National Institute of Standards & Technology, Acquisition & Assistance Division, Bldg. 301, Rm. B117, Gaithersburg, MD

70 -- IMPLEMENTATION OF THE GCS-API SOL 53SBNB6C9255 DUE 083096 POC Sandra Febach (301) 975-6326, FAX (301) 963-7732 1. BACKGROUND: The National Institute of Standards and Technology (NIST) Security Technology Group has been working with the Open Group (formerly X/Open) to develop an industry standard for a generic cryptographic services applications programming interface (GCS-API). The GCS-API will be published as an Open Group Preliminary Specification. This specification provides a standard interface to cryptographic service facilities, allowing vendors to write applications that are independent of the underlying cryptographic mechanisms. This standard cryptographic API is a critical supporting technology for the development of secure and interoperable computer security systems. NIST intends to develop a reference implementation of the GCS-API, built upon the federal standard cryptographic algorithm suite. Potential contractors should have experience with cryptographic APIs in general, and should be familiar with the GCS-API specification. 2. TASK DESCRIPTION: The contractor shall develop a functional reference implementation of the GCS-API. This implementation will be written in the C programming language, and packaged as a library of function calls. The library source code will be compilable under both the Windows 95 and SunOS environments. The GCS-API library will be built upon a Cryptographic Service Facility (CSF) containing the federal standard cryptographic algorithm suite. This suite includes the DES, DSS, and SHA-1 standards. Prototype code for these crytographic algorithms will be provided by NIST. In lieu of a federal standard public key based key exchange, the contractor shall implement ANSI X9.42. A host application will also be developed to interact with the GCS-API function library. This application will demonstrate the following processes. Some of these processes require a second CSF with complementary crytographic keys, or a loopback mode to the same CSF supporting multiple cryptographic contexts: 2.1 CSF initialization; 2.2 Authentication of one or more CSF clients; 2.3 Exchange of session keys using ANSI X9.42; 2.4 Encryption and decryption of arbitrary data using the DES; 2.5 Digital signature generation and verification using the DSS; and 2.6 Random number generation using ANSI X9.17 Appendix C. 3. CONTRACT DELIVERABLES: The contractor shall deliver the following items to NIST. All material shall become the sole property of the U.S. government upon delivery: 3.1 Source code for the GCS-API reference implementation in electronic form; 3.2 A host application to demonstrate the reference implementation; 3.3 Complete system documentation including detailed operating procedures; and 3.4 A final report discussing any significant issues that arose during the project. 3.2 SCHEDULE: The period of performance will be six months. An initial meeting between the contractor and the NIST COTR will be held at NIST one week ARO to set a detailed schedule for the project and discuss overall design issues. The schedule shall include a preliminary design review within the second month, a final review at the end of the fifth month, and final product delivery at the end of the sixth month. Additional meetings may be scheduled as needed. SOLICITATION 53SBNB6C9255 is issued as a Request for Quotations. This announcement constitutes the only solicitation; quotations are being requested and a written solicitation will not be issued. Award will be made to the lowest priced, technically acceptable offer. Offers shall include a statement of capability or appropriate documentation which clearly demonstrates that the contractor is thoroughly familiar with the Generic Cryptographic Services API specification. Offers are due NLT COB August 30, 1996. For information, call the POC identified above. The applicable SIC code is 7379 with a size standard of $18M. See Numbered Notes 1 and 26. (0214)

Loren Data Corp. http://www.ld.com (SYN# 0426 19960802\70-0001.SOL)