Introducing CAPICOM

Summary: CAPICOM is a new security technology from Microsoft that allows Microsoft Visual Basic, Visual Basic Script, ASP, and C++ programmers to easily incorporate digital signing and encryption into their application.

Contents

Introduction
What Is CAPICOM?
What Can CAPICOM Do?
Signing Data with CAPICOM
Safe from Prying Eyes
A Message for Only Alice and Bob
Minding the Store
Platform Availability
Where to Get It
Feedback and Questions

Introduction

This article introduces CAPICOM, a new security technology from Microsoft. It covers the basic features of CAPICOM. This article is recommended reading for anyone building applications involving digital certificates, digital signatures, encryption, or public key cryptography.

What Is CAPICOM?

CAPICOM is a Microsoft ActiveX control that provides a COM interface to Microsoft CryptoAPI. It exposes a select set of CryptoAPI functions to enable application developers to easily incorporate digital signing and encryption functionality into their applications. Because it uses COM, application developers can access this functionality in a number of programming environments such as Microsoft Visual Basic, Visual Basic Script, Active Server Pages, Microsoft JScript, C++, and others. CAPICOM is packaged as an ActiveX control, allowing Web developers to utilize it in Web based applications as well.

What Can CAPICOM Do?

CAPICOM can be used to enable the following tasks:

Digitally sign data with a smart card or software key

Verify digitally signed data

Graphically display certificate information

Inspect certificate properties such as subject name or expiration date

Add and remove certificates from the certificate stores

Encrypt and decrypt data with a password

Encrypt and decrypt data using public keys and certificates

Signing Data with CAPICOM

CAPICOM can sign data whether it is binary or text. CAPICOM can digitally sign data with a certificate issued from a commercial Certificate Authority (CA) such as Verisign, a certificate issued from a Microsoft Windows 2000 PKI, or a self-signed certificate. CAPICOM use a certificate whose private key is stored in software, on a smart card, or on a USB token device. The application developer can either pre-select the certificate needed during the signing operation or allow the user to choose, if he or she has more than one certificate. Figure 1 shows the dialog presented to the user when he or she has more than one certificate.