RSAREF(TM): A Cryptographic Toolkit General Information RSA Laboratories Revised March 25, 1994 Version 2.0 This document copyright (C) 1994 RSA Laboratories, a division of RSA Data Security, Inc. License is granted to reproduce, copy, post, or distribute in any manner, provided this document is kept intact and no modifications, deletions, or additions are made. WHAT IS IT? The name "RSAREF" means "RSA reference." RSA Laboratories intends RSAREF to serve as a portable, educational, reference implementation of cryptography. RSAREF supports the following algorithms: o RSA encryption and key generation, as defined by RSA Laboratories' Public-Key Cryptography Standards (PKCS) o MD2 and MD5 message digests o DES (Data Encryption Standard) in cipher-block chaining mode o Diffie-Hellman key agreement o DESX, RSA Data Security's efficient, secure DES enhancement o Triple-DES, for added security with three DES operations Version 2.0 offers three other improvements over RSAREF 1.0: the ability to process messages of arbitrary length in parts; the option to process either binary data, or data encoded in printable ASCII; and support for encrypting messages for more than one recipient. RSAREF is written in the C programming language as a library that can be called from an application program. A simple Internet Privacy- Enhanced Mail (PEM) implementation can be built directly on top of RSAREF, together with message parsing and formatting routines and certificate-management routines. RSAREF is distributed with a demonstration program that shows how one might build such an implementation. WHAT YOU CAN (AND CANNOT) DO WITH RSAREF The RSAREF license agreement gives legal terms and conditions. Here's the layman's interpretation, for information only and with no legal weight: 1. You can use RSAREF for any purpose, as long as you follow the interface described in the RSAREF documentation. You can't sell RSAREF or provide a service of any type, where you charge in any way. You can use RSAREF in a commercial facility. For information on commercial licenses of RSAREF-compatible products, please contact RSA Data Security. (Special arrangements are available for educational institutions and non-profit organizations.) 2. You can give others RSAREF and programs that interface to RSAREF, under the same terms and conditions as your RSAREF license. 3. You can modify RSAREF as required to port it to other operating systems and compilers, or to improve its performance, as long as you give a copy of the results to RSA Laboratories. Other changes require written consent. 4. You can't send RSAREF outside the United States or Canada, or give it to anyone who is not a U.S. or Canadian citizen and doesn't have a U.S. "green card." (These are U.S. State and Commerce Department requirements, because RSA and DES are export-controlled technologies.) HOW TO GET IT To obtain RSAREF, read the RSAREF license agreement and return a copy of the following paragraph by electronic mail to : I acknowledge that I have read the RSAREF Program License Agreement and understand and agree to be bound by its terms and conditions, including without limitation its restrictions on foreign reshipment of the Program and information related to the Program. The electronic mail address to which I am requesting that the program be transmitted is located in the United States of America or Canada and I am a United States citizen, a Canadian citizen, or a permanent resident of the United States. The RSAREF Program License Agreement is the complete and exclusive agreement between RSA Laboratories and me relating to the Program, and supersedes any proposal or prior agreement, oral or written, and any other communications between RSA Laboratories and me relating to the Program. RSAREF is distributed by electronic mail in UNIX(TM) "uuencoded", compressed TAR format. When you receive it, store the contents of the message in a file, and run your operating system's "uudecode", "uncompress" and TAR programs. For example, suppose you store the contents of your message in the file 'contents'. You would run the commands: uudecode contents # produces rsaref.tar.Z uncompress rsaref.tar.Z # produces rsaref.tar tar xvf rsaref.tar You can also get a "uuencoded" PKZIP(TM) version of RSAREF. Just ask for the ZIP file when you return the acknowledgment. RSAREF includes about 60 files organized into the following subdirectories: doc documentation install makefiles for various operating systems rdemo demonstration programs and test scripts source source code and include files RSAREF is also available via anonymous FTP to 'rsa.com'. Along with RSAREF you can get RIPEM, Mark Riordan's RSAREF-based privacy-enhanced mail application, and an Emacs command interface to RIPEM. See the file 'README' in the FTP directory 'rsaref' for more information. USERS' GROUP RSA Laboratories maintains the electronic-mail users' group for discussion of RSAREF applications, bug fixes, etc. To join the users' group, send electronic mail to . REGISTRATION RSAREF users who register with RSA Laboratories are entitled to free RSAREF upgrades and bug fixes as soon as they become available and a 50% discount on selected RSA Data Security products. To register, send your name, address, and telephone number to . PUBLIC-KEY CERTIFICATION RSA Data Security offers public-key certification services conforming to PEM standards. For more information, please send electronic mail to . PKCS: PUBLIC-KEY CRYPTOGRAPHY STANDARDS To obtain copies of RSA Laboratories' Public-Key Cryptography Standards (PKCS), send electronic mail to . OTHER QUESTIONS If you have questions on RSAREF software, licenses, export restrictions, or other RSA Laboratories offerings, send electronic mail to . AUTHORS RSAREF is written and maintained by RSA Laboratories with assistance from RSA Data Security's software engineers. The DES code was written by Richard Outerbridge, with help from Phil Karn and Dan Hoey. Jim Hwang of Stanford wrote parts of the arithmetic code under contract to RSA Laboratories. ABOUT RSA LABORATORIES RSA Laboratories is the research and development division of RSA Data Security, Inc., the company founded by the inventors of the RSA public-key cryptosystem. RSA Laboratories reviews, designs and implements secure and efficient cryptosystems of all kinds. Its clients include government agencies, telecommunications companies, computer manufacturers, software developers, cable TV broadcasters, interactive video manufacturers, and satellite broadcast companies, among others. RSA Laboratories draws upon the talents of the following people: Len Adleman, distinguished associate - Ph.D., University of California, Berkeley; Henry Salvatori professor of computer science at University of Southern California; co-inventor of RSA public-key cryptosystem; co-founder of RSA Data Security, Inc. Taher Elgamal, senior associate - Ph.D., Stanford University; inventor of Elgamal public-key cryptosystem based on discrete logarithms Martin Hellman, distinguished associate - Ph.D., Stanford University; professor of electrical engineering at Stanford University; co-inventor of public-key cryptography, exponential key exchange; IEEE fellow; IEEE Centennial Medal recipient Burt Kaliski, chief scientist - Ph.D., MIT; former visiting assistant professor at Rochester Institute of Technology; editor of Public-Key Cryptography Standards; general chair of CRYPTO '91 Cetin Koc, associate - Ph.D., University of California, Santa Barbara; assistant professor at Oregon State University Ron Rivest, distinguished associate - Ph.D., Stanford University; professor of computer science at MIT; co-inventor of RSA public-key cryptosystem; co-founder of RSA Data Security, Inc.; member of National Academy of Engineering; director of International Association for Cryptologic Research; program co-chair of ASIACRYPT '91 Matt Robshaw, research scientist - Ph.D., University of London; member of EUROCRYPT '91 organizing committee RSA Laboratories seeks the talents of other people as well. If you're interested, please write or call. ADDRESSES RSA Laboratories RSA Data Security, Inc. 100 Marine Parkway 100 Marine Parkway Redwood City, CA 94065 Redwood City, CA 94065 (415) 595-7703 (415) 595-8782 (415) 595-4126 (fax) (415) 595-1873 (fax) PKCS, RSAREF and RSA Laboratories are trademarks of RSA Data Security, Inc. All other company names and trademarks are not.