Crypto and PKI application capabilities
The simplified application programming interface available for Windows Store apps enables the following cryptographic and public key infrastructure (PKI) capabilities:
You can perform the following cryptographic tasks. For more information, see the Windows.Security.Cryptography.Core namespace.
- Create symmetric keys
- Perform symmetric encryption
- Create asymmetric keys
- Perform asymmetric encryption
- Derive password based keys
- Create message authentication codes (MACs)
- Hash content
- Digitally sign content
The Windows Software Development Kit (SDK) for Windows 8 also provides a simplified interface for password-based data protection. You can use this to perform the following tasks. For more information, see the Windows.Security.Cryptography.DataProtection namespace.
- Asynchronous protection of static data
- Asynchronous protection of a data stream
A Windows Store app can encode cryptographic data for transmission across a network and decode data received from a network source. For more information, see the static methods available in the Windows.Security.Cryptography namespace.
A Windows Store app can perform the following PKI tasks. For more information, see the Windows.Security.Cryptography.Certificates namespace.
- Create a certificate
- Create a self-signed certificate
- Install a certificate response
- Import a certificate in PFX format
- Use smart card certificates and keys (sharedUserCertificates capabilities set)
- Use certificates from the user MY store (sharedUserCertificates capabilities set)
Additionally, you can use the manifest to perform the following actions:
- Specify per application trusted root certificates
- Specify per application peer trusted certificates
- Explicitly disable inheritance from system trust
- Specify the certificate selection criteria
- Hardware certificates only
- Certificates that chain through a specified set of issuers
- Automatically select a certificate from the application store