RSA Laboratories

5.2.1 What are CAPIs?

A CAPI, or cryptographic application programming interface, is an interface to a library of functions software developers can call upon for security and cryptography services. The goal of a CAPI is to make it easy for developers to integrate cryptography into applications. Separating the cryptographic routines from the software may also allow the export of software without any security services implemented. The software can later be linked by the user to the local security services. CAPIs can be targeted at different levels of abstraction, ranging from cryptographic module interfaces to authentication service interfaces. The International Cryptography Experiment (ICE) is an informally structured program for testing U.S. government's export restrictions (see Questions 6.2.2 and 6.2.3) on CAPIs. More information can be obtained about this program by e-mail to Some examples of CAPIs include RSA Laboratories' Cryptoki (PKCS #11; see Question 5.3.3), NSA's Fortezza (see Question 6.2.6), Internet GSS-API [Lin93], and GCS-API [OG96]. NSA has prepared a helpful report [NSA95] that surveys some of the current CAPIs.

Top of the page