Microsoft crypto api

The Microsoft Windows platform unique Cryptographic Application Programming Interface (additionally regarded variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or honestly CAPI) is an software programming interface protected with Microsoft Windows working systems that gives services to enable developers to steady Windows-primarily based programs the use of cryptography. It is a set of dynamically connected libraries that gives an abstraction layer which isolates programmers from the code used to encrypt the statistics. The Crypto API was first introduced in Windows NT 4.0[1] and stronger in next versions.

CryptoAPI helps both public-key and symmetric key cryptography, even though chronic symmetric keys aren’t supported. It consists of capability for encrypting and decrypting data and for authentication using virtual certificates. It also includes a cryptographically secure pseudorandom variety generator function CryptGenRandom.

CryptoAPI works with a number of CSPs (Cryptographic Service Providers) mounted on the choices system. CSPs are the choices modules that do the real work of encoding and interpreting statistics by means of acting the cryptographic capabilities. Vendors of HSMs might also deliver a CSP which fits with their hardware.

Cryptography API: Next Generation

Windows Vista functions an replace to the choices Crypto API referred to as Cryptography API: Next Generation (CNG). It has better API factoring to permit the choices same functions to work the usage of a extensive variety of cryptographic algorithms, and includes a number of newer algorithms that are part of the National Security Agency (NSA) Suite B.[2] It is also flexible, providing help for plugging custom cryptographic APIs into the choices CNG runtime. However, CNG Key Storage Providers still do no longer support symmetric keys.[3] CNG works in both consumer and kernel mode, and also helps all the algorithms from the CryptoAPI. The Microsoft issuer that implements CNG is housed in Bcrypt.dll.

CNG additionally helps elliptic curve cryptography which, because it uses shorter keys for the same expected stage of protection, is greater green than RSA.[4] The CNG API integrates with the smart card subsystem via which include a Base Smart Card Cryptographic Service Provider (Base CSP) module which encapsulates the clever card API. Smart card producers simply ought to make their devices like minded with this, in preference to provide a from-scratch answer.

CNG also adds guide for Dual_EC_DRBG,[5] a pseudorandom number generator described in NIST SP 800-90A that might disclose the user to eavesdropping by way of the choices National Security Agency because it includes a kleptographic backdoor, unless the developer recalls to generate new base factors with a one of a kind cryptographically secure pseudorandom wide variety generator or a real random variety generator after which post the generated seed with a view to remove the choices NSA backdoor. It is likewise very gradual.[6] It is handiest used when called for explicitly.

CNG also replaces the default PRNG with CTR_DRBG the usage of AES as the block cipher, because the earlier RNG that’s defined inside the now superseded FIPS 186-2 is based on either DES or SHA-1, each that have been broken.[7] CTR_DRBG is one of the two algorithms in NIST SP 800-90 encouraged by Schneier, the opposite being Hash_DRBG.[6]

See also