Our CFX_ENCRYPT_AES 128 and CFX_ENCRYPT_AES 256 were written in the C programming language and compiled as 32-bit Windows' DLLs. These tags were originally authored in the 2001 timeframe. Since then there have been two significant changes that will impact some users of these tags.

• Microsoft chose not to support 32-bit DLLs on their 64-bit operating systems. Therefore, our 32-bit tags, CFX_ENCRYPT_AES 128 and CFX_ENCRYPT_AES 256, will not work on 64-bit Microsoft operating systems.



• The original AES standard and test vectors published by the National Institute of Standards and Technology (NIST) for AES encryption did not specifically address several issues relative to how keys and initialization vectors should be handled. This left room for interpretation that have and will caused cross platform and cross language incompatibilities. For example the inability to decrypt data encrypted on a different platform or encrypted using a different language.

CFXWorks does offer a new solution to both of the above issues called CryptoXpress CF. We offer to licensed users of our older 32-bit encryption tags a free upgrade to our Java encryption tag CryptoXpress CF. This tag will run on both 32-bit and 64-bit platforms. Most of our users have already elected to upgrade to this new tag.

On May 19, 2005 the National Institute of Standards and Technology (NIST) announced the withdrawal of the (single) Data Encryption Standard (DES) as specified in FIPS 46-3. DES no longer provides the security that is needed to protect Federal government information. Federal government organizations are now encouraged to use FIPS 197, Advanced Encryption Standard (AES), which specifies a faster and stronger algorithm. For some applications, Federal government departments and agencies may use the Triple Data Encryption Algorithm (Triple DES) as specified in NIST Special Publication 800-67. Triple DES is also supported by CryptoXpress CF. Although thought to be considerably less secure than even AES 128-bit encryption, it is still commonly used in some industries.

CryptoXpress CF supports multiple encryption/decryption algorithms including AES 128-bit, AES 256-bit and TripleDES. These algorithms meet the "string encryption" requirements as defined by all known federal, state and industry regulations, including:

CryptoXpress CF can be used to encrypt and decrypt text, files and fields within a database. It supports EBCDIC, ASCII and binary data. Although it supports multiple encryption algorithms, the preferred encryption technology today is AES. AES is a block cipher (symmetric key) encryption algorithm that uses 128-bit, 192-bit and 256-bit key sizes.

CryptoXpress CF supports multiple message digest algorithms including MD5 and SHA1.

A message digest (also sometimes referred to as a one-way hash function) is a fixed length computationally unique identifier corresponding to a set of data. The result of the algorithm is that each file or data string digested will map to a particular block of information called a message digest. The digest is not random; digesting the same unit of data with the same algorithm will always produce the same message digest.

Most users prefer to use the MD5 message digest algorithm. MD5 belongs to a family of one-way hash functions called message digest algorithms. The MD5 system is defined in RFC 1321. MD5 takes a message of arbitrary length and produces as output a 128-bit message digest. It is conjectured that it is computationally infeasible to produce two different messages having the same message digest, or to produce any message having a given message digest.

RFC 1321 also defines a certification suite to validate correct implementation of the algorithm. CryptoXpress LT is validated against this suite.

Message digests have many uses. In particular they are used to authenticate data. For example, to create a digest for authentication, data can be digested and the digest saved. Later, to validate that the data has not been altered, the data is digested again and the result is compare against the original digest. If they differ, the data has been altered. This is very different from encryption because the actual data is not modified when it is digested. Encryption is intended to protect the confidentiality of data.