Introducing Compliance to Suite B Cryptography
Applies To: Windows 7, Windows Server 2008 R2
This product evaluation topic for the IT professional describes changes to security technologies as a result of Suite B cryptographic compliance in Windows 7 and Windows Server 2008 R2.
Suite B cryptography support for security technologies in Windows
Suite B is a group of cryptographic algorithms that is approved by the United States National Security Agency (NSA). Whereas Suite A is intended for highly sensitive communication and critical authentication systems, Suite B is a publicly available set of algorithms that establish a cryptographic standard for software encryption. Suite B's components are:
Advanced Encryption Standard (AES-128 and AES-256)
Elliptic Curve Digital Signature Algorithm (ECDSA)
Elliptic Curve Diffie-Hellman (ECDH)
Secure Hash Algorithm (SHA-256 and SHA-384)
Support for Suite B cryptographic algorithms was added in Windows Vista Service Pack 1 (SP1) and in Windows Server 2008 with the introduction of Cryptography Next Generation (CNG). For Windows 7 and Windows Server 2008 R2, several security technologies use Suite B algorithms, including:
Transport Security Layer (TLS) authentication protocol (implemented in the Schannel authentication package)
For more information about what's new in TLS, see Introducing TLS v1.2.
Encrypting File System (EFS)
For additional resources about Suite B and CNG, see: