NanoCAP

NanoCAP is the Cryptographic Abstraction Platform (CAP) component of the TrustCore SDK.

NanoCAP is an API layer used to request cryptographic operations, which the underlying operator implementations will execute.

The primary design goal of the CAP layer is to provide a framework to integrate third-party crypto algorithm library implementations. This setup allows applications using the crypto interface APIs to be agnostic to the underneath implementation.

Review the following high-level design of NanoCAP’s operator model:

Figure ­1-­­NanoCAP ­Layer ­Component Interaction

NanoCAP is available in two models:

License

This project is available under a dual-license model:

• Open Source License: GNU Affero General Public License v3 (AGPL v3): This license allows you to use, modify, and distribute the code for free in accordance with AGPL terms.
• Commercial License: If you wish to use TrustCore SDK in a proprietary or commercial product (e.g., embedded in closed-source firmware or commercial SaaS applications), a commercial license is available under DigiCert’s Master Services Agreement (MSA). Contact us at sales@digicert.com for commercial licensing details.

Key features

• Integration flexibility: Enables applications and security stack solutions to integrate and utilize cryptographic algorithms without requiring knowledge of the underlying implementation.
• Abstraction and agnosticism: Defines abstracted context and functional interfaces that makes it simple to integrate with applications without relying on the details of the underlying cryptographic implementation.
• Operator code framework: Establishes a well-defined set of operation codes with algorithm-specific inputs and outputs. This framework ensures that cryptographic implementations are presented as operators in a separate layer. Additionally, multiple operator implementation layers can be plugged in.
• Restrictions: Enforces necessary restrictions on specific cryptographic algorithms and their corresponding usage.

• Note

  NanoCAP offers a clear separation between the abstract layer and the underlying third-party cryptographic implementations. This setup allows the application to be exported outside the United States, bypassing cryptographic export restrictions.