General
What operating systems does the Toolkit support?
While the Toolkit should be portable across most modern operating systems, Toolkit applications require "providers" — for example, for storage and transport — that are often operating-system dependent. The Toolkit currently ships with providers for Windows and Linux, and Voltage will provide support for other operating systems based on demand. Developers interested in writing their own providers should visit the documentation section.
What languages does the Toolkit support?
The Toolkit is written in pure C and can be used with languages that offer full C support.
Will the Toolkit offer APIs for C++ or Java?
While the current Toolkit offers only a C API, Voltage plans to develop APIs for other languages, depending on demand.
Is the Toolkit FIPS certified?
Yes! On April 27, 2005, the Voltage IBE Cryptographic Module 2.0 was awarded FIPS 140-2 Level 1 certification. You can view the validation certificate here.
Can the Toolkit be used on embedded devices?
IBE offers many advantages for embedded devices, and the Toolkit was designed to support environments with limited resources. If you have specific questions about using the Toolkit on a particular device, please contact Voltage.
What's the difference between the Voltage IBE Toolkit and Voltage Reference Server?
The Toolkit is an SDK that you can use to incorporate Identity-Based Encryption (IBE) into your application. The Toolkit provides complete IBE encryption and decryption capabilities; what it doesn't contain, is the ability to generate private keys.
The Reference Server provides the key generation functionality needed to build and test Toolkit applications. The Reference Server is extremely basic; it's implemented as a Toolkit transport provider that can generate any private key on-demand from a generic master secret. For information about other ways to get private keys, click here.
Licensing
In plain English, how is the Toolkit licensed?
The Voltage IBE Toolkit can be used to build IBE client functionality into applications. The Toolkit is distributed in source form, and it includes a copyright license that allows you to (among other things):
- Link, statically or dynamically, against the Toolkit
- Redistribute, for free or for profit, works including or linked against the Toolkit
- Redistribute the Toolkit’s source (modified or unmodified)
In plain English, how is the Reference Server licensed?
The Voltage IBE Reference Server generates IBE private keys. It is a pure development tool and may not be used in a production environment. Specifically:
- The Reference Server may only be used for internal test purposes by a single user.
- The Reference Server may only be used in conjunction with software developed under the Toolkit license.
- Redistribution is not permitted.
- Modification of the source is not permitted.
I've heard there are patents or pending patents in the IBE space. There is no patent license in the Toolkit; please explain.
Patent rights are not granted through the license of the Toolkit. However, limited rights with respect to patents are granted through licenses of servers used to generate IBE private keys. Currently, developers have four options when building Toolkit-enabled applications:
- If you or your organization has purchased a commercial version of the Voltage SecurePolicy Suite, you may build and deploy Toolkit applications that use that server (the server license includes certain patent use rights; see the server license for details).
- The Voltage IBE Reference Server license includes a promise that Voltage will not sue you, which is subject to certain conditions and limitations. See the license for details.
- Voltage provides an online key server (at developer.voltage.com) that may be used for development and testing purposes. See the terms of use of the key server for more information.
- Voltage offers the Voltage SecurePolicy Suite licensed specially for developers for a small fee. Contact Voltage for more information.
Can I sell applications built using the Toolkit?
Yes. You may build and sell Toolkit-enabled applications without any special permission from Voltage. Your customers (the end users of your application) must purchase a Voltage SecurePolicy Suite or other Voltage-approved key server from Voltage or one of its partners.
Why do you offer the toolkit "for free"? How do you make money?
Voltage is providing the Toolkit at no charge to proliferate the usage of IBE. We hope to benefit from increased demand for the Voltage SecurePolicy Suite, which provides advanced key-management services and integration into enterprise IT systems.
Can I use the Toolkit with open-source projects?
We encourage use of the Toolkit in open-source projects. However, you will need to ensure that by including the Toolkit and its license, you are not violating the licensing model of your project or of our Toolkit. We do not permit the Toolkit to be combined with an open source project in such a way as would cause the Toolkit to be subject to the terms of the GPL or other open-source licenses. Make sure that you consult the terms of conditions applicable to the open source code that you are using. This is a tricky subject; for more information, the Open Source Initiative (http://www.opensource.org) may be a good starting point.
I built an application that uses the Toolkit. If my application distribution includes the Toolkit, do I need to include the Toolkit source code and license agreement?
Your distribution does not need to include the Toolkit source code, but it does need to include the Toolkit copyright notice and license. See the license for details.
I've been doing academic work on IBE. Can I use the Toolkit as part of my research?
Absolutely. Voltage strongly supports all academic work on IBE and encourages the use of the Voltage Developer Toolkit for research purposes. The Toolkit license provides special rights for "Academic Works": the Toolkit may be used to build any type of application, including ones that are not interoperable with Voltage products, provided that the application meets certain non-commercial guidelines.
Why does the Toolkit license include the OpenSSL license?
The Toolkit currently relies on parts of OpenSSL; for example, it uses OpenSSL's ASN.1 engine and bignum implementation. The Toolkit distribution includes prebuilt OpenSSL libraries (currently version 0.9.7d), and as such is subject to the OpenSSL license.
Where can I find the source for ictk.lib?
Please contact us for access to the ictk.lib source code.
Toolkit Usage
I'm getting errors compiling the Toolkit on Windows.
Make sure that you have installed the latest Microsoft Platform SDK and that Visual Studio is configured to search the Platform headers and libraries first. See the Windows installation instructions for more information.
How do I obtain IBE private keys for testing purposes?
Private keys may be obtained in three ways:
- The "LocalTest" transport provider supplied with the Reference Server, which can generate keys for any identity based on a generic master secret.
- The online key server hosted by Voltage at developer.voltage.com. This key server will generate keys for addresses that match *@example.{org|com|net}.
- Your own Voltage SecurePolicy Suite server. Voltage will soon be offering a developer's license that provides a server at reduced cost. Contact us for more information.
You (or your customers) must purchase a server from us. The key generation functionality included in the Reference Server may not be used in deployment environments.
Why do only some functions take a VtLibraryCtx as an argument?
Whenever a Toolkit object is created, the caller must pass a VtLibraryCtx as one of the arguments. The Create call copies a reference to the VtLibraryCtx and stores it within the object. Operations on the object, therefore, have access to a VtLibraryCtx and so do not require one to be passed in. In other words, if a function requires an object as an argument, it will generally not require a VtLibraryCtx.
