System Architecture

The CryptoAPI system architecture is composed of five different major functional areas, as shown in the following illustration. The functional areas are: certificate encode/decode functions, certificate store functions, base cryptographic functions, low-level message functions, and simplified message functions.

Except for the base cryptographic functions, the names of the functions contained in each of the functional areas have a key word in their name indicating the functional area. Those key words are described as follows:

• There are two general purpose functions in the certificate encode/decode functional area: CryptDecodeObject and CryptEncodeObject.
• Certificate store function names contain the word "Store."
• Low-level message function names contain the word "Msg."
• Simplified message function names contain the word "Message."
• All of the remaining functions are the base cryptographic functions.

An application can communicate with any of these functional areas through the functions contained therein. These functions, when taken in total, make up the CryptoAPI. The base cryptographic functions, in turn, rely upon the CSPs to provide the necessary cryptographic algorithms and to provide secure storage for any cryptographic session or public or private keys that may be generated.

Notice that, although an application can communicate directly with any of the five functional areas, it cannot communicate directly with a CSP. All application-to-CSP communications must occur through the base cryptographic functions exposed in the CryptoAPI. Each base cryptographic function that communicates with a CSP has a parameter that specifies which CSP to use.