Different tech for different problems
Federal agencies are limited to cryptographic technologies validated by NIST.
Officials at federal agencies are limited in their use of cryptographic technologies to those that have been validated by the National Institute of Standards and Technology. A listing of validated products is published on NIST's Web site at csrc.nist.gov/cryptval.
Many cryptographic products work at a network's application layer and therefore can be used to encrypt or digitally sign any kind of data format or network service, including Extensible Markup Language formats and Web services.
SSH Communications Security Corp.'s SSH Tectia Client and SSH Tectia Server software, for example, create a secure tunnel between desktop and server computers, said Byron Rashed, senior marketing communications manager at SSH. "Anything that goes though the tunnel will be encrypted," he said.
A cryptographic product such as Entrust Inc.'s Verification Server is used to create secure digital credentials. Entrust Messaging Server makes
e-mail secure.
"We work with application developers so that they understand what interfaces are available within the servers," said Gary Moore, chief architect at Entrust CygnaCom Solutions Inc., Entrust's security consulting and testing group.
The Entrust servers use Triple Data Encryption Standard and Advanced Encryption Standard for encrypting data. For digitally signing data, the servers support Digital Signature Standard and the elliptic curve Digital Signature Algorithm. By both encrypting and digitally signing data, the servers keep data private and guarantee that it has not been altered. Whether agency officials choose the verification or the messaging server, Moore said, "they can secure their information through these servers."
NEXT STORY: NIST makes lists