ERCIM News No.32 - January 1998

SECUDE - A General Purpose Security Toolkit

by Wolfgang Schneider

Authenticity and protection of privacy is an increasing concern of everyone as electronic information storage and exchange is rapidly growing. Example applications where security is needed are the privacy of sensitive e-mail, unforgeable digitally signed electronic forms and contracts, encryption of local files, network authentication, electronic data interchange and software distribution. The use of public-key cryptography makes authenticity achievable and manageable in an open electronic communication society of a large scale.

SECUDE (Security Development Environment) is a portable general-purpose security toolkit for Unix and Personal Computer systems (MS-DOS, Windows 95/NT). The free contribution of SECUDE for non-commercial use is part of efforts in GMD to facilitate the open, authentic and privacy-preserving electronic telecooperation between people.

SECUDE is a security toolkit which incorporates well known and established symmetric and public-key cryptography. It offers a library of security functions and a well documented C Application Program Interface which allows to incorporate security into virtually any application. In addition there are a number of ready-to-use utilities with the following features:

Benchmarks of selected algorithms (kbit/sec, Pentium 133, WinNt-4.0).

Algorithm Encryption
(in Kbit/s)
(in Kbit/s)
DES-BC 7272 7272
Triple DES 2749 2666
RSA (512 bit) 51.20 4.26
RSA (1024 bit) 34.13 1.44

A Personal Security Environment typically contains the user's private and public key (the latter wrapped in an X.509 certificate), the public root key which the user trusts, the user's distinguished name, the user's login name, and the forward certification path to the user's root key. In addition, the Personal Security Environment allows to securely store other's public keys after their validation (allowing henceforth to trust them like the root key without verifying them again), and certificate revocation lists (CRLs).

SECUDE provides two different Personal Security Environment realizations, a SmartCard environment and a DES-encrypted directory.

Both are only accessible through the usage of Personal Identification Numbers (PIN). SmartCards require a particular hard- and software environment. SECUDE supports different devices, eg the German Telekom system TCOS combined with the Siemens Nixdorf card reader B1.

An Internet Privacy Enhanced Mail implementation (PEM RFC 1421-1424) is part of SECUDE. It provides a PEM filter which transforms any input text file into a PEM formatted output file and vice versa, and which should be capable of being easily integrated into Mail-User Agents or CA tools.

As an additional functionality which goes beyond RFC 1421-1424, SECUDE-PEM may be configured with an integrated X.500 DUA which allows, for instance, automatic retrieval of certificates and CRLs during the PEM de-enhancement process.

Please contact:

Wolfgang Schneider - GMD
Tel: +49 6151 869 700

return to the contents page