A Comparison of CDSA to CryptokiWednesday, 10:30, Lincoln-Roosevelt Room
Author
PRESENTATION
- Ruth Taylor, NSA
(Note: This presentation is a .pdf version - need Acrobat Reader to open file)The Common Data Security Architecture (CDSA) is a general security service architecture which has been standardized by the Open Group. This paper compares the CDSA CAPI to another well known low-level CAPI, RSA’s PKCS #11 (Cryptoki).
Both CDSA and Cryptoki are low-level interfaces which satisfy criteria established by the NSA’s CAPI Team. However, CDSA provides a security services infrastructure to several categories of security services, and therefore provides more auxiliary services to manage this more complex architecture. Additionally, Cryptoki provides a more direct interface to hardware cryptographic tokens. This paper maps calls in the APIs, describes differences between the two and how these may be handled, and considers porting issues.
Ruth Taylor joined the Trusted Operating Systems Research Team in the National Security Agency's Information Security Research Office after graduating with dual Bachelor degrees in Computer Science and Psychology from the University of Maryland in College Park, in 1996. Her work in this office has included studying Cryptographic Application Programmer Interfaces CAPIs), implementing the ISAKMP secure network protocol, and studying the use of ISAKMP in Flask. (Flask is the Trusted Operating System Team's secure, policy-flexible prototype operating system.)