Microsoft CryptoAPI and Cryptographic Service Providers

Microsoft CryptoAPI provides a secure interface for the cryptographic functionality that is supplied by the installable cryptographic service provider (CSP) modules. CSPs perform all cryptographic operations and manage private keys CSPs can be implemented in software as well as in hardware. Windows 2000 Certificate Services uses CryptoAPI and CSPs to perform all cryptographic and private key management operations. CryptoAPI and CSP services are available to all services and applications that require cryptographic services. For more information about CryptoAPI and CSPs, see the Microsoft Security Advisor link and the Microsoft Platform SDK link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .

Hardware and Software Cryptographic Service Providers

CSPs can be software-based, hardware-based, or a combination of both. Hardware-based cryptography and key management is more secure than software-based cryptography and key management because cryptographic operations and private keys are isolated from the operating system. However, hardware-based CSPs (such as smart card CSPs) often store only a limited number of private keys and can take a long time to generate keys.

Software CSPs usually provide more flexibility than hardware CSPs, but at the cost of somewhat less security. Nevertheless, software-based CSPs can provide ample security to meet a wide range of needs. You usually use hardware-based CSPs only for special security applications, such as for logging on with smart cards or for secure Web communications with FORTEZZA Crypto Cards.

Vendors can develop hardware or software CSPs that support a wide range of cryptographic operations and technologies. However, Microsoft must certify and digitally sign all CSPs. CSPs do not work in Windows 2000 unless they have been digitally signed by Microsoft.

Microsoft Cryptographic Service Providers

Windows 2000 includes the following Microsoft CSPs.

Microsoft Base Cryptographic Provider    Provides a broad set of basic cryptographic functionality. It is not subject to United States government cryptography export restrictions and can be exported to other countries/regions (subject to general United States export restrictions, as well as the import restrictions of other countries/regions). The Base CSP uses RSA technology, which is licensed from RSA Data Security, Inc.

Microsoft Enhanced Cryptographic Provider    Provides the same capabilities as the Microsoft Base Cryptographic Provider, but in addition, provides stronger security by supporting longer key lengths and additional cryptographic algorithms. This CSP is subject to government-imposed cryptography export restrictions and might not be available in your locality. The enhanced CSP also uses RSA technology.

Microsoft DSS Cryptographic Provider    Provides data signing and signature verification capability by using the Secure Hash Algorithm (SHA) and Digital Signature Algorithm (DSA). It is not subject to United States government cryptography export restrictions and can be exported to other countries/regions (subject to general United States export restrictions, as well as the import restrictions of other countries/regions).

Microsoft Base DSS and Diffie-Hellman Cryptographic Provider    Provides a superset of the DSS Cryptographic Provider and also supports Diffie-Hellman key exchange, hashing (message digests), data signing, and signature verification by using the SHA and DSA algorithms. This CSP is subject to government-imposed export restrictions on cryptography and might not be available in your locality.

Schannel Cryptographic Providers The Microsoft RSA/Schannel Cryptographic Provider, the Microsoft DSS Cryptographic Provider, and the Diffie-Hellman/Schannel Cryptographic Provider offer various cryptographic services that are required for data integrity, session key exchange, and authentication during secure Web communications with the SSL and TLS protocols. These CSPs are not subject to United States government cryptography export restrictions and can be exported to other countries/regions (subject to general United States export restrictions, as well as the import restrictions of other countries/regions).

FIPS  140-1 Level 1 Certification

The Windows 2000 Microsoft CSPs have received the Federal Information Processing Standard (FIPS) 140-1 Level 1 certification by the National Institute of Standards and Technology (NIST). The requirements for FIPS 140-1 Level 1 certification are contained in the FIPS 140-1 publication, which is published by NIST. For more information about how to obtain the FIPS140-1 publication, contact NIST. For more information about FIPS 140-1, see "Choosing Security Solutions That Use Public Key Technology" in this book.

Base vs. Enhanced Cryptographic Service Providers

The Microsoft Base Cryptographic Provider (Base CSP) is provided for export in compliance with United States government export restrictions on cryptography. The Microsoft Enhanced Cryptographic Provider (Enhanced CSP), however, is subject to United States government export restrictions on cryptography and is available only for localities where the export of strong cryptography is permitted. For more information about restrictions on cryptography, see "Cryptography for Network and Information Security" in this book, and see the Microsoft Security Advisor link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .

Table 16.2 highlights differences between the Base CSP and the Enhanced CSP. The public key lengths shown in the table are the default key lengths.

Table   16.2 Comparison of Microsoft Base CSP and Microsoft Enhanced CSP

Algorithm

Base CSP

Enhanced CSP

RSA public key signature algorithm

Key length: 512 bits.

Key length: 1,024 bits.

RSA public key exchange algorithm

Key length: 512 bits.

Key length: 1,024 bits.

RC2 block encryption algorithm

Key length: 40 bits.

Key length: 128 bits. Salt length: Settable.

RC4 stream encryption algorithm

Key length: 40 bits.

Key length: 128 bits. Salt length: Settable.

DES

Not supported.

Key length: 56 bits.

Triple DES (2-key)

Not supported.

Key length: 112 bits.

Triple DES (3-key)

Not supported.

Key length: 168 bits.

For both the Base CSP and the Enhanced CSP, public keys that are used for digital signatures can be up to 16,384 bits long. However, public keys that are used for key encryption and key exchange (to protect secret keys are limited to a maximum of 1,024 bits for the Base CSP and 16,384 bits for the Enhanced CSP. In addition, the symmetric keys for the encryption algorithms in the Base CSP are limited to shorter key lengths, resulting in significantly weaker cryptographic security. Overall, the key lengths and the encryption algorithms in the Enhanced CSP provide far stronger cryptographic security.

For both the Base CSP and the Enhanced CSP, public keys used for signing or key exchange can be a minimum of 384 bits long. However, the use of 384-bit public keys is not recommended. The minimum recommended length of public keys is 512 bits; however, public keys of at least 1,024 bits are recommended whenever this is feasible. Signing keys that exceed 1,024 bits in length can produce strong digital signatures. However, because they also can increase the computational load significantly and require large amounts of time to sign data, they also can adversely affect computer performance and, thus, might not be feasible. The default public-key length of the Base CSP is 512 bits, and the default public key length of the Enhanced CSP is 1,024 bits. Windows 2000 Certificate Services usually uses the default public-key lengths of the CSP, unless you choose another key length that is supported by the CSP in advanced options.

The Enhanced CSP is compatible with the Base CSP, except that the CSPs can generate only RC2 or RC4 keys of the default key length. The default symmetric key length for RC2 and RC4 in the Base CSP is 40 bits. The default symmetric length for RC2 and RC4 in the Enhanced CSP is 128 bits. Therefore, the Enhanced CSP cannot create keys with Base CSP–compatible key lengths. However, the Enhanced CSP can import RC2 and RC4 keys of up to 128 bits. Therefore, the Enhanced CSP can import and use 40-bit keys that were generated by using the Base CSP.

Smart Card Cryptographic Service Providers

Windows 2000 includes smart card CSPs from two vendors: Gemplus SCA and Schlumberger Limited. The Gemplus GemSAFE Card CSP and the Schlumberger CSP support cryptographic operations for the Gemplus and Schlumberger PC/SC-compliant smart cards, respectively. Additional smart card CSPs might be developed and certified for use with Windows 2000. For current information about smart card CSPs that are currently available, see the Microsoft Security Advisor link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .

Cryptography Export Restrictions

CSPs are subject to cryptography export restrictions. Some governments, including the United States government, currently place export restrictions on encryption technology. Other governments also place import restrictions on encryption technology. The availability of CSPs varies according to the export or import restrictions for a specific geographical area.

All Windows 2000 products support a maximum of 40-bit or 56-bit symmetric key encryption and are exportable to most localities worldwide. If you qualify to use and deploy nonexportable cryptography, you can obtain the Encryption Pack compact disc (CD) from Microsoft and use it to convert exportable Windows 2000 products into nonexportable, strong cryptography products. The Microsoft Enhanced Cryptographic Provider for Windows 2000 is available on this CD, which is not exportable.

For more information about the availability of the Encryption Pack CD and current cryptography export policies for Microsoft products, see the Microsoft Security Advisor link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .