Introduction This standard specifies an application programming interface (API), called "CryptoAPI" to Cryptographic Service Providers (CSPs). The CryptoAPI, short for Cryptographic Application Programming Interface, follows a simple object-based approach, addressing the goals of technology independence (any kind of underlying crypto provider), presenting to applications a common interface for cryptographic operations. This document specifies the data types and functions available to an application requiring cryptographic services using the ANSI C programming language. These data types and functions will typically be provided via C header files by the supplier of a CryptoAPI library. |
Specs Scope CryptoAPI isolates applications from the details of the underlying cryptographic layer. The application does not have to change to interface to a different cryptographic service providers (e.g., OpenSSL or MS-CAPI). Thus, application can be portable across different environments. How CryptoAPI provides this isolation is beyond the scope of this document, i.e. how the underlying cryptographic layer will implement the CryptoAPI specs. However, some conventions for the support of multiple CSPs (and considerations about hardware integration) will be addressed here and possibly in additional documents. |
Extensibility These specifications provides support for generic cryptographic mechanisms and provides support for new ones to be added later withouth the need for changing the general interface. As cryptography evolves (e.g., in the view of post-quantum computing algorithms) it is also possible for vendors to define their own mechanisms (although, for the sake of interoperability, only publicly vetted algorithms should be used). Additional documents may provide a generic, language-independent Cryptoki interface and/or bindings between CryptoAPI and other programming languages (e.g., C++, Python, or Java). |