The Cryptographic Service Provider (CSP) defines a concept to reduce security issues by encapsulating cryptographic assets like keys and other credentials from the application runtime. Furthermore, a CSP reduces time and costs of an application’s security certification process with Common Criteria. Goal is to certify the application independently from operation system or hardware to avoid an expensive composite certification.

Using a CSP, security related tasks are triggered by the application, but the specific cryptographic operation is executed in an isolated environment. Sensitive assets are not transferred in an unencrypted manner to the application or other insecure environments. In short, a CSP offers common cryptographic operations and high-level protocols to support a variety of security related use cases. However, the CSP is not just another cryptographic library. It is a tool which supports developers by defining a clear separation layer between functional features and security related operations. The concept of CSP can be applied to various technologies. The cryptographic API provided by the CSP harmonizes security solutions for different platforms (e.g. hardware chips or Cloud services).

• CSP Whitepaper v1.0
• BSI TR-03181 Technical Guideline for Cryptographic Service Provider 2 (CSP2)
• Common Criteria Protection Profile Cryptographic Service Provider (CSP)
• Protection Profile Cryptographic Service Provider Light (CSPL)

Take advantage of the opportunity to register for our newsletter and receive regular updates on changes regarding CSP specification documents. To subscribe, kindly send an email to csp@bsi.bund.de.