Yeap, I knew that I forget someting -
David Cross announced on public.security.crypto newsgroup release of the Smart Card Base Cryptographic Service Provider as free download (also available via Windows Update):
Writing a Smart Card CSP has not been trivial. This has been addressed by splitting the CSP architecture to a Base CSP and Card Module architecture. The Base CSP is provided by Microsoft as a part of the platform (with this
Base CSP release).
Card Module is a interface supported by Microsoft for card vendors to write their implementations for the same to their card. This is analogous to writing a printer driver for a printer.
It is this new Card Module architecture that will also be available as a part of Windows Vista. With this release, one of the goals that we want to accomplish is that the same card module works on older platforms and also Vista.
More information available in Shivaram Mysore blog (he is active participant of XML Encryption and XKMS and ex-Sun software architect).
There are also great collection of Windows PKI and cryptography references and links [subscribed].
Well, period of silence on this blog ended. Unfortunately I couldn't post for last three months for many reasons and I'm sorry for it :((
In this post I'll try to summarize what interesting things happened in security from my point of view (actually Valery already mentioned most of them in his blog):
Peter Gutmann updated his “Godzilla crypto and security“ tutorial with excellent quote on current state of laws in Russia: “The severity of Russian law is compensated for by it’s non-mandatoryness.”
NSA announced Suite B Cryptography at RSA 2005 consisting of AES, Elliptic Curve Digital Signature and Key Exchange and SHA-256/384.
For this reason I try to describe unofficial Russian “Suite B“:
- GOST 28147-89 for encryption
- GOST R 34.10-2001 (Elliptic Curve Digital Signature) for DS and Key Exchange (it supersedes GOST R 34.10-94 that should be withdrawn before 1.01.2008)
- GOST R 34.11-94 for hash function
More information about using these algorithms with X.509 certificate and CRL profile is currently available as draft (and will be accepted as informational RFC in the nearest time). Basic implementation for OpenSSL 0.9.8 could be downloaded at CryptoCom open-source site.
Bruce Schneier posted his impressions from Cryptographic Hash Workshop hosted by NIST: 1, 2, 3.
This autumn was a bad time for many IPSec ISAKMP/IKE implementations: Protos test suite from Oulu University Secure Programming Group found multiple vendor implementation vulnerabilities. And this is an exact sample of using fuzzing technique to find security flaws.
Sun Microsystem released Solaris 10 source code as OpenSolaris including Kernel Crypto Framework/Drivers, User Crypto Framework (PKCS#11) and Crypto Algorithms (more information is available at Darren J. Moffat blog)
BTW, it is interesting to compare design of future Microsoft CryptoAPI NG from previous post and The (Open)Solaris Cryptographic Framework. They are build of the same cryptoproviders separation as distinct digest, signature, etc providers and both moving to support kernel (right now it's impossible to use CryptoAPI in ipsec driver for example).
And developer part of news: two most successful Microsoft Shared Source projects released as WiX 2.0 and WTL 7.5 - and MSFT could be really proud of them (we use them extensively in our projects).
Windows kernel developers also received new development framework - Kernel Mode Driver Framework 1.0 (unfortunately it didn't support Windows 2000 in version 1.0, but I hope it will due to feedback from developers community) and updated Driver Install Framework Tools 2.01. And best of all - WDF contains Windows Server 2003 SP1 DDK with Static Driver Verifier for free ;-) If you're interested in Windows Kernel development - watch for OSR NTDEV and Steve Dispensa blog.
Well, it's enough for today - thank you for reading =)