CNG Key Storage Providers

Article
11/21/2024

Unlike Cryptography API (CryptoAPI), Cryptography API: Next Generation (CNG) separates cryptographic providers from key storage providers (KSPs). KSPs can be used to create, delete, export, import, open and store keys. Depending on implementation, they can also be used for asymmetric encryption, secret agreement, and signing. Microsoft installs the following KSPs on Windows. However, vendors can create and install other providers.

Microsoft Software Key Storage Provider

The Microsoft Software Key Storage Provider supports software key creation and storage and the following algorithms.

Algorithm	Purpose	Key length (bits)
Diffie-Hellman (DH)	Secret agreement and key exchange	512 to 4096 in 64-bit increments
Digital Signature Algorithm (DSA)	Signatures	512 to 1024 in 64-bit increments
Elliptic Curve Diffie-Hellman (ECDH)	Secret agreement and key exchange	P256, P384, P521
Elliptic Curve Digital Signature Algorithm (ECDSA)	Signatures	P256, P384, P521
RSA	Asymmetric encryption and signing	512 to 16384 in 64-bit increments

Microsoft Smart Card Key Storage Provider

The Microsoft Smart Card Key Storage Provider supports smart card key creation and storage and the following algorithms.

Algorithm	Purpose	Key length (bits)
Diffie-Hellman (DH)	Secret agreement and key exchange	512 to 4096 in 64-bit increments
Elliptic Curve Diffie-Hellman (ECDH)	Secret agreement and key exchange	P256, P384, P521
Elliptic Curve Digital Signature Algorithm (ECDSA)	Signatures	P256, P384, P521
RSA	Asymmetric encryption and signing	512 to 16384 in 64-bit increments

CNG Algorithm Identifiers

CNG Key Storage Functions

Understanding Cryptographic Providers

Additional resources

Documentation

Key Storage and Retrieval - Win32 apps

CNG provides a model for private key storage that allows adapting to the current and future demands of creating applications that use cryptography features such as public or private key encryption, as well as the demands of the storage of key material.
Understanding Cryptographic Providers - Win32 apps

Providers implement cryptographic algorithms, generate keys, provide key storage, and authenticate users. Providers can be implemented in hardware, software, or both.
Enumerating Installed Providers - Win32 apps

The following example shows how to use the Certificate Enrollment API to enumerate the providers installed on a computer.
CNG Cryptographic Algorithm Providers - Win32 apps

Unlike Cryptography API (CryptoAPI), Cryptography API: Next Generation (CNG) separates cryptographic providers from key storage providers.
CryptoAPI Cryptographic Service Providers - Win32 apps

Providers associated with Cryptography API (CryptoAPI) are called cryptographic service providers (CSPs) in this documentation.
Microsoft RSA/Schannel Cryptographic Provider - Win32 apps

The Microsoft RSA/Schannel Cryptographic Provider supports hashing, data signing, and signature verification.
CNG Key Storage Functions - Win32 apps

Cryptography API: Next Generation (CNG) defines the following functions which are used to perform CNG key storage operations.
Microsoft Cryptographic Service Providers - Win32 apps

Lists the cryptographic service providers available from Microsoft.

Training

Module

Azure Key and Certificate Management - Training

In this module, you learn about essential concepts for using encryption keys and digital certificates in Azure to help secure cloud workloads and ensure data sovereignty.

Events

The future is yours

May 19, 6 PM - May 23, 12 AM

Calling all developers, creators, and AI innovators to join us in Seattle @Microsoft Build May 19-22.

AI Skills Fest

Share via

CNG Key Storage Providers

Microsoft Software Key Storage Provider

Microsoft Smart Card Key Storage Provider

Feedback

Additional resources

AI Skills Fest

Share via

CNG Key Storage Providers

Microsoft Software Key Storage Provider

Microsoft Smart Card Key Storage Provider

Related content

Feedback

Additional resources