### Question 173. What is BSAFE?

BSAFE is a general purpose,
low-level cryptographic toolkit that offers
developers the tools to add privacy and authentication features to their
applications.

BSAFE is designed to provide the security tools for a wide range of
applications, such as digitally signed electronic forms, virus detection,
or virtual private networks. It is compatible with various industry standards,
including S/MIME, S-HTTP, SSL, PCT, S/WAN, SEPP, and STT (see
Question
131, Question 133, Question
134, Question 136, Question
137, Question 140, and Question
142). BSAFE also fully supports PKCS (see Question
166).

The 3.0 release of BSAFE contains the following algorithms:

__Public-Key Algorithms:__

- RSA Public Key Cryptosystem
- Diffie-Hellman Key Negotiation
- U.S. Digital Signature Algorithm (DSA)

__Secret-Key Algorithms__

- Data Encryption Standard (DES)
- Triple-DES
- Extended Data Encryption Standard (DESX)
- RC2 Variable-Key-Size Symmetric Block Cipher (exportable)
- RC4 Variable-Key-Size Symmetric Stream Cipher (exportable)
- RC5 Variable-Key-Size Symmetric Block Cipher

__Cryptographic Hashing Algorithms:__

- MD Hashing Algorithm
- MD2 Hashing Algorithm
- MD5 Hashing Algorithm
- Secure Hashing Algorithm (SHA1)

__Other Cryptographic Functions:__

- Bloom-Shamir Secret Sharing Algorithm
- Pseudo-Random Number Generation

The 3.0 release of BSAFE offers greater security by supporting public-key
operations with up to 2048-bit keys, and better performance by enhancing
the throughput of both the public-key and secret-key algorithms. BSAFE
is written in portable C, and is available on a wide variety of platforms.

For more information on BSAFE, `see <
http://www.rsa.com/rsa/prodspec/bsafe/bsafe_3_0.htm>.
`