---
date: "2004-02-09T17:35:59Z"
title: Not Quite So Evil
---

<p>So I've been using <a
href='http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/cryptography_reference.asp'><acronym
title='Microsoft Cryptographic API'>MSCAPI</acronym></a> and <a
href='http://msdn.microsoft.com/library/en-us/security/security/capicom_reference.asp'><acronym
title='Cryptographic API Component Object Model'>CAPICOM</acronym></a>
here at work, and I have to say that I'm impressed.  I've used
<a href='http://www.openssl.org/'>OpenSSL</a> for crypto stuff in the
past, and both
the <acronym title='Application Programming Interface'>API</acronym> and
documentation for <a href='http://www.openssl.org/'>OpenSSL</a>
suck ass.  Specifically, the <acronym title='Application
Programming Interface'>API</acronym> is counter-intuitive, and the
documentation is terse or non-existent.  Of course, there are <a
href='http://www.gnu.org/software/gnu-crypto/'>other options</a>, but
they're not as popular (and they lack language bindings, at least <a
href='http://cvs.pablotron.org/?m=gcrypt-ruby'>for the time being</a>).
</p>