extranetcontact ussitemaphome  
 
        Home > Knowledge Bank > SMP













   

Certificate Management Library (CML)

Capabilities

The Certificate Management Library (CML) provides X.509 certification path building and validation services through a developer-friendly C and C++ Application Programming Interface (API). The CML performs all of the required certification path processing as specified in X.509 (2000) and in Internet Engineering Task Force (IETF) RFC 3280. The CML is capable of building certification paths through all types of simple and complex PKI topologies including hierarchical, mesh, and bridge topologies and any combination of the same. The CML supports encoding and decoding public key certificates, attribute certificates, and Certificate Revocation Lists (CRLs) in compliance with Abstract Syntax Notation One (ASN.1) and X.509. In addition to the path validation requirements in X.509 and RFC 3280, the CML also meets the U.S. Department of Defense (DoD) requirements stated in SDN.706 Certificate/CRL Profile.

Included with the CML is the optional Storage and Retrieval Library (SRL) which provides local certificate and CRL storage as well as remote directory retrieval capabilities using the Lightweight Directory Access Protocol (LDAP). The CML uses callback functions to access the SRL services thereby allowing an application to easily replace the SRL with its own storage and retrieval functions if needed. The callback functions are described in the CML API.

The CML uses the PKCS #11 interface to sign and verify digitally-signed objects like certificates and CRLs. On Windows platforms, the CML is also capable of calling Microsoft Cryptographic API (CAPI) functions to use installed Cryptographic Service Providers (CSPs). Vendors can develop their own PKCS #11 library using their preferred crypto libraries or use the PKCS #11 interface provided by BAE Systems which uses the freeware Crypto++ library to provide it's cryptographic functionality.

The CML uses the Enhanced SNACC ASN.1 library to provide the encoding and decoding functions for the certificates, CRLs, and other ASN.1 objects the CML uses. The ESNACC library is available on this web site at: http://www.digitalnet.com/knowledge/snacc_home.htm.

The Certificate Management Library architecture, functions, and data types are documented in the CML Application Programming Interface (API). The Storage and Retrieval Library is document in the SRL Application Programming Interface (API). Both documents are available on the CML Documentation Page.

copyrightprivacy policy