CryptoXpress LT is a collection of ready to run cryptography applications that can be used to encrypt and decrypt information using “strong encryption” and to create message digests (digital signatures). CryptoXpress LT produces compatible results across many platforms including Windows, Linux (Red Hat and SUSE), HPUX, Solaris, and IBM’s xSeries, pSeries, zSeries and iSeries. Implementation of the supported cryptography algorithms is verified using test vectors published by the National Institute of Standards and Technology (NIST). The cross platform capabilities of CryptoXpress LT allow users to encrypt data on one platform and decrypt it on the same or another platform. CryptoXpress LT is intended for use by organizations that need a cryptography solution but have limited programming skills or simply don’t want to write and maintain complex code that requires cryptography skills. Several ready to run programs are provided including: programs that encrypt and decrypt data, programs that encrypt and decrypt files, programs that digest data and programs that digest files. The cryptography algorithms supported include:

Multiple “strong encryption” encryption/decryption algorithms support:

• TripleDES
• AES 128-bit
• AES 256-bit

Multiple message digest algorithms support:

• MD5
• SHA1

Since there are thousands of possible ways to deploy encryption, CryptoXpress SDK simplified the selection process by reducing the selection to three “preferred” combinations:

• AES128/PKCS5Padding/CBC - 128-bit encryption
• AES256/PKCS5Padding/CBC - 256-bit encryption
• TripleDES/PKCS5Padding/CBC - effectively 112-bit encryption

CFXWorks recommends the use of AES encryption where there is a need to deploy “strong encryption”. The reasoning is as follows. On May 19, 2005, NIST announced the withdrawal of the (single) Data Encryption Standard (DES) as specified in FIPS 46-3. DES no longer provides the security that is needed to protect Federal government information. Federal government organizations are now encouraged to use FIPS 197, Advanced Encryption Standard (AES), which specifies a faster and stronger algorithm. For some applications, Federal government departments and agencies may use the Triple Data Encryption Algorithm (Triple DES) as specified in NIST Special Publication 800-67. Triple DES is also supported by CryptoXpress LT. Although thought to be considerably less secure than even AES 128-bit encryption, Triple DES is still commonly used in some industries.

The following Java programs are included in CryptoXpress LT:

• CFXCMD - This program can be used to read command line arguments and pipe them to programs that read data from the standard input device (sysin). CFXCMD reads command line arguments and writes them to the standard output device (sysout). Note that this program outputs data exactly as it is interpreted by the operating system‘s command line parser. Depending on the operating system, it is impossible to pass some characters within command line arguments. Some characters are likely to be ignored and some are interpreted differently than you might expect. Therefore test your input carefully if you intend to use this program
• CFX103FF - A Java program that can be used to encrypt or decrypt a file using 128-bit AES/PKCS5Padding/CBC and writes the output to a file
• CFX103TF (1) - A Java program reads data from the standard input device (sysin), encrypts it using 128-bit AES/PKCS5Padding/CBC and writes the output to an encrypted file
• CFX104FF - A Java program that can be used to encrypt or decrypt a file using 256-bit AES/PKCS5Padding/CBC and writes the output to a file
• CFX104TF (1) - A Java program reads data from the standard input device (sysin), encrypts it using 256-bit AES/PKCS5Padding/CBC and writes the output to an encrypted file
• CFX112FF - A Java program that can be used to encrypt or decrypt a file using 3DES and writes the output to a file
• CFX112TF (1) - A Java program reads data from the standard input device (sysin), encrypts it using 3DES and writes the output to an encrypted file
• CFX401F - A Java program that reads an input file, digests it using MD5, and writes the output to the standard output device (sysout)
• CFX401T (1) - A Java program reads data from the standard input device (sysin), digests it using MD5, and writes the output to the standard output device (sysout)
• CFX402F - A Java program that reads an input file, digests it using SHA1, and writes the output to the standard output device (sysout)
• CFX402T (1) - A Java program reads data from the standard input device (sysin), digests it using SHA1 and writes the output to the standard output device (sysout)
• CFXF2D - A Java program that reads a file and displays if in HEX to the standard output device (sysout)
• CFXT2F (1) - A Java program reads data from the standard input device (sysin) and writes the output to the standard output device (sysout)
• CFXDisplayLicense - Displays the CryptoXpress license information to the standard output device (sysout)
• CFXConvert - Converts a file from ASCII to EBCDIC or from EBCDIC to ASCII

Why use CryptoXpress LT:

• Use strong encryption and message digests without writing code
• Deploy best-of-breed cryptography techniques without knowing implementation details
• Consistency verified across all supported environments
• Correctness of the implementation verified using NIST test vectors
• Resource & skill level minimized by use of “best practices” scenarios