CryptoSys PKI Pro provides you with an interface to public key cryptography functions from Visual Basic, VB6, VBA, VB.NET, VB20xx, C/C++, C# and Python programs on any modern Windows system XP and above (W11/W10/W8/W7/2008/Vista/2003/XP).
Read the Manual | Features | BUY NOW | Download Trial | Examples
You can create and read enveloped-data, signed-data and compressed-data Cryptographic Message Syntax (CMS, PKCS#7) objects, which you can use in S/MIME email messages; verify the digital signature in a signed-data CMS object; generate and manage RSA and elliptic curve public and private keys; carry out "raw" RSA encryption and digital signing, which you can use in secure XML documents; create and verify ECDSA signatures; make PKCS#10 certificate request files and PFX key storage files, and create and manage X.509 certificate files.
Supports AES-GCM and ChaCha20Poly1305 authenticated encryption, RSA-PSS signatures, RSA-OAEP public key encryption, elliptic curve keys, elliptic curve Diffie-Hellman (ECDH), and ECDSA, Ed25519 and Ed448 signatures in X.509 certificates and CMS signed-data objects.
2023-11-01: Uploaded latest Pascal/Delphi interface v22.0.
2020-06-02: Released xmlsq our new free XML Simple Query utility. xmlsq is a simple lightweight utility to query XML documents using XPath 1.0. Use xmlsq together with CryptoSys PKI to analyze XML-DSIG and XMLENC documents. For example, see how xmlsq is used in XML-DSIG and the Chile SII - Revisited 2020.
See Data Exchange in the German Health Service with CryptoSys PKI“ We have used CryptoSys PKI for all data exchange with health insurance ever since the transition from PEM to PKCS/CMS some fifteen years ago, and it has always performed flawlessly.
That is why we are pleased that we can now use this tried and trusted toolkit for electronic prescriptions as well, instead of having to deal with the unreliable mess of cryptographic support in .NET and Windows. ”
—Rechenzentrum für Apotheken Hildegard Schröter GmbH, Lutherstadt Wittenberg, Germany.
For more details about upgrading from an older version, see Upgrading to CryptoSys PKI Pro.
See how CryptoSys PKI compared in the CMS (RFC 3852) Implementation Report [PDF (98 kB)] back in 2009 (we're implementation #3).
Other utilities included in the toolkit are the ability to generate message digest hash values using SHA-1/224/256/384/512, SHA-3, MD5 and RipeMD160; generate HMAC keyed-hash message authentication values, wipe files using 7-pass DOD standards, generate cryptographically-secure random numbers to the strict NIST SP800-90 standard†, prompt for a password, and convert to and from base64-, base58- and hexadecimal-encoded formats. There are versions for both 32-bit and 64-bit platforms included - see Using on a 64-bit system. If you just need standard symmetrical cryptography, see our sister product CryptoSys API (see comparison PKI vs API).
† Note: Our implementation does not use the Dual EC_DRBG component of NIST 800-90 that allegedly contains an NSA backdoor. Nor does CryptoSys PKI use OpenSSL in any form.
CryptoSys PKI Pro uses a straightforward Windows native DLL which is compatible with all modern versions of Windows XP and above (W10/W8/W7/2008/Vista/2003/XP). There is no "COM", no "Active-X", and no requirement to "register" it with Windows to use it. The installed executable has a small footprint. Developers can easily distribute it with their projects made in Visual Basic, VBA, C, C++, VB.NET/VB2010+ or C# (in fact, in any other programming language that will let you call Win32 API functions including Delphi - see Extra Interfaces). A separate executable compiled for 64-bit systems is also included.
For more information on how the RSA key data is stored and how the various functions work together, see RSA Key Formats. For some examples, see the Examples section below. For the theory and more detailed explanations of how RSA is used in practical applications, see RSA algorithm including its use in creating ISO/IEC 9796 signatures in the AUTACK scheme.
Note that CryptoSys PKI Pro is totally independent from our other CryptoSys API product. The two packages do different things and do not require the other in order to work: see a Comparison of CryptoSys Features for a summary.
“ First of All, GREAT PRODUCT your CryptoSys PKI Toolkit. Really, Congratulation on this Great Product, I really liked it. ”
“ I just got my licensed version and try succesfully to distribute my PKI based application on my alternate notebook : it took me a few seconds and it works fine. I spent in the past a lot of time trying to find a so easy to use software for cryptographic actions. Thanks again ! ”
“ Great product - just what I was looking for - bought a copy this morning. ”
“ It seems to be a very good and powerful toolkit ”
“ Thank you very much for the quick and detailed answer. It helped me a lot and now my program works pretty good, I have signed and encrypted my data successfully. ”
“ I wanted to let you know we [purchased] CryptoSys Software to include in an ERP project we are working on in Mexico. I had tried other digital signature products that required the certificate (with private) key first be stored in the Win certificate store and then I wasn't getting the correct signature. So, I guess there is something special about how you are using the .key file that is provided by SAT Mexico. I am very glad I came across your product. Thank you ”
- Herman K.
“ Last Tuesday I have completed the certification process in the DGCI. Everything is as they intend. So CryptoSys PKI can "attack" the Portuguese market. :-) ”
There are three manuals included: a main manual and supplementary ones for .NET and C/C++ programmers. See the documentation page.
Download the latest Trial Edition of CryptoSys PKI Pro now.
Most recent production version 22.1.0 compiled 1 January 2024. Use either
Unzip the zip file and run the
install.exe program inside it, or download the exe program directly and run it.
The Trial Edition is fully-functional and the download includes test functions in Visual Basic (VB6/VBA), VB.NET, C, C++ and C#. The documentation is available online. Please read the licence conditions for the Trial Edition. The trial period is 60 days from the date first installed on your system. Minimum required operating system is Windows XP-SP2 and above (that is, XP/Vista/W7/W8/W10/W11) or Windows Server 2003 and above.
Trouble installing: If Microsoft Defender Smartscreen gives you a warning, see Unrecognized app error. (TL;DR Click "More info" then "Run anyway"). Check that you see "Publisher: D.I. MANAGEMENT SERVICES PTY LIMITED".
Is there a virus in these? Some of the more paranoid anti-virus checkers (notably AntiVir) sometimes show that these downloads contain a "Generic trojan-dropper". This is a false positive. The files are clean. You can upload the files individually to the AV vendors' sites and they will be shown as clean.
All the above files are digitally signed with our signing certificate under the name of D.I. Management Services Pty Limited. You can check the integrity of your DLLs here.
You need to have administrator rights when installing and uninstalling.
You can purchase a licenced version here. Existing licence holders can download the latest Developer Version here.
See Writing an interface in another programming language for advice and examples in how to use CryptoSys PKI with other programming languages, including Visual FoxPro and PowerBuilder.
For Delphi, see the page Using Delphi with CryptoSys API, CryptoSys PKI for more details and some sample code.
Check the integrity of your PKI software against our published checksums and message digests.
Thanks to all users who have suggested improvements and in particular to Bernd Rech for his suggestions, advice and help.
For more information, please send us a message.
This page last updated 12 January 2024