C/C++ Developer Solutions

Encryption and Key Management for Compliance

A variety of compliance regulations now require that organizations deploy standards-based encryption and separate encryption keys from the data that they product. For C and C++ developers this means storing encryption keys on an external appliance designed for this purpose, and securely retrieving encryption keys in C/C++ applications as they are needed for encryption and decryption tasks. Alliance AES Encryption APIs provide NIST certified AES encryption on all major platforms and operating systems, and Alliance Key Manager provides an affordable solution that meets all compliance regulations for the secure creation, management, storage, and distribution of encryption keys to C/C++ applications. Alliance Key Manager is FIPS-140-2 certified (certificate number 1449) and is perfect for use with C/C++ applications.

 

Encryption can be a challenge for C/C++ developers. The Alliance AES Encryption software provides the C/C++ developer a way to incorporate NIST-certified AES encryption into their C/C++ applications on all major operating systems.

Encryption Key Retrieval

Any application that can create a secure and authenticated TLS connection to the Alliance Key Manager can request and receive encryption keys for use in their applications. Perl directly supports TLS communications and can retrieve keys from AKM. You can store the client side certificate and private key files on your local system and reference them in your Perl application, make the TLS connection, format the key retrieval request, and retrieve an encryption key for use in your applications. A technical HOWTO document provides sample code that you can use as a starting point in your applications.

C/C++ Encryption Key Retrieval APIs

Alliance Key Manager provides an easy –to-use shared library (shared library, DLL, or service program) that can be added to any application for key retrieval. This shared library performs all of the SSL/TLS secure communications with the key server, and supports failover to a secondary server if the primary server is off-line. You can easily add the Alliance key retrieval shared library to your C/C++ project to retrieve encryption keys for use with Alliance AES Encryption libraries, openssl encryption libraries, or any third party encryption solution.

Wire Protocol Eliminates Software Libraries

The interface to the Alliance Key Manager is a “wire” protocol. This means that there is no client side software required for key retrieval. While Alliance Key Manager provides you with the software support you need to retrieve keys from the key server, you can also create your own applications to do key retrieval if you wish. If you use the Alliance Key Manager key retrieval software on Linux and Unix platforms, it will use the openssl support for secure SSL/TLS communications with the key server. If you use the Alliance key retrieval software on Windows, it will use native Windows Schannel support for SSL/TLS communications. If you use Alliance key retrieval software on the IBM i platform, you will use the no-charge IBM licensed program Digital Certificate Manager to create certificates used for SSL/TLS communications, and use the native IBM i GSK APIs for the secure connection. On the IBM System z Mainframe platform, you will use the System SSL support for SSL/TLS communications with the key server.

Alliance Key Manager Documentation and Sample Code

The Alliance Key Manager product CD contains documentation on the use of the Alliance Key Manager from C/C++ and provides sample application code that you can use to get started.

 

C/C++ AES Encryption APIs

Townsend Security provides NIST-certified AES encryption libraries on a wide variety of platforms including Linux, Unix, Windows, IBM I (AS400, iSeries), and IBM System z Mainframe. On the Linux and Unix platforms the Alliance AES encryption software is delivered as a shared library, and supports a number of Linux and Unix distributions. On the IBM i (AS/400, iSeries) platform AES software is delivered as a service program that is installed with the Alliance AES/400 solution. These AES libraries are NIST certified through the AES Validation program, and interoperate with Townsend AES libraries on all platforms. You can encrypt on one platform and decrypt on a different platform without exposing the data during transport.

Alliance AES Encryption Documentation and Sample Code

The Alliance AES Encryption solution includes documentation on the use of Alliance AES encryption from C/C++ programs and provides sample application code that you can use to get started.

Encryption Key Management APIs

Most Enterprise customers use the Alliance Linux security administrator’s command line application, or the Alliance Windows key management application, to create and manage encryption keys on the Alliance Key Manager appliance. However there are certain applications that need to perform key management functions under program control. Through the Linux command line console application, Alliance Key Manager provides commands to enable all of the normal encryption key management functions including creating encryption keys, rotating keys, revoking keys, and so forth. More than 80 commands are provided for every aspect of key management and can be easily scripted through Linux or Unix shell utilities. Alternatively you can write directly to the Alliance Key Manager interface from your C/C++ applications to automate every aspect of key creation and management.

Tokenization for C/C++ Developers

Tokenization is an alternative data protection method that preserves the format of the original data. The Townsend Alliance Token Manager solution provides tokenization services to C/C++ applications and applications on all over major operating systems.