I have been looking at several crypto APIs and the picture is not pretty and getting worse. At this time, most developers I know are ignoring standard APIs like GSS, CDSA, and PKCS#11 as well as platform APIs likeWin32 CryptoAPI. Popular open source libraries like OpenSSL and Crypto++ rule. Architecturally, I like CDSA and GSS. CDSA is nice because it is open source, has fair documentation, and well designed. Unfortunately, CDSA is not being pushed strongly by Intel and supporters. Netscape announced support and then abandoned it. NSA seems to consider it important as an interoperability hub of sort, but favors GSS according to some presentations I found. GSS is also well designed, but there is no readily available Win32 implementation nor adapters. CDSA has adapters for OpenSSL and PKCS#11. With GSS, I am not even sure where to get C header files. If there is enough call for it, maybe I'll put together an open source GSS library (OpenGSS?). Otherwise, I'll probably use CDSA with minimal leakage across the project.