mailto:pgut001@cs.auckland.ac.nz The library provides an easy-to-use interface which allows even inexperienced crypto programmers to easily add strong encryption and authentication services to their software. The library contains DES, triple DES, IDEA, MDC/SHS, RC2, RC4, RC5, SAFER, SAFER-SK, Blowfish, and Blowfish-SK conventional encryption, MD2, MD4, MD5, RIPEMD-160 and SHA hash algorithms, and Diffie-Hellman, DSA, and RSA public-key encryption, as well as a comprehensive high-level interface with functions such as cryptCreateSignature() and cryptExportKey(). The library is supplied as source code for Unix (shared or static libraries), DOS, Windows (16- and 32-bit DLL's), and the Amiga. The library provides a standardised interface to a number of popular encryption algorithms, as well as providing a high-level interface which hides most of the implementation details and provides an operating-system-independant encoding method which makes it easy to transfer encrypted data from one system to another. Although use of the the high-level interface is recommended, experienced programmers can directly access the lower-level encryption routines for implementing custom encryption protocols or methods not provided by the library. The library API serves as an interface to a range of plug-in encryption modules which allow encryption algorithms to be added in a fairly transparent manner. The standardised API allows any of the algorithms and modes supported by the library to be used with a minimum of coding effort. As such the main function of the library is to provide a standard, portable, easy-to-use interface between the underlying encryption routines and the user software. In addition the easy-to-use high-level routines allow for the exchange of encrypted session keys and the creation and checking of digital signatures with a minimum of programming overhead. The library has been written to be as idiot-proof as possible. On initialization it performs extensive self-testing against test data from encryption standards documents, and the API's check each parameter and function call for errors before any actions are performed, with error reporting down to the level of individual parameters. The library implements a security perimeter around the encryption functions, with encryption contexts consisting of an arbitrary handle referring to (hidden) data held within the library. No outside access to state variables or keying information is possible, provided the underlying OS provides some form of memory protection. If the OS supports it, all sensitive information used by the library will be page-locked to ensure it is never swapped to disk. There is one small bug I found about an hour after it was released (sigh), you can't use CRYPT_USE_DEFAULT as a parameter to cryptCreateContext() due to missing parentheses in crypt.c.