Volume Number: 13 (1997)
Issue Number: 11
Column Tag: Viewpoint

Viewpoint

by Eric Gundrum

You can't have digital commerce unless you can be certain that your digital data is unadulterated. That's where cryptography comes in. Most people think of cryptography simply as a means to hide data, but actually it is much more useful than that. Through cryptography, we can assure (within reasonable expectations) that a block of data has not been changed by any intermediate party.

Imagine that you are a software publisher, and you want to use the Internet to distribute an update to your software. You could post the update to a few key software distribution sites and let it propagate. Within a day or two everyone would have access to it, but how can you be certain that it was your version of the update that was distributed? What's to stop some malicious person from releasing his own version of your updater and embedding his newly created virus? (Many readers may recall a similar situation with the recent release of a bogus StuffIt Deluxe 4.5 package as a trojan horse.) This problem can easily be prevented through the proper use of cryptography; in this case, digital signatures.

Another use of cryptography is access certificates. Imagine selling your software over the 'Net: your potential customer begins by examining a trial version of your software. The customer decides to purchase the software and sends you payment through some digital means. (Payment could be digital cash, digital checks, credit card information through an SSL connection, or some other means.) Once you have settled the payment with a bank (to be sure it is not fraudulent), you send an authentication code to the customer so they can turn the trial version of the software into the fully paid version. What is that authentication code? Many software companies struggle for countless hours trying to develop a serial number that can't be easily guessed or changed, and contains enough information to be traceable back to the customer in case they give it out for their friends to use. Another limitation of this mechanism is that you, the publisher, must maintain a database to map all the serial numbers to customers. This becomes even more complicated when you have single customers purchasing more than one copy of the product, or add site licenses, multiple versions, or other products.

Access certificates eliminate most of the limitations of serial numbers. An access certificate is a document which contains all the information the software publisher uses to control access to the software. This can include the purchaser's name and contact information and various license restrictions such as how many copies can be used simultaneously or when this use of the software expires. Cryptography is used to digitally sign the access certificate; the software being accessed can check this signature to verify the document has not been altered. The software can read the certificate to determine what restrictions to impose on the use of the software. If the information in the certificate is stored as clear text, then the customer also can see what restrictions are on the license. This certificate serves much the same purpose as a serial number; however, users are much less likely to distribute a certificate to friends when they see that their name and address is included in that certificate.

There are many uses of cryptography besides hiding data. The certificates mentioned above can be extended to limit access to services as well as software. No need for users and groups databases. No need to remember all those different passwords we each have on all the different systems we access. This could make our digital lives so much easier.

We have most of the technology we need to make broad use of cryptography, but the technology is not deployed. The United States Government is actively trying to restrict access to the technology. They prevent software which uses the technology from being exported from the U.S. They also are coercing other governments to impose restrictions on the use of cryptography in those societies. The resulting fear, uncertainty, and doubt make U.S.-based businesses reluctant to develop products that use cryptographic technology, even when those products use only digital signatures, and therefore could easily get an export license.

Some companies, such as Microsoft, PGP and Sun, are actively working to have these export restrictions removed. Unfortunately Apple, as a member of the Key Recovery Alliance, is supporting the anti-cryptography stance of the U.S. Government. PGP http://www.pgp.com/ is the original strong cryptographic technology for the masses, available throughout the world on many platforms. They have done more to relieve the U.S. export restrictions than any other company. Recently, they released a number of new Macintosh products making cryptography easy for anyone to use. They are working on a developer's kit so we developers can add cryptographic services to our applications. Microsoft is building developer-accessible cryptography into a variety of products, including a future version of Windows. Sun has developed a cryptography module (JCE, http://www.javasoft.com/security/) for Java 1.1, but it is not available for the Mac.

Apple's position is quite sad, especially considering that Apple holds patents to some of the strongest cryptographic technology invented and some of the least restrictive licenses to other cryptographic technology. Hopefully, Apple will soon recognize the market opportunities they could develop by making these technologies available to developers as part of the OS. Fortunately there are some Macintosh-friendly software publishers picking up some of the slack, including PGP. Consensus Development http://www.consensus.com/ is another company that has had cryptographic technology available for years. Currently, they have a multi-platform SSL3 library, as well as other technologies in development. If you are interested in learning more about cryptography on the Mac, be sure to check out Vinnie Moscaritolo's crypto pages at http://www.vmeng.com/mc/.