Question 173. What is BSAFE?

BSAFE is a general purpose, low-level cryptographic toolkit that offers developers the tools to add privacy and authentication features to their applications.

BSAFE is designed to provide the security tools for a wide range of applications, such as digitally signed electronic forms, virus detection, or virtual private networks. It is compatible with various industry standards, including S/MIME, S-HTTP, SSL, PCT, S/WAN, SEPP, and STT (see Question 131, Question 133, Question 134, Question 136, Question 137, Question 140, and Question 142). BSAFE also fully supports PKCS (see Question 166).

The 3.0 release of BSAFE contains the following algorithms:

Public-Key Algorithms:

• RSA Public Key Cryptosystem
• Diffie-Hellman Key Negotiation
• U.S. Digital Signature Algorithm (DSA)

Secret-Key Algorithms

• Data Encryption Standard (DES)
• Triple-DES
• Extended Data Encryption Standard (DESX)
• RC2 Variable-Key-Size Symmetric Block Cipher (exportable)
• RC4 Variable-Key-Size Symmetric Stream Cipher (exportable)
• RC5 Variable-Key-Size Symmetric Block Cipher

Cryptographic Hashing Algorithms:

• MD Hashing Algorithm
• MD2 Hashing Algorithm
• MD5 Hashing Algorithm
• Secure Hashing Algorithm (SHA1)

Other Cryptographic Functions:

• Bloom-Shamir Secret Sharing Algorithm
• Pseudo-Random Number Generation

The 3.0 release of BSAFE offers greater security by supporting public-key operations with up to 2048-bit keys, and better performance by enhancing the throughput of both the public-key and secret-key algorithms. BSAFE is written in portable C, and is available on a wide variety of platforms.

For more information on BSAFE, see < http://www.rsa.com/rsa/prodspec/bsafe/bsafe_3_0.htm>.