ISC CDKs are flexible, cost effective libraries of linkable cryptographic modules that allow you to add encryption, digital signatures, and message authentication to any application. They reduce the cost of developing secure applications by applying readily available, commercially supported, conventional and public key technology.
ISC CDKs make standards-based cryptographic building blocks available to developers and integrators. Use them to construct secure corporate applications for internal use or OEM products for resale.
Purchase a complete toolkit or have us customize one that targets your specific application. ISC can provide implementations of the following federal and industry standards:
- NIST Advanced Encryption Standard (AES†)
- NIST Data Encryption Standard (DES), triple DES (TDES), and DESX
- NIST Digital Signature Algorithm (DSA) and Elliptic Curve DSA (ECDSA†)
- Rivest-Shamir-Adleman (RSA) public key technology
- NIST Secure Hash Algorithm (SHA-1, SHA-224/256/384/512†)
- MD2/MD5 hash algorithms
- Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH†) Key Agreement
- ElGamal, and elliptic curve ElGamal, public key cryptosystems
- AT&T proprietary exportable DES replacement (EA2)
ISC CDKs can be used to add encryption and authentication to a wide variety of applications:
- security-enhanced device drivers (such as a encrypting file system filter)
- e-mail applications
- electronic funds transfer and EDI
- document transmission, and
- messaging and VoIP products
The latest version even provides support for building simple SSL/TLS clients (with one- or two-sided authentication).
Ease of Use
The ISC CDKs provide C/C++ APIs that allow your programmers to rapidly link them into existing code or into new applications under development. (CDK 7.0 C++ documentation is available on-line.) Testimonial from a satisfied customer:
I'm very pleased to say that we could integrate your library into our existing system without any problem in development environment. How do I describe it was so easy?
Each kit includes a test file with commented sample source code illustrating the use of each function. This test program also can be compiled to verify the proper operation of the cryptographic engines on your operating system. Virtually unlimited key sizes can be supported for the public key algorithms.
Supported Algorithms and Data Formats
The cryptographic primitives that can be included
in a custom CDK for your company's use comply with NSA Suite B recommendations as well as the following
Federal and industry standards:
in CDK 8.0
Relevant Standards and Other References
186-4; ANSI X9.31-1998;
RFC 2437 (PKCS#1v2.0), RFC 3447 (PKCS#1v2.1)
|DSA||FIPS 186-4; ANSI X9.30-1997|
186-4; ANSI X9.62-1998;
NSA Suite B
|ECDH||NIST SP 800-56A; ANSI X9.63; IEEE 1363-2000; NSA Suite B|
Supported modes of operation: ECB, CBC, CBC_CS3, CFB-1, CFB-8, CFB-64, CFB-128, OFB, CTR, GCM
FIPS 197; NIST SP-800-38A; NIST SP-800-38B; NIST SP-800-38C; NIST SP-800-38D; CNSS Policy No. 15; RFC 3394; RFC 3565; RFC 5084;
NSA Suite B
Supported modes of operation: ECB, CBC, CFB-1, CFB-8, CFB-32, CFB-64, OFB, CTR
FIPS 46-3; ANSI X3.92
128- or 192-bit key; supported modes of operation: ECB, CBC, CFB-1, CFB-8, CFB-32, CFB-64, OFB, CTR
FIPS 46-3; ANSI X9.52-1998; NIST SP-800-38A; NIST SP 800-20; NIST SP 800-67
|(analysis by J. Kilian and P. Rogaway)|
|FIPS 185; NIST/NSA specification|
|RC2||RFC 3217; RFC 2268|
|RFC 2246 (SSL/TLS);
180-4; ANSI X9.30 Part 2;
NSA Suite B
|HMAC-SHA||FIPS 198; RFC 2104; ANSI X9.71||
|HMAC-DBRG||NIST SP 800-90aR1||
|HMAC-MD5||RFC 2104; ANSI X9.71|
|PRNG||FIPS 186-3; FIPS 140-2 Annex C; NIST SP 800-22; NIST SP800-90|
|Password Generation||FIPS 181|
Relevant Standards and Other References
|MQV, ECMQV†||IEEE 1363-2000, NIST SP800-56A, NIST SP800-78|
|KEA||NIST/NSA specification; RFC 2528; RFC 3279; SDN.701|
|OAEP||RFC 2437 ( PKCS #1v2.0); RFC 3560; IEEE 1363-2000|
|RIPEMD-160||ISO/IEC 10118-3:1998; A. Bosselaers' website; RFC 2857|
†Although no longer part of Suite B, ECMQV is available from ISC for national security purposes under an NSA sublicense.
In addition to the algorithms listed in the first part of the above table, CDK 7.0 includes:
- X.509v3 certificate and CRL handling (RFC2459, RFC3279, RFC3280, NIST SP 800-15)
- PKCS#7/#8/#10/#12 PDU creation and parsing
- basic S/MIME v3 CMS functions for PDU creation and parsing (RFC3370. RFC3851, RFC3852)
- key derivation functions for PKCS#5 PBE and various ANSI and PKCS#1/#3/#5/#8 (RFC2313-2315) padding, encoding, and decoding functions
- RFC3394 key wrapping and unwrapping
- pseudo-random number generation, primality testing, and routines for low-level modular exponentiation and other high-precision arithmetic operations (in rings of integers, finite fields, and elliptic curves)
- simple SSL/TLS client support
CDK 7.0 is the cryptographic engine used in all builds of SecretAgent 5.7 and above, SpyProof! 1.x, SecretAgent Mobile, SecretAgent 5.6 for PocketPC/ARM, and SpyProof! 1.x.
is NSA Suite B compliant and meets NIST FIPS 140-2 and DoD/CNSS NSTISSP #11 acquisition requirements. While not a "Type 1 product," it has been approved by NSA "for use on classified systems." It was awarded NIST
FIPS 140-1 Level 1 Certificate No. 347. Certification was performed by a NIST-accredited laboratory
that did source code level validation of all supported FIPS
approved algorithms and security interfaces. Review and
oversight was provided jointly by NIST and CSE.
At the time of validation, there were no formal NIST test suites for certain FIPS approved algorithms. In these cases we ran standard industry tests, provided letters of assurance to NIST, and the NIST-accredited CMT lab checked the source code and test results. These algorithms are marked VA (for "Vendor Affirmed") in the NIST certificate column of the table below.
Only products containing FIPS 140-validated security modules may be purchased and used for the processing of sensitive data by agencies of the U.S. Federal Government. Such products are also recommended by the Government of Canada.
NIST NOTE: FIPS 140-2 is now in effect. However, Agencies may continue to purchase, retain and use FIPS 140-1 validated modules.
Addressing a Popular FIPS 140-2 vs. FIPS 140-1 Misconception
Even though 140-2 is the current standard, products validated under 140-1 have not been deprecated. According to NIST, U.S. Government "agencies may continue to purchase, retain and use FIPS 140-1 validated modules after May 25, 2002. Modules validated as conforming to FIPS 140-1 and FIPS 140-2 are accepted by the Federal Agencies of both [the U.S. and Canada] for the protection of sensitive information." Furthermore, "Cryptographic modules that have been approved for classified use may be used in lieu of modules that have been validated against this standard [FIPS 140-2]." (Quoted text taken from NIST website on 3/26/07.)
ISC CDKs are available for the following platforms:
- Windows and Windows Server (all active 32- and 64-bit versions)
- RHEL 6+ and all similar Linux distributions (x86, i64, IA64, MIPS, etc.)
- Mac OS X
CDKs can also be supplied (upon demand) for most other desktop, mobile, and embedded environments. In the past, ISC has shipped builds for the following target platforms:
- Android, iOS, Windows Phone/ARM (including kernel mode)
- Solaris 8,9,10/SPARC, Solaris 8,9,10/x86_64 (32- and 64-bit)
- HP-UX 10.x/11.x/11.i, OpenVMS/AXP
- IBM AIX (32- and 64-bit)
- SGI IRIX 6.x
- Cray UNICOS
The list of supported compilers includes:
- Microsoft Visual Studio for all Windows platforms
- GCC (GNU C++) for most Linux and other UNIX-based systems
- Sun C++ for Solaris/SPARC and /x86-based platforms
- New! Green Hill Software's MULTI IDE for embedded PPC-based platforms
CDK libraries can be used in your internal corporation applications or in applications developed for resale; they can even be used to build a security-enhanced device driver that operates in Windows kernel mode. An initial CDK license includes two developer seats; additional developer seats may be purchased as needed. Per copy licensing fees are required for redistribution of the CDK with applications that employ its cryptographic code.
Contact us via e-mail for fee schedules, header files, and sample code, or for further information on custom libraries.