Common Data Security Architecture (CDSA) White Paper

Cryptography Service Provider (CSP) API

Cryptography Service Provider (CSP) API

The algorithms of the cryptography service provider (CSP) APIs provide the means to :

Disguise data, so that it is unreadable in encrypted form.

Ensure data integrity, to make sure it has not changed in transport.

Uniquely identify the sender of received data.

The CSP is an add-in module to the CSSM. The CSP supplies the cryptographic capabilities to applications that call into it through the CSSM API.

Public/Private Key Algorithms

In the simplest terms, the user creates a public/private key pair. If a public key (which can be distributed freely) is used to encrypt, only the private key can be used to decrypt. Conversely, if the private key is used to encrypt, the public key is used to decrypt.

The following three examples show how public and private keys are used for secure messaging.

Dual Asymmetric Key Algorithm

[1]A requests B’s public key and uses it to encrypt data, which A sends to B.

[2]B uses B’s private key to decrypt A’s encrypted data. (This is the only key that can decrypt this message.)

Chapter 1

21

Page 21
Image 21
HP UX Security Products and Features Software manual Cryptography Service Provider CSP API, Public/Private Key Algorithms