| The Open–source PKI Book: A guide to PKIs and Open–source Implementations | ||
|---|---|---|
| Prev | Chapter 9. Supported Crypto hardware and Software architectures | Next |
CDSA eases the process of adding security to software products. By writing to one common API, a software developer can add authentication services (such as smart card readers), encryption services (such as DES) and the ability to manage security processes (key recovery, export restrictions, prevention of attacks on the internal software pieces).
CDSA is a specification developed by Intel and the current version, version 2 has been adopted by the The Open Group as an Open Group Technical Standard in 1997. The CDSA standard is available in hard–copy and electronic form (HTML and PDF) from the Common Security: CDSA and CSSM, Version 2 (with corrigenda) page at the The Open Group website.
Currenly, the source code of CDSA is available for the Windows platform. Intel, along with Caldera Systems and the Bull TrustWise organisation are developing a Linux port of CDSA and it is expected that it will be available in September 2000.
In order for CDSA to be usable in Linux, it needs software cryptographic support for symmetric and asymmetric cryptographic algorithms. For the previous version of CDSA, version 1.2, there was no publicly available cryptographic support or Cryptographic Service Provider (CSP) as it is called. CSPs can come in two flavours, hardware implementation on an expansion card or a software version. For development purposes, it is important to have at least a software version.
CDSA has adaptation layers to use existing cryptography software for CSPs and it is possible, in the case there is no native CDSA CSP for Linux, to use one that has OpenSSL as the backend. Such a CSP based on OpenSSL was announced on the Jonah mailling list, however the correspondance e–mail to the free e–mail account does not seem to be active. However, with the newer revision 1.3 of CDSA 2.0, there is official support for use of OpenSSL as a plug–in for a CSP. This is very positive news for the soon to come Linux port.
Among the future plans for the implementation of CDSA 2.0 is the Linux support for the Itanium™ processor.
The implementation of CDSA 2.0 that is provided by Intel is distributed under the Intel Open Source License which is the BSD license with an additional export notice. This license has been reviewed and approved by the Open Source Initiative (OSI), so this implementation of CDSA is OSI Certified Open Source software.