[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    CryptoAPI dilemma....
From:       Bronislav Kavsan <bkavsan () IRE-MA ! COM>
Date:       1998-01-25 3:12:50
[Download RAW message or body]


I came across some interesting dilemma with developing CSP for export.
US Government doesn't restrict exporting Signature Keys of any length.
But I've noticed that CryptoAPI (in some cases) uses Signature Keys for
Key Exchanges to import SIMPLEBLOBs (!!!!!). But US Goverment limits
exports of keys to be used for Key Exchanges to be no longer than 512
bits.

Soooo.... what should I do? If I allow CALG_RSA_SIGN to be of any length
and prevent its use for Key Exchanges - some CryptoAPI functions will
choke, but if I limit it to 512 bits - I will not take a full advantage
of strong authentication allowed by US Government for export.

Could someone in Microsoft comment on this (and possibly help to solve
this dilemma, please!!)

Slava Kavsan
IRE

----------------------------------------------------------------
Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://microsoft.ease.lsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]