|
|
GoldKey API
Copyright © 2007-2011 GoldKey Security Corporation. All rights reserved.
|
Create Your Own Applications
GoldKey Security Corporation provides a simple C/C++ API for software developers to quickly integrate GoldKey
support into their applications. This API includes a header file and dynamically linked library for Windows and
OS X. Developers that are already using smart cards in their applications will notice that GoldKeys operate
considerably faster. Now, programmers with various coding backgrounds can easily take advantage of GoldKey
technology.
Remote Authentication
The GoldKey API makes it easy for network applications to use GoldKeys for robust mutual authentication. This authentication uses a proprietary AES-256 challenge and response handshake. Once the handshake completes, two session keys are known by the server and the client software. These session keys can be used to encrypt communication in network applications protecting against man-in-the-middle attacks.
The first time a GoldKey authenticates with a server, an association is created between the GoldKey and a Server Key in the server and stored in the server’s database. The API makes it easy to create associations, and since the Server Key is used, not even the server has the ability to authenticate as the GoldKey. This has many of the benefits of a PKI solution but is done completely with AES-256. The whole authentication process involves only two function calls to the GoldKey API. One call to start the authentication and another to finish it.
GoldKey Encryption Header Support
GoldKey encryption headers contain a hidden secret that can be used to encrypt a file, or any other data. The hidden secret is 32 bytes long and is encrypted with AES-256. A GoldKey can make an unlimited number of encryption headers, and the GoldKey is required to reveal the hidden secret. These headers also have built in support for GoldKey groups and GoldKey Master Token management. This means that the registered Master or GrandMaster of a GoldKey will always be able to open its encryption headers, and GoldKey groups can be used to share encryption headers.
The GoldKey API makes it easy to create and use the encryption headers. Best of all, Master Token support is automatically built into applications that use it.
RSA Private Key Encryption
GoldKeys can be used to store up to 4 RSA key pairs. The public certificate can be read off of the GoldKey while the private key must be used inside of the token to keep it secure. The GoldKey API makes it easy to read certificates and use the private keys stored on the token. This allows support for standard PKI authentication methods and other RSA encryption needs.
Random Number Generation
Every GoldKey has a built-in random number generator. The GoldKey API allows software developers to generate truly random data using the GoldKey. The number generation is relatively fast and easy to use, and it’s much more robust than software alternatives.
GoldKey Management
The GoldKey API can automatically prompt for the GoldKey PIN whenever it is required. If a new GoldKey is connected, the API can also automatically allow the user to personalize the GoldKey right away from within the running application. This greatly improves the user experience. Applications can also launch the Master Token management menu through the API for full Master Token integration.
Information on the GoldKey
The GoldKey can store several data objects defined in the PIV specification. There is also GoldKey specific information such as a unique ID, a description, and a list of groups. All of this information is available to software developers through the GoldKey API.
Supported Environments
The GoldKey API is written for the C and C++ programming languages. It will run on Windows XP/Vista/7 and Mac OS X Tiger, Leopard, and Snow Leopard.
The GoldKey API makes it easy for network applications to use GoldKeys for robust mutual authentication. This authentication uses a proprietary AES-256 challenge and response handshake. Once the handshake completes, two session keys are known by the server and the client software. These session keys can be used to encrypt communication in network applications protecting against man-in-the-middle attacks.
The first time a GoldKey authenticates with a server, an association is created between the GoldKey and a Server Key in the server and stored in the server’s database. The API makes it easy to create associations, and since the Server Key is used, not even the server has the ability to authenticate as the GoldKey. This has many of the benefits of a PKI solution but is done completely with AES-256. The whole authentication process involves only two function calls to the GoldKey API. One call to start the authentication and another to finish it.
GoldKey Encryption Header Support
GoldKey encryption headers contain a hidden secret that can be used to encrypt a file, or any other data. The hidden secret is 32 bytes long and is encrypted with AES-256. A GoldKey can make an unlimited number of encryption headers, and the GoldKey is required to reveal the hidden secret. These headers also have built in support for GoldKey groups and GoldKey Master Token management. This means that the registered Master or GrandMaster of a GoldKey will always be able to open its encryption headers, and GoldKey groups can be used to share encryption headers.
The GoldKey API makes it easy to create and use the encryption headers. Best of all, Master Token support is automatically built into applications that use it.
RSA Private Key Encryption
GoldKeys can be used to store up to 4 RSA key pairs. The public certificate can be read off of the GoldKey while the private key must be used inside of the token to keep it secure. The GoldKey API makes it easy to read certificates and use the private keys stored on the token. This allows support for standard PKI authentication methods and other RSA encryption needs.
Random Number Generation
Every GoldKey has a built-in random number generator. The GoldKey API allows software developers to generate truly random data using the GoldKey. The number generation is relatively fast and easy to use, and it’s much more robust than software alternatives.
GoldKey Management
The GoldKey API can automatically prompt for the GoldKey PIN whenever it is required. If a new GoldKey is connected, the API can also automatically allow the user to personalize the GoldKey right away from within the running application. This greatly improves the user experience. Applications can also launch the Master Token management menu through the API for full Master Token integration.
Information on the GoldKey
The GoldKey can store several data objects defined in the PIV specification. There is also GoldKey specific information such as a unique ID, a description, and a list of groups. All of this information is available to software developers through the GoldKey API.
Supported Environments
The GoldKey API is written for the C and C++ programming languages. It will run on Windows XP/Vista/7 and Mac OS X Tiger, Leopard, and Snow Leopard.
Resources
Next Steps