A programming language for cryptographic protocols eases design and implementation of application-specific protocols for tasks such as electronic commerce and distributed access control. The language provides a minimal expressiveness useful for defining new protocols. We give the language a semantics via strand spaces, so that the designer can prove that a new protocol meets the security goals. This semantics also motivates a compilation strategy, yielding protocol implementations faithful to their verified behavior. We also aim to clarify the relation between the abstract models used in protocol verification and the actual behavior of protocols as implemented.