[Image] --------------------------------------------------------------------------- SecuDE - Overview --------------------------------------------------------------------------- [Image] Problem Authenticity and protection of privacy is an increasing concern of everyone as electronic information storage and exchange is rapidly growing. Example applications where security is needed are the privacy of sensitive e-mail, unforgeable digitally signed electronic forms and contracts, encryption of local files, network authentication, electronic data interchange, and software distribution. The use of public-key cryptography makes authenticity achievable and manageable in a large scale open electronic communication society. SecuDE is a portable general-purpose security toolkit for Unix and MS-DOS systems. The contribution of SecuDE to public domain for non-commercial use is part of our effort to facilitate the open, authentic, and privacy preserving electronic telecooperation between people. [Image] General Features SecuDE (Security Development Environment) is a security toolkit which incorporates well known and established symmetric and public-key cryptography. It offers a library of security functions and a well documented C API which allows you to incorporate security into virtually any application, and a number of ready-to-use utilities with the following features: * Basic cryptographic functions like RSA, DSA, DES, various hash functions, DSS and Diffie-Hellman key agreement, * Security functions for origin authentication, data integrity, non-repudation of origin, and data confidentiality purposes on the basis of digital signatures and symmetric and asymmetric encryption, * X.509 key certification functions, handling of certification pathes, cross-certification, certificate revocation, * Public Key Cryptography Standards (PKCS), * Utilities to sign, verify, encrypt and decrypt files, * Utilities and library functions for the operation of certification authorities (CA) and interaction between certifying CAs and certified users, * Utilities and library functions for PEM processing according to RFC 1421 - 1424 (the PEM functions are well tailored so that implementation of non-RFC 1421 PEM functions, like MIME-PEM, should be easy), * An X/Motif tool: XMst - The graphical user interface to SecuDE, * Secure access to public X.500 Directories for the storage and retrieval of certificates, cross-certificates and revocation lists (integrated secured DUA using strong authentication and signed DAP operations), * Data representations according to ASN.1 BER and DER, * Integrity-protected and confidentiality-protected storage of all security relevant information of a user (secret keys, verification keys, certificates etc.) in a so called Personal Security Environment (PSE). A PSE typically contains the user's private and public key (the latter wrapped in an X.509 certificate), the public root key which the user trusts, the user's distinguished name, the user's login name, and the forward certification path to the user's root key. In addition, the PSE allows to securely store other's public keys after their validation (allowing henceforth to trust them like the root key without verifying them again), and certificate revocation lists (CRLs). SecuDE provides two different PSE realizations: A SmartCard environment, and a DES-encrypted Unix or MS-DOS directory. Both are only accessible through the usage of PINs (Personal Identification Numbers). Smartcards require a particular SmartCard environment to be purchased where RSA and DES cryptography is done in the SmartCard reader (information available on request). [Image] SecuDE Privacy Enhanced Mail An Internet Privacy Enhanced Mail implementation (PEM RFC 1421-1424) is part of SecuDE. It provides a PEM filter which transforms any input text file into a PEM formatted output file and vice versa, and which should be capable of being easily integrated into Mail-UAs or CA tools. SecuDE-PEM realizes all formats and procedures defined in the Internet Specifications RFC 1421-1424 except that it only supports asymmetric key management. It is possible to securely cache other's certificates and CRLs as this is part of the general SecuDE functionality. SecuDE-PEM supports the certification and CRL procedures defined in RFC 1424 and is integrated into the SecuDE CA functionality. As an additional functionality which goes beyond RFC 1421 - 1424, SecuDE-PEM may be configured with an integrated X.500 DUA which allows, for instance, automatic retrieval of certificates and CRLs during the PEM de-enhancement process. [Image] Condition of Use The current version of SecuDE is SecuDE-4.4b0. It can be obtained in source code from the ftp address given below. It may be used for any non-commercial purpose free of charge provided that copyright notices be retained unaltered. For commercial use, please contact GMD. ------------------------------------------------------------------------------- [Image] SecuDE@darmstadt.gmd.de [Image] Security Home Page ------------------------------------------------------------------------------- created by Stephan Kolletzki , last modified: Wednesday, 10-May-1995