file contains hints for using the FORTEZZA Card and FORTEZZA Cryptologic Interface (CI) Library to meet the requirements stated in RFC 2876.