CryptoAPI 2.0

Applies To: Windows Server 2008

CryptoAPI 2.0 is a set of application programming interfaces (APIs) that provide the support for certificate chain validation, certificate store operations, and signature verification in Windows. CryptoAPI 2.0 logs information about these operations, which can be used to help identify the cause of public key infrastructure (PKI) problems.


The following is a list of all aspects that are part of this managed entity:

Name Description

Automatic Root Certificates Update Configuration

The Automatic Root Certificates Update component is designed to automatically check the list of trusted authorities on the Microsoft Windows Update Web site. Specifically, there is a list of trusted root certification authorities (CAs) stored on the local computer. When an application is presented with a certificate issued by a CA, it will check the local copy of the trusted root CA list. If the certificate is not in the list, the Automatic Root Certificates Update component will contact the Microsoft Windows Update Web site to see if an update is available. If the CA has been added to the Microsoft list of trusted CAs, its certificate will automatically be added to the trusted certificate store on the computer.

Shadow Copy System Writer Functionality

Shadow Copy automatically creates shadow copies of files and folders to restore a previous version of the file. The Shadow Copy System Writer is used by the cryptographic services provided by the operating system to enumerate and replace system files when the signature of a system file is different from the signature stored in the security catalog database.

System Catalog Database Integrity

The system catalog database is used with the cryptographic services provided by the operating system to ensure that the Windows system files have not been changed. This is done by comparing the digital signature of a system file to the digital signature stored in the system catalog database. If the signatures do not match, the file is replaced with a copy of the file located on this computer with the correct signature.

Core Security