CNG Algorithm Identifiers

The following identifiers are used to identify standard encryption algorithms in various CNG functions and structures, such as the CRYPT_INTERFACE_REG structure. Third party providers may have additional algorithms that they support.

Constant/value Description
BCRYPT_3DES_ALGORITHM
"3DES"
The triple data encryption standard symmetric encryption algorithm.
Standard: SP800-67, SP800-38A
BCRYPT_3DES_112_ALGORITHM
"3DES_112"
The 112-bit triple data encryption standard symmetric encryption algorithm.
Standard: SP800-67, SP800-38A
BCRYPT_AES_ALGORITHM
"AES"
The advanced encryption standard symmetric encryption algorithm.
Standard: FIPS 197
BCRYPT_AES_CMAC_ALGORITHM
"AES-CMAC"
The advanced encryption standard (AES) cipher based message authentication code (CMAC) symmetric encryption algorithm.
Standard: SP 800-38B
Windows 8: Support for this algorithm begins.

BCRYPT_AES_GMAC_ALGORITHM
"AES-GMAC"
The advanced encryption standard (AES) Galois message authentication code (GMAC) symmetric encryption algorithm.
Standard: SP800-38D
Windows Vista: This algorithm is supported beginning with Windows Vista with SP1.
BCRYPT_CAPI_KDF_ALGORITHM
L"CAPI_KDF"
Crypto API (CAPI) key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions.
BCRYPT_DES_ALGORITHM
"DES"
The data encryption standard symmetric encryption algorithm.
Standard: FIPS 46-3, FIPS 81
BCRYPT_DESX_ALGORITHM
"DESX"
The extended data encryption standard symmetric encryption algorithm.
Standard: None
BCRYPT_DH_ALGORITHM
"DH"
The Diffie-Hellman key exchange algorithm.
Standard: PKCS #3
BCRYPT_DSA_ALGORITHM
"DSA"
The digital signature algorithm.
Standard: FIPS 186-2
Windows 8: Beginning with Windows 8, this algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3.
BCRYPT_ECDH_P256_ALGORITHM
"ECDH_P256"
The 256-bit prime elliptic curve Diffie-Hellman key exchange algorithm.
Standard: SP800-56A
BCRYPT_ECDH_P384_ALGORITHM
"ECDH_P384"
The 384-bit prime elliptic curve Diffie-Hellman key exchange algorithm.
Standard: SP800-56A
BCRYPT_ECDH_P521_ALGORITHM
"ECDH_P521"
The 521-bit prime elliptic curve Diffie-Hellman key exchange algorithm.
Standard: SP800-56A
BCRYPT_ECDSA_P256_ALGORITHM
"ECDSA_P256"
The 256-bit prime elliptic curve digital signature algorithm (FIPS 186-2).
Standard: FIPS 186-2, X9.62
BCRYPT_ECDSA_P384_ALGORITHM
"ECDSA_P384"
The 384-bit prime elliptic curve digital signature algorithm (FIPS 186-2).
Standard: FIPS 186-2, X9.62
BCRYPT_ECDSA_P521_ALGORITHM
"ECDSA_P521"
The 521-bit prime elliptic curve digital signature algorithm (FIPS 186-2).
Standard: FIPS 186-2, X9.62
BCRYPT_MD2_ALGORITHM
"MD2"
The MD2 hash algorithm.
Standard: RFC 1319
BCRYPT_MD4_ALGORITHM
"MD4"
The MD4 hash algorithm.
Standard: RFC 1320
BCRYPT_MD5_ALGORITHM
"MD5"
The MD5 hash algorithm.
Standard: RFC 1321
BCRYPT_RC2_ALGORITHM
"RC2"
The RC2 block symmetric encryption algorithm.
Standard: RFC 2268
BCRYPT_RC4_ALGORITHM
"RC4"
The RC4 symmetric encryption algorithm.
Standard: Various
BCRYPT_RNG_ALGORITHM
"RNG"
The random-number generator algorithm.
Standard: FIPS 186-2, FIPS 140-2, NIST SP 800-90
[!Note]
Beginning with Windows Vista with SP1 and Windows Server 2008, the random number generator is based on the AES counter mode specified in the NIST SP 800-90 standard.

Windows Vista: The random number generator is based on the hash-based random number generator specified in the FIPS 186-2 standard.
Windows 8: Beginning with Windows 8, the RNG algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3.
BCRYPT_RNG_DUAL_EC_ALGORITHM
"DUALECRNG"
The dual elliptic curve random-number generator algorithm.
Standard: SP800-90.
Windows 8: Beginning with Windows 8, the EC RNG algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3.
Windows 10: Beginning with Windows 10, the dual elliptic curve random number generator algorithm has been removed. Existing uses of this algorithm will continue to work; however, the random number generator is based on the AES counter mode specified in the NIST SP 800-90 standard. New code should use BCRYPT_RNG_ALGORITHM, and it is recommended that existing code be changed to use BCRYPT_RNG_ALGORITHM.
BCRYPT_RNG_FIPS186_DSA_ALGORITHM
"FIPS186DSARNG"
The random-number generator algorithm suitable for DSA (Digital Signature Algorithm).
Standard: FIPS 186-2.
Windows 8: Support for FIPS 186-3 begins.
BCRYPT_RSA_ALGORITHM
"RSA"
The RSA public key algorithm.
Standard: PKCS #1 v1.5 and v2.0.
BCRYPT_RSA_SIGN_ALGORITHM
"RSA_SIGN"
The RSA signature algorithm. This algorithm is not currently supported. You can use the BCRYPT_RSA_ALGORITHM algorithm to perform RSA signing operations.
Standard: PKCS #1 v1.5 and v2.0.
BCRYPT_SHA1_ALGORITHM
"SHA1"
The 160-bit secure hash algorithm.
Standard: FIPS 180-2, FIPS 198.
BCRYPT_SHA256_ALGORITHM
"SHA256"
The 256-bit secure hash algorithm.
Standard: FIPS 180-2, FIPS 198.
BCRYPT_SHA384_ALGORITHM
"SHA384"
The 384-bit secure hash algorithm.
Standard: FIPS 180-2, FIPS 198.
BCRYPT_SHA512_ALGORITHM
"SHA512"
The 512-bit secure hash algorithm.
Standard: FIPS 180-2, FIPS 198.
BCRYPT_SP800108_CTR_HMAC_ALGORITHM
L"SP800_108_CTR_HMAC"
Counter mode, hash-based message authentication code (HMAC) key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions.
BCRYPT_SP80056A_CONCAT_ALGORITHM
L"SP800_56A_CONCAT"
SP800-56A key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions.
BCRYPT_PBKDF2_ALGORITHM
L"PBKDF2"
Password-based key derivation function 2 (PBKDF2) algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions.
BCRYPT_ECDSA_ALGORITHM
"ECDSA"
Generic prime elliptic curve digital signature algorithm (see Remarks for more information).
Standard: ANSI X9.62.
BCRYPT_ECDH_ALGORITHM
"ECDH"
Generic prime elliptic curve Diffie-Hellman key exchange algorithm (see Remarks for more information).
Standard: SP800-56A.
BCRYPT_XTS_AES_ALGORITHM
"XTS-AES"
The advanced encryption standard symmetric encryption algorithm in XTS mode.
Standard: SP-800-38E, IEEE Std 1619-2007.
Windows 10: Support for this algorithm begins.

Remarks

To use BCRYPT_ECDSA_ALGORITMor BCRYPT_ECDH_ALGORITHM, call BCryptOpenAlgorithmProvider with either BCRYPT_ECDSA_ALGORITHM or BCRYPT_ECDH_ALGORITHM as the pszAlgId. Then use BCryptSetProperty to set the BCRYPT_ECC_CURVE_NAME property to a named algorithm listed in CNG Named Curves.

To provider user-defined elliptic curve parameters directly, use BCryptSetProperty to set the BCRYPT_ECC_PARAMETERS property. Download the Windows 10 Cryptographic Provider Developer Kit (CPDK) for more information.

Requirements

Minimum supported client
Windows Vista [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]
Header
Bcrypt.h

See also

BCryptOpenAlgorithmProvider

NCryptCreatePersistedKey