Getting a CSP Signed
Every CSP must be digitally signed so that it will run on Microsoft operating systems. The primary purpose of the digital signature is the protection of the system and its users. The operating system validates this signature periodically to ensure that the CSP has not been tampered with. A secondary effect of the digital signature is that it separates applicable export controls on the CSP from the host operating system and applications, thus allowing broader distribution of encryption-enabled products than would be possible under other circumstances.
Generally, U.S. export law limits the export outside the United States or Canada of products that host strong encryption or an open cryptographic interface. The digital-signature requirement effectively prevents arbitrary use of CryptoAPI and enables export of the host operating system and CryptoAPI-enabled applications. By removing encryption services from host systems and applications, CryptoAPI places the burden of U.S. encryption export restrictions on the CSP vendor, who is subject to those controls regardless.
Prior to May, 2013, it was necessary to follow a process wherein you submitted your CSP to Microsoft to sign on your behalf. However, beginning May, 2013 the process was revised. Authenticode Signing of Third-party CSPs describes the current process.
CSP vendors might want to consult the U.S. Commerce Department, Bureau of Export Administration, Office of Exporter Services for assistance in the classification and/or export licensing of CSPs for export from the United States.
|The non-Microsoft software and hardware referenced in these documents are included for illustrative purposes only. Illustrations that use such third-party software and hardware as examples are not intended to be an endorsement or recommendation of any of these products. We provide this information only as a convenience for our customers for purposes of explaining a practical application and do not provide warranties of any kind, whether express, implied, or statutory, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.|