---

Please note: This page has been retired.

We no longer sell CFXWorks products, please visit their web site instead:

• http://www.cfxworks.com

To view alternative products, please see the following:

Other information on this page is shown for historical reference only and may have changed considerably since.

---

Summary

CryptoXpress SDK by CFXWorks

URLs: cryptoxpress-sdk, cryptoxpress sdk, cryptoxpresssdk, cfxworks

Commercial grade, strong encryption SDK for Java programmers. CryptoXpress SDK is a Java toolkit that can be used to custom develop application layer cryptography solutions offering “strong encryption”, message digests (digital signatures), and several industry specific security features. The CryptoXpress SDK produces compatible results across many platforms including Windows, Linux (Red Hat and SUSE), HPUX, Solaris, and IBM’s xSeries, pSeries, zSeries and iSeries. Implementation of the supported cryptography algorithms is verified using test vectors published by the National Institute of Standards and Technology (NIST). The cross platform capabilities of CryptoXpress SDK allow users to encrypt data on any supported platform and decrypt it on any supported platform.

CryptoXpress SDK is a Java toolkit that can be used to custom develop application layer cryptography solutions offering “strong encryption”, message digests (digital signatures), and several industry specific security features. The CryptoXpress SDK produces compatible results across many platforms including Windows, Linux (Red Hat and SUSE), HPUX, Solaris, and IBM’s xSeries, pSeries, zSeries and iSeries. Implementation of the supported cryptography algorithms is verified using test vectors published by the National Institute of Standards and Technology (NIST). The cross platform capabilities of CryptoXpress SDK allow users to encrypt data on any supported platform and decrypt it on any supported platform. CryptoXpress SDK also supports several credit card security features including Luhn Formula Validation and card number masking. The LUHN formula is used to validate and verify the accuracy of credit-card numbers. CryptoXpress SDK also provides a method that masks credit card numbers for display consistent with The Payment card Industry/Cardholder Industry Security Standards (PCI/CISP). For example, only the last four digits of the account number can be displayed. CryptoXpress SDK provides a function that correctly masks this data. CryptoXpress SDK provides a HTTP gateway to the United States Postal Service’s Address Information APIs. Companies that use the USPS for shipping merchandise can use these APIs to validate address information or to complete incomplete address information. The service is useful in reducing fraud, improving customer service, eliminating shipping errors and reducing the cost of processing customer orders.

The cryptography algorithms supported include:

Multiple “strong encryption” encryption/decryption algorithms support:

TripleDES

AES 128-bit

AES 256-bit

Multiple message digest algorithms support:

MD5

SHA1

HMACMD5

HMACSHA1

Since there are thousands of possible ways to deploy encryption, CryptoXpress SDK simplified the selection process by reducing the selection to six “preferred” combinations:

AES128/PKCS5Padding/ECB 128-bit encryption

AES256/PKCS5Padding/ECB 256-bit encryption

AES128/PKCS5Padding/CBC 128-bit encryption

AES256/PKCS5Padding/CBC 256-bit encryption

TripleDES/PKCS5Padding/ECB effectively 112-bit encryption

TripleDES/PKCS5Padding/CBC effectively 112-bit encryption

CFXWorks recommends the use of AES encryption where there is a need to deploy “strong encryption”. The reasoning is as follows. On May 19, 2005, NIST announced the withdrawal of the (single) Data Encryption Standard (DES) as specified in FIPS 46-3. DES no longer provides the security that is needed to protect Federal government information. Federal government organizations are now encouraged to use FIPS 197, Advanced Encryption Standard (AES), which specifies a faster and stronger algorithm. For some applications, Federal government departments and agencies may use the Triple Data Encryption Algorithm (Triple DES) as specified in NIST Special Publication 800-67. Triple DES is also supported by CryptoXpress SDK. Although thought to be considerably less secure than even AES 128-bit encryption, Triple DES is still commonly used in some industries.

The NIST published test vectors for the following modes of operation. Therefore CryptoXpress also supports these additional modes but does not recommend their use for production environments.

AES128/NoPadding/ECB 128-bit encryption

AES256/NoPadding/ECB 256-bit encryption

AES128/NoPadding/CBC 128-bit encryption

AES256/NoPadding/CBC 256-bit encryption

CryptoXpress SDK also supports several credit card security features including Luhn Formula Validation and card number masking. The LUHN formula (also known as the Modulus 10 or Mod 10 algorithm) is used to generate, validate and verify the accuracy of credit-card numbers. CryptoXpress SDK provides a function that validates that a value passed to the function passes the Luhn formula test. The Payment card Industry/Cardholder Industry Security Standards (PCI/CISP) require that credit card numbers be masked when they are displayed. For example, only the last four digits of the account number can be displayed. CryptoXpress SDK provides a function that correctly masks this data. CryptoXpress SDK supports the following credit card industry processing functions:

LUHN formula (Mod 10) validation The LUHN formula, created in the late 1960s by a group of mathematicians, was adopted by credit card companies shortly thereafter. Because the algorithm is in the public domain, it can be used by anyone. The LUHN formula (also known as the Modulus 10 or Mod 10 algorithm) is used to generate, validate and verify the accuracy of credit card numbers. Almost all institutions that create and require unique account or identification numbers use the Mod 10 algorithm. For example, the LUHN formula is widely used to validate many different forms of account numbers. CryptoXpress SDK provides a function that validates whether or not a value passed to the function passes the Luhn formula test.

Account number masking as per credit card processing industry standards The Cardholder Industry Security Standard (CISP) and Payment Card Industry Data Security Standard (PCI) both limit the number of digits that can be displayed when displaying the credit card account number. CryptoXpress SDK provides a function that masks all but the last “n” number of digits of the account number. The programmer can control the value of “n”.

CryptoXpress SDK provides an HTTP gateway to the United States Postal Service’s Address Information APIs. Companies that use the USPS for shipping merchandise can use these APIs to validate address information or to complete incomplete address information. The Address Information APIs are useful in reducing fraud, improving customer service, eliminating shipping errors and reducing the cost of processing customer orders. CryptoXpress SDK provides a gateway to the USPS Address Information server. CryptoXpress SDK performs the following tasks:

Requested information passed to CryptoXpress SDK is validated against the USPS guidelines. If an error is found, CryptoXpress SDK rejects the request and returns an error code

If the request is valid, CryptoXpress SDK constructs an XML document, as per the USPS specification, and forwards this document to the USPS Server using HTTP

CryptoXpress SDK reads the XML response from the USPS server

CryptoXpress SDK parses the XML response and extracts the response values from the document

The CryptoXpress SDK gateway adds value to the process by:

Automating the address validation and lookup process

Formatting the XML document and parses the values from the USPS response. No XML skills are required by users of CryptoXpress SDK

Sending the request to the USPS and reads the response. No Internet programming skills are required by users of CryptoXpress SDK

Why use CryptoXpress SDK:

Encryption complexity reduced to 6 best practices deployment scenarios

Message digest complexity reduced to 4 best practices deployment scenarios

IBM Certified across numerous IBM and non-IBM H/W & S/W platforms

Consistency verified across all supported environments

Correctness of SDK implementation verified using NIST test vectors

Resource & skill level minimized by use of “best practices” scenarios

Commercial grade, strong encryption SDK for Java programmers.

Evals & Downloads: Read the CryptoXpress SDK Manual - Requires Acrobat Reader, Read the CryptoXpress SDK License - Requires Acrobat Reader

Operating System for Deployment: Windows XP, Windows Server 2003, Windows 2000, Sun Solaris 10, Sun Solaris 8, IBM AIX 5.x, Red Hat Enterprise Linux 4.x, SUSE Linux 9.x

Architecture of Product: 32Bit

Product Type: Component

Component Type: Java Class

Application Servers: IBM WebSphere (TM), Jakarta Tomcat

Compatible Containers: JBuilder 2006, IBM VisualAge for Java 3, Oracle JDeveloper 11g, IBM WebSphere Studio

Keywords: AES TripleDES 3DES encryption digests

Encryption Encrypt Encoding encode encodes decryption Decrypt decrypting cypher

Credit Card Creditcard Authorization authorize authorise authorisation