Support Center > Search Results > SecureKnowledge Details
OPSEC SDK - SHA-256 support
Solution

The cryptography libraries used by the previous OPSEC SDK only support verification of certificates and CRLs signed using SHA-1.

As a result, any communication that attempts to verify a certificate or CRL signed using SHA-256 (or newer) will fail.

  • Refer to sk103840 for more information regarding SHA-1 and SHA-256 signatures. 
  • Refer to sk110432 for more information regarding SHA-512 signature.

A new SDK, that supports SHA-256, is available for Linux OS and Windows OS:

OS OPSEC SDK Package Description
OPSEC SDK Package for Linux 50

ELF libraries compiled using gcc version 4.4.6, libc version 2.5, and libstdc++ version 6.0.8
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.

OPSEC SDK Package for Linux 30

ELF libraries compiled using gcc version 3.2.3, libc version 2.3.2, and libstdc++ version 5.0.3
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.

OPSEC SDK Package for Windows Compiled using MSVC6.0

 

An additional version of the new SDK, which also provides support for TLS1.2, is available:

Note: This package was not tested as thoroughly as the above package.

OS OPSEC SDK Package Description
OPSEC SDK Package for Linux 50
(with TLS1.2 support)

ELF libraries compiled using gcc version 4.4.6, libc version 2.5, and libstdc++ version 6.0.8
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.

OPSEC SDK Package for Linux 30
(with TLS1.2 support)

ELF libraries compiled using gcc version 3.2.3, libc version 2.3.2, and libstdc++ version 5.0.3
For compatibility between gcc compilers, refer to ABI Policy and Guidelines.

OPSEC SDK Package for Windows -
MSVC 6 (with TLS1.2 support)
Compiled using MSVC6.0
OPSEC SDK Package for Windows -
MSVC 10 (with TLS1.2 support)
Compiled using MSVC10.0

 

Additional details:

There are several new libraries in the SDK:

  • ProdUtils
  • cpxerces_c
  • CPStrings
  • cplic_cntrct
  • cvars
  • cpexpat

Note: When compiling on Linux OS, the order of library linkage is important due to dependencies.


The following is an example of a validly ordered (dependency-wise) list of the SDK libraries that includes the new libraries:

-lsicobj -lopsecext -lmastersapi -llogfilter -lfwsmtpobj -lfwadb -lCPMIClient501
-lCP_version_info -lCPMIBase501 -lopsec -lReg -lobjlib -lcpxerces_c -lCPStrings -lobjlibclient
-lResolver -lcpprod50 -lCPSrvIS -lcplic_cntrct -lcpsic -lsicauth -lskey -lfwsetdb -lndb -lmessaging
-lsic -lcp_policy -lcvars -lcpexpat -lcpca -lckpssl -lcpcert -lcpcryptutil -lEncode -lcpprng
-lProdUtils -lcpbcrypt -lcpopenssl -lAppUtils -lComUtils -lResolve -lEventUtils -lDataStruct -lOS

And for static builds:

-lsicobj -lopsecext -lmastersapi -llogfilter -lfwsmtpobj -lfwadb -lCPMIClient501
-lCP_version_info -lCPMIBase501 -lopsec -lReg -lobjlib -lcpxerces_c -lCPStrings -lobjlibclient
-lResolver -lcpprod50 -lCPSrvIS -lcplic_cntrct -lcpsic -lsicauth -lskey -lfwsetdb -lndb -lmessaging
-lsic -lcp_policy -lcvars -lcpexpat -lcpca -lckpssl -lcpcert -lcpcryptutil -lEncode -lcpprng
-lasn1cpp -lProdUtils -lcpbcrypt -lcpopenssl -lAppUtils -lComUtils -lResolve -lEventUtils -lDataStruct -lOS

 

OPSEC SIC Utilities:

In addition to the OPSEC SDK package, new versions of the opsec_putkey and opsec_pull_cert utilites are available:

OS OPSEC SIC Utilities Description
OPSEC Utils for Linux 50

ELF Executables compiled using gcc version 4.4.6, libc version 2.5, and libstdc++ version 6.0.8

OPSEC Utils for Linux 30

ELF Executables compiled using gcc version 3.2.3, libc version 2.3.2, and libstdc++ version 5.0.3

OPSEC Utils for Windows - MSVC 6.0

Compiled using MSVC6.0

OPSEC Utils for Windows - MSVC 10.0

Compiled using MSVC6.0

 

Notes:

  • This SDK is considered an EA version.
  • CPMI is no longer fully supported in R80 (regardless of the SDK).
  • For more information regarding OPSEC, refer to sk63026 - OPSEC SDK.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment