Getting a CSP Signed
In accordance with the U.S. Department of Commerce's export restrictions concerning cryptography, Microsoft must digitally sign every CSP so that it will run on Microsoft operating systems. The primary purpose of the digital signature is the protection of the system and its users. The operating system validates this signature periodically to ensure that the CSP has not been tampered with. A secondary effect of the digital signature is that it separates applicable export controls on the CSP from the host operating system and applications, thus allowing broader distribution of encryption-enabled products than would be possible under other circumstances.
Generally, U.S. export law limits the export outside the United States or Canada of products that host strong encryption or an open cryptographic interface. The digital-signature requirement effectively prevents arbitrary use of CryptoAPI and enables export of the host operating system and CryptoAPI-enabled applications. By removing encryption services from host systems and applications, CryptoAPI places the burden of U.S. encryption export restrictions on the CSP vendor, who is subject to those controls regardless.
Send e-mail to firstname.lastname@example.org if you have questions and comments about the CSP signing mechanism, signing procedures, and CryptoAPI licensing policy. You can request a Microsoft Cryptographic Service Provider Developer's Kit from the Security node of this Microsoft Web site.
CSP vendors might want to consult the U.S. Commerce Department, Bureau of Export Administration, Office of Exporter Services for assistance in the classification and/or export licensing of CSPs for export from the United States.
The following steps describe the process required to sign a CSP.
Sign the CSP .dll file by using a Windows Mobile Code Signing certificate.
Sign the CSP .dll file by using a Windows Embedded CE CSP certificate.
Send the CSP .dll that is signed with the Windows Mobile Code Signing certificate to email@example.com so that it can be signed with a Windows Embedded CE CSP certificate.
Microsoft makes sure that the CSP .dll received was signed by a valid certificate. If all checks pass, Microsoft sends you the CSP .dll signed with the Windows Embedded CE CSP certificate.
If checks fail, you will be notified and can resubmit the CSP .dll later.
- Send the CSP .dll that is signed with the Windows Mobile Code Signing certificate to firstname.lastname@example.org so that it can be signed with a Windows Embedded CE CSP certificate.
Add the approved CSP .dll to your run-time image.
You must repeat the CSP signing process for the CSP .dll every time that it is modified after it is officially signed and approved. The CSP certification process can require from five to seven business days.
|The non-Microsoft software and hardware referenced in these documents are included for illustrative purposes only. Illustrations that use such third-party software and hardware as examples are not intended to be an endorsement or recommendation of any of these products. We provide this information only as a convenience for our customers for purposes of explaining a practical application and do not provide warranties of any kind, whether express, implied, or statutory, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.|