Encryption Algorithms (Ciphers)

IN THIS PAGE

Included Encryption Algorithms
Export Controls on the Encryption Algorithms
Adding Additional Algorithms
Alternatives to OpenSSL
Installation issues

Description

Alpha Anywhere and the Alpha Application Server use OpenSSL and its redistributable DLLs in order to provide SSL and other encryption functionality. While Alpha Software distributes a set of DLLs with a limited set of encryption algorithms, Alpha Software makes no claims regarding their usability and takes no responsibility and accepts no liability for their use in customer applications. These algorithms are made available for development and testing purposes only. The Alpha Anywhere user accepts full responsibility for obtaining permission/licensing to use any patented algorithms from the appropriate source(s) before deploying any applications.

Included Encryption Algorithms

The OpenSSL DLLs distributed with Alpha Anywhere, and used by the INET::SSLContext object and the A5_Decrypt_Binary(), A5_Decrypt_String(), A5_Encrypt_Binary(), and A5_Encrypt_String() functions, support the following encryption

Blowfish
CAST
DES
RC2
RC4

Additionally, Blowfish has several modes available. Specifying "blowfish" or not specifying any algorithm at all will default to CBC. You can explicitly specify a mode by using the following algorithm names

blowfish-cbc
blowfish-ecb
blowfish-cfb
blowfish-ofb

Export Controls on the Encryption Algorithms

The algorithms included in the OpenSSL DLLs distributed by Alpha Software are subject to the following export restrictions.

You may not be a citizen, national, or resident of, and are not under control of, the government of Cuba, Iran, Sudan, Libya, North Korea, Syria, nor any country to which the United States has prohibited export. You may not download or otherwise export or re-export this software, directly or indirectly, to the above mentioned countries nor to citizens, nationals or residents of those countries. You may not be listed on the United States Department of Treasury lists of Specially Designated Nationals, Specially Designated Terrorists, and Specially Designated Narcotic Traffickers, nor are you listed on the United States Department of Commerce Table of Denial Orders. You will not download or otherwise export or re-export the Programs, directly or indirectly, to persons on the above mentioned lists. You will not use this software for, and will not allow the Programs to be used for, any purposes prohibited by United States law, including, without limitation, for the development, design, manufacture or production of nuclear, chemical or biological weapons of mass destruction. You agree that U.S. export control laws and other applicable export and import laws govern your use of the programs, including technical data. You agree that neither the programs nor any direct product thereof will be exported, directly, or indirectly, in violation of these laws, or will be used for any purpose prohibited by these laws including, without limitation, nuclear, chemical, or biological weapons proliferation.

Adding Additional Algorithms

Because Alpha Anywhere and the Application Server rely on OpenSSL DLLs to provide encryption, the specific encryption algorithms available may be modified by replacing the included OpenSSL DLLs with OpenSSL DLLs specifically compiled to support the desired algorithms. As noted above, Alpha Anywhere user accepts full responsibility for obtaining permission to use patented algorithms. To replace the included DLLs,

Delete or rename libeay32.dll and openssl32.dll within the Alpha Anywhere or Application Server installation directory, if they exist.
Place copies of libeay32.dll and openssl32.dll that have the desired functionality within the Windows/system32 folder if you'd like them to be used by all software on your system, or in the Alpha Anywhere or Application Server program folder if you'd like to have them used on by Alpha.
Restart Alpha Anywhere or the Application Server. It is possible that you will need to reboot the computer.

For more information on obtaining and building OpenSSL DLLS, visit the OpenSSL web site at www.openssl.org

Alternatives to OpenSSL

In Version 11, Alpha Anywhere supports the .NET Framework. The .NET System::Security::Cryptography namespace includes classes for many types of encryption. See DotNet Example: Digital Hash for some samples and references.

Installation issues

If you have an older copy of OpenSSL in use on your machine when Alpha Anywhere installs, you may get a message about a missing export in libeay32.dll. Sometimes the installation will succeed if you click OK from the error message. Sometimes you will have to reboot the computer and reinstall Alpha Anywhere. In a worst case, you will have to manually delete all copies of libeay32.dll and openssl32.dll from your machine, reboot, and reinstall Alpha Anywhere.