The kit, BCert 1.0, gives software developers the tools and cryptography to create applications that use, manage, or issue digital certificates. On intranets, digital certificates can be used to limit access to particular corporate documents. On the public Net, they can be used for secure email or to identify both parties in a transaction or data exchange.
RSA expects most users to create internal applications for intranets.
"Creating applications that create digital certificates is a very complex and difficult process, even though the concept of digital IDs is simple to describe," said Kurt Stammberger, RSA director of technology marketing. "A lot of the developers we have worked with over the years were complaining."
The BCert tools are designed to dovetail with the handful of certification authorities that exist today, but BCert would help firms go into business to compete with certificate authorities such as GTE. The U.S. Postal Service which will soon begin issuing digital certificates, and VeriSign, an RSA spinoff in which RSA and its parent company, Security Dynamics Technologies (SDTI) own a stake.
"If they want to become a CA, like GTE or VeriSign, then a good first step would be to build applications and a certification infrastructure with BCert," Stammberger said. "We made it a lot easier to develop software to take on that role.
"But software is only part of the game," he added. "Issuing certificates is largely a legal and service business. The legalese is often as complex as the cryptography involved."
Greg Smirin, VeriSign's product line manager for public services, thinks RSA's new toolkit will complement the efforts of public CAs and the "certificate servers" that both Microsoft and Netscape Communications have announced.
Digital IDs generated by certificate servers or applications built with RSA's toolkit could handle certificates for internal purposes. For specific documents or to make an internal digital ID accepted on the public Internet or by other companies, a request could be generated for a public CA such as VeriSign to countersign the document.
"We think [RSA's announcement] is a good thing, and we participated in the development of a number of these," Smirin told CNET.
BCert 1.0 supports the internationally recognized CCITT X.509 Digital Certificate protocol. Each certificate contains the issuer's name, the user's public key and identifying information, and the issuer's RSA digital signature. This signature, which validates the certificate, also "seals" the certificate to prevent forgery or alteration.
BCert is part of RSA's next-generation architecture, the Layered Open Crypto Toolkit (LOCT), announced in January. BCert 1.0 is available in the United States at a $290 list price from RSA and Security Dynamics direct sales forces, as well as from their Web sites.