Introducing Compliance to Suite B Cryptography

Applies To: Windows 7, Windows Server 2008 R2

This product evaluation topic for the IT professional describes changes to security technologies as a result of Suite B cryptographic compliance in Windows 7 and Windows Server 2008 R2.

Suite B cryptography support for security technologies in Windows

Suite B is a group of cryptographic algorithms that is approved by the United States National Security Agency (NSA). Whereas Suite A is intended for highly sensitive communication and critical authentication systems, Suite B is a publicly available set of algorithms that establish a cryptographic standard for software encryption. Suite B's components are:

  • Advanced Encryption Standard (AES-128 and AES-256)

  • Elliptic Curve Digital Signature Algorithm (ECDSA)

  • Elliptic Curve Diffie-Hellman (ECDH)

  • Secure Hash Algorithm (SHA-256 and SHA-384)

Support for Suite B cryptographic algorithms was added in Windows Vista Service Pack 1 (SP1) and in Windows Server 2008 with the introduction of Cryptography Next Generation (CNG). For Windows 7 and Windows Server 2008 R2, several security technologies use Suite B algorithms, including:

  • Transport Security Layer (TLS) authentication protocol (implemented in the Schannel authentication package)

    For more information about what's new in TLS, see Introducing TLS v1.2.

  • Encrypting File System (EFS)

For additional resources about Suite B and CNG, see: