FIPS 140-2 Validation

FIPS 140-2 standard overview

The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996.

The Cryptographic Module Validation Program (CMVP), a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover eleven areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.

Microsoft’s approach to FIPS 140-2 validation

Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since the inception of the standard in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.

Using Windows in a FIPS 140-2 approved mode of operation

Windows 10 and Windows server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.” Achieving this mode of operation requires administrators to complete all four steps outlined below.

Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed

Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. This is accomplished by cross-checking the version number of the cryptographic module with the table of validated modules at the end of this topic, organized by operating system release.

Step 2: Ensure all security policies for all cryptographic modules are followed

Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found by following the links in the table of validated modules at the end of this topic. Click on the module version number to view the published SPD for the module.

Step 3: Enable the FIPS security policy

Windows provides the security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.

Step 4: Ensure only FIPS validated cryptographic algorithms are used

Neither the operating system nor the cryptographic modules can enforce a FIPS approved mode of operation, regardless of the FIPS security policy setting. To run in a FIPS approved mode, an application or service must check for the policy flag and enforce the security policies of the validated modules. If an application or service uses a non-approved cryptographic algorithm or does not follow the security policies of the validated modules, it is not operating in a FIPS approved mode.

Frequently asked questions

How long does it take to certify cryptographic modules?

Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors.

When does Microsoft undertake a FIPS 140 validation?

The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server. As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules.

What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”?

“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.

I need to know if a Windows service or application is FIPS 140-2 validated.

The cryptographic modules leveraged in Windows are validated through the CMVP, not individual services, applications, hardware peripherals, or other solutions. For a solution to be considered compliant, it must call a FIPS 140-2 validated cryptographic module in the underlying OS and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module.

What does "When operated in FIPS mode" mean on a certificate?

This caveat identifies required configuration and security rules that must be followed to use the cryptographic module in a way that is consistent with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module.

What is the relationship between FIPS 140-2 and Common Criteria?

These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.

How does FIPS 140 relate to Suite B?

Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140-2 standard.

Microsoft FIPS 140-2 validated cryptographic modules

The following tables identify the cryptographic modules used in an operating system, organized by release.

Modules used by Windows

Windows 10 Spring 2018 Update (Version 1803)

Validated Editions: Home, Pro, Enterprise, Education

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.17134 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.17134 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.17134 #3195 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.17134 #3480 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.17134 #3096 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.17134 #3092 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.17134 #3089 See Security Policy and Certificate page for algorithm information
Windows 10 Fall Creators Update (Version 1709)

Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.16299 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.16299 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.16299 #3195 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.16299 #3194 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.16299 #3096 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.16299 #3092 See Security Policy and Certificate page for algorithm information
Windows Resume 10.0.16299 #3091 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.16299 #3089 See Security Policy and Certificate page for algorithm information
Windows 10 Creators Update (Version 1703)

Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.15063 #3095

FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.15063 #3094

#3094

FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)

Boot Manager 10.0.15063 #3089

FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)

Windows OS Loader 10.0.15063 #3090

FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

Other algorithms: NDRNG

Windows Resume[1] 10.0.15063 #3091 FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
BitLocker® Dump Filter[2] 10.0.15063 #3092 FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
Code Integrity (ci.dll) 10.0.15063 #3093

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

Secure Kernel Code Integrity (skci.dll)[3] 10.0.15063 #3096

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

[1] Applies only to Home, Pro, Enterprise, Education and S

[2] Applies only to Pro, Enterprise, Education, S, Mobile and Surface Hub

[3] Applies only to Pro, Enterprise Education and S

Windows 10 Anniversary Update (Version 1607)

Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.14393 #2937

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.14393 #2936

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)

Boot Manager 10.0.14393 #2931

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload) 10.0.14393 #2932 FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: NDRNG; MD5
BitLocker® Windows Resume (winresume)[1] 10.0.14393 #2933 FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[2] 10.0.14393 #2934 FIPS Approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll) 10.0.14393 #2935

FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

Secure Kernel Code Integrity (skci.dll)[3] 10.0.14393 #2938

FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

[1] Applies only to Home, Pro, Enterprise and Enterprise LTSB

[2] Applies only to Pro, Enterprise, Enterprise LTSB and Mobile

[3] Applies only to Pro, Enterprise and Enterprise LTSB

Windows 10 November 2015 Update (Version 1511)

Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.10586 #2606

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.10586 #2605

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)

Boot Manager[4] 10.0.10586 #2700 FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)[5] 10.0.10586 #2701 FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[6] 10.0.10586 #2702 FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)

Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[7] 10.0.10586 #2703 FIPS Approved algorithms: AES (Certs. #3653)
Code Integrity (ci.dll) 10.0.10586 #2604

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

Secure Kernel Code Integrity (skci.dll)[8] 10.0.10586 #2607

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

[4] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub

[5] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub

[6] Applies only to Home, Pro and Enterprise

[7] Applies only to Pro, Enterprise, Mobile and Surface Hub

[8] Applies only to Enterprise and Enterprise LTSB

Windows 10 (Version 1507)

Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.10240 #2606

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.10240 #2605

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)

Boot Manager[9] 10.0.10240 #2600 FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)[10] 10.0.10240 #2601 FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[11] 10.0.10240 #2602 FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[12] 10.0.10240 #2603 FIPS Approved algorithms: AES (Certs. #3497 and #3498)
Code Integrity (ci.dll) 10.0.10240 #2604

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

Secure Kernel Code Integrity (skci.dll)[13] 10.0.10240 #2607

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

[9] Applies only to Home, Pro, Enterprise and Enterprise LTSB

[10] Applies only to Home, Pro, Enterprise and Enterprise LTSB

[11] Applies only to Home, Pro, Enterprise and Enterprise LTSB

[12] Applies only to Pro, Enterprise and Enterprise LTSB

[13] Applies only to Enterprise and Enterprise LTSB

Windows 8.1

Validated Editions: RT, Pro, Enterprise, Phone, Embedded

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 6.3.9600 6.3.9600.17031 #2357

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.3.9600 6.3.9600.17042 #2356

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

Boot Manager 6.3.9600 6.3.9600.17031 #2351 FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload) 6.3.9600 6.3.9600.17031 #2352 FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[14] 6.3.9600 6.3.9600.17031 #2353 FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys) 6.3.9600 6.3.9600.17031 #2354 FIPS Approved algorithms: AES (Cert. #2832)

Other algorithms: N/A
Code Integrity (ci.dll) 6.3.9600 6.3.9600.17031 #2355#2355

FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

Other algorithms: MD5

Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

[14] Applies only to Pro, Enterprise, and Embedded 8.

Windows 8

Validated Editions: RT, Home, Pro, Enterprise, Phone

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.2.9200 #1892 FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert. ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.2.9200 #1891 FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RNG (Cert. ); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager 6.2.9200 #1895 FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5
BitLocker® Windows OS Loader (WINLOAD) 6.2.9200 #1896 FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
BitLocker® Windows Resume (WINRESUME)[15] 6.2.9200 #1898 FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5
BitLocker® Dump Filter (DUMPFVE.SYS) 6.2.9200 #1899 FIPS Approved algorithms: AES (Certs. #2196 and #2198)

Other algorithms: N/A
Code Integrity (CI.DLL) 6.2.9200 #1897 FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.2.9200 #1893 FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert. ); Triple-DES MAC (Triple-DES Cert. , vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. , key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL) 6.2.9200 #1894 FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

[15] Applies only to Home and Pro

Windows 7

Validated Editions: Windows 7, Windows 7 SP1

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)

6.1.7600.16385

6.1.7601.17514

1329 FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and ); SHS (Cert. ); Triple-DES (Cert. )

Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Kernel Mode Cryptographic Primitives Library (cng.sys)

6.1.7600.16385

6.1.7600.16915

6.1.7600.21092

6.1.7601.17514

6.1.7601.17725

6.1.7601.17919

6.1.7601.21861

6.1.7601.22076

1328 FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Boot Manager

6.1.7600.16385

6.1.7601.17514

1319 FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5#1168 and ); HMAC (Cert. ); RSA (Cert. ); SHS (Cert. )

Other algorithms: MD5
Winload OS Loader (winload.exe)

6.1.7600.16385

6.1.7600.16757

6.1.7600.20897

6.1.7600.20916

6.1.7601.17514

6.1.7601.17556

6.1.7601.21655

6.1.7601.21675

1326 FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5
BitLocker™ Drive Encryption

6.1.7600.16385

6.1.7600.16429

6.1.7600.16757

6.1.7600.20536

6.1.7600.20873

6.1.7600.20897

6.1.7600.20916

6.1.7601.17514

6.1.7601.17556

6.1.7601.21634

6.1.7601.21655

6.1.7601.21675

1332 FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

Other algorithms: Elephant Diffuser
Code Integrity (CI.DLL)

6.1.7600.16385

6.1.7600.17122

6.1.7600.21320

6.1.7601.17514

6.1.7601.17950

6.1.7601.22108

1327 FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.1.7600.16385
(no change in SP1)
1331 FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
Enhanced Cryptographic Provider (RSAENH.DLL) 6.1.7600.16385
(no change in SP1)
1330 FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Windows Vista SP1

Validated Editions: Ultimate Edition

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Boot Manager (bootmgr) 6.0.6001.18000 and 6.0.6002.18005 978 FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
Winload OS Loader (winload.exe) 6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596 979 FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)

Other algorithms: MD5
Code Integrity (ci.dll) 6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005 980 FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)

Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys) 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 1000

FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and ); ECDSA (Cert. ); HMAC (Cert. ); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Cryptographic Primitives Library (bcrypt.dll) 6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 1001

FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH) 6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 1002

FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 1003

FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Windows Vista

Validated Editions: Ultimate Edition

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Enhanced Cryptographic Provider (RSAENH) 6.0.6000.16386 893 FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.0.6000.16386 894 FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption 6.0.6000.16386 947 FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)

Other algorithms: Elephant Diffuser
Kernel Mode Security Support Provider Interface (ksecdd.sys) 6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067 891 FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
Windows XP SP3
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.1.2600.5512 997

FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

Other algorithms: DES; MD5; HMAC MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.1.2600.5507 990

FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

Enhanced Cryptographic Provider (RSAENH) 5.1.2600.5507 989

FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)

Windows XP SP2
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
DSS/Diffie-Hellman Enhanced Cryptographic Provider 5.1.2600.2133 240

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Microsoft Enhanced Cryptographic Provider 5.1.2600.2161 238

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

Windows XP SP1
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Microsoft Enhanced Cryptographic Provider 5.1.2600.1029 238

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

Windows XP
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module 5.1.2600.0 241

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

Other algorithms: DES (Cert. #89)

Windows 2000 SP3
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.0.2195.1569 106

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS: 5.0.2195.3665 [SP3])

(Base: 5.0.2195.3839 [SP3])

(DSS/DH Enh: 5.0.2195.3665 [SP3])

(Enh: 5.0.2195.3839 [SP3]

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

Windows 2000 SP2
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.0.2195.1569 106

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS:

5.0.2195.2228 [SP2])

(Base:

5.0.2195.2228 [SP2])

(DSS/DH Enh:

5.0.2195.2228 [SP2])

(Enh:

5.0.2195.2228 [SP2])

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

Windows 2000 SP1
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS: 5.0.2150.1391 [SP1])

(Base: 5.0.2150.1391 [SP1])

(DSS/DH Enh: 5.0.2150.1391 [SP1])

(Enh: 5.0.2150.1391 [SP1])

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

Windows 2000
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider 5.0.2150.1 76

FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Windows 95 and Windows 98
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider 5.0.1877.6 and 5.0.1877.7 75

FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Windows NT 4.0
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Base Cryptographic Provider 5.0.1877.6 and 5.0.1877.7 68 FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)

Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Modules used by Windows Server

Windows Server (Version 1803)

Validated Editions: Standard, Datacenter

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.17134 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.17134 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.17134 #3195 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.17134 #3480 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.17134 #3096 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.17134 #3092 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.17134 #3089 See Security Policy and Certificate page for algorithm information
Windows Server (Version 1709)

Validated Editions: Standard, Datacenter

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.16299 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.16299 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.16299 #3195 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.16299 #3194 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.16299 #3096 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.16299 #3092 See Security Policy and Certificate page for algorithm information
Windows Resume 10.0.16299 #3091 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.16299 #3089 See Security Policy and Certificate page for algorithm information
Windows Server 2016

Validated Editions: Standard, Datacenter, Storage Server

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.14393 2937 FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.14393 2936 FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager 10.0.14393 2931

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload) 10.0.14393 2932 FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: NDRNG; MD5
BitLocker® Windows Resume (winresume) 10.0.14393 2933 FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys) 10.0.14393 2934 FIPS Approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll) 10.0.14393 2935 FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: AES (non-compliant); MD5
Secure Kernel Code Integrity (skci.dll) 10.0.14393 2938 FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

Other algorithms: MD5
Windows Server 2012 R2

Validated Editions: Server, Storage Server,

StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 6.3.9600 6.3.9600.17031 2357 FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys) 6.3.9600 6.3.9600.17042 2356 FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager 6.3.9600 6.3.9600.17031 2351 FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload) 6.3.9600 6.3.9600.17031 2352 FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[16] 6.3.9600 6.3.9600.17031 2353 FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[17] 6.3.9600 6.3.9600.17031 2354 FIPS Approved algorithms: AES (Cert. #2832)

Other algorithms: N/A
Code Integrity (ci.dll) 6.3.9600 6.3.9600.17031 2355 FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

Other algorithms: MD5

[16] Does not apply to Azure StorSimple Virtual Array Windows Server 2012 R2

[17] Does not apply to Azure StorSimple Virtual Array Windows Server 2012 R2

Windows Server 2012

Validated Editions: Server, Storage Server

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.2.9200 1892 FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert. ); HMAC (Cert. #); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys) 6.2.9200 1891 FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager 6.2.9200 1895 FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5
BitLocker® Windows OS Loader (WINLOAD) 6.2.9200 1896 FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
BitLocker® Windows Resume (WINRESUME) 6.2.9200 1898 FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5
BitLocker® Dump Filter (DUMPFVE.SYS) 6.2.9200 1899 FIPS Approved algorithms: AES (Certs. #2196 and #2198)

Other algorithms: N/A
Code Integrity (CI.DLL) 6.2.9200 1897 FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.2.9200 1893 FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL) 6.2.9200 1894 FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Windows Server 2008 R2
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Boot Manager (bootmgr) 6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.17514 1321 FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5
Winload OS Loader (winload.exe) 6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 1333 FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5
Code Integrity (ci.dll) 6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 1334 FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5
Kernel Mode Cryptographic Primitives Library (cng.sys) 6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 1335 FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Cryptographic Primitives Library (bcryptprimitives.dll) 66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.17514 1336 FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
Enhanced Cryptographic Provider (RSAENH) 6.1.7600.16385 1337 FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.1.7600.16385 1338 FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption 6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 1339 FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

Other algorithms: Elephant Diffuser
Windows Server 2008
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Boot Manager (bootmgr) 6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 1004 FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: N/A
Winload OS Loader (winload.exe) 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 1005 FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: MD5
Code Integrity (ci.dll) 6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 1006 FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys) 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 1007 FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert. ); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Cryptographic Primitives Library (bcrypt.dll) 6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 1008 FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 1009 FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
Enhanced Cryptographic Provider (RSAENH) 6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 1010 FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Windows Server 2003 SP2
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.3959 875

FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.3959 869

FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

Other algorithms: DES; HMAC-MD5

Enhanced Cryptographic Provider (RSAENH) 5.2.3790.3959 868

FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Windows Server 2003 SP1
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.1830 [SP1] 405

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

[1] x86
[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH) 5.2.3790.1830 [Service Pack 1]) 382

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

[1] x86
[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.1830 [Service Pack 1] 381

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

[1] x86
[2] SP1 x86, x64, IA64

Windows Server 2003
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.0 405

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

[1] x86
[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH) 5.2.3790.0 382

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

[1] x86
[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.0 381

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

[1] x86
[2] SP1 x86, x64, IA64

Other Products

Windows Embedded Compact 7 and Windows Embedded Compact 8
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Enhanced Cryptographic Provider 7.00.2872 [1] and 8.00.6246 [2] 2957

FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

Allowed algorithms: HMAC-MD5; MD5; NDRNG

Cryptographic Primitives Library (bcrypt.dll) 7.00.2872 [1] and 8.00.6246 [2] 2956

FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength

Windows CE 6.0 and Windows Embedded Compact 7
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Enhanced Cryptographic Provider 6.00.1937 [1] and 7.00.1687 [2] 825

FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

Outlook Cryptographic Provider
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Outlook Cryptographic Provider (EXCHCSP) SR-1A (3821)SR-1A (3821) 110

FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5

Cryptographic Algorithms

The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.

Advanced Encryption Standard (AES)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • AES-CBC:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CFB128:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CTR:
    • Counter Source: Internal
    • Key Lengths: 128, 192, 256 (bits)
  • AES-OFB:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)

Microsoft Surface Hub Virtual TPM Implementations #4904

Version 10.0.15063.674

  • AES-CBC:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CFB128:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CTR:
    • Counter Source: Internal
    • Key Lengths: 128, 192, 256 (bits)
  • AES-OFB:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903

Version 10.0.16299

  • AES-CBC:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CCM:
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
    • Plain Text Length: 0-32
    • AAD Length: 0-65536
  • AES-CFB128:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CFB8:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CMAC:
    • Generation:
      • AES-128:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-192:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-256:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
    • Verification:
      • AES-128:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-192:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-256:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
  • AES-CTR:
    • Counter Source: Internal
    • Key Lengths: 128, 192, 256 (bits)
  • AES-ECB:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-GCM:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • Key Size: 128:
      • Modes: Decrypt, Encrypt
      • Block Sizes: Full
    • Key Size: 256:
      • Modes: Decrypt, Encrypt
      • Block Sizes: Full

Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902

Version 10.0.15063.674

  • AES-CBC:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CCM:
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
    • Plain Text Length: 0-32
    • AAD Length: 0-65536
  • AES-CFB128:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CFB8:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CMAC:
    • Generation:
      • AES-128:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-192:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-256:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
    • Verification:
      • AES-128:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-192:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-256:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
  • AES-CTR:
    • Counter Source: Internal
    • Key Lengths: 128, 192, 256 (bits)
  • AES-ECB:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-GCM:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • Key Size: 128:
      • Modes: Decrypt, Encrypt
      • Block Sizes: Full
    • Key Size: 256:
      • Modes: Decrypt, Encrypt
      • Block Sizes: Full

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901

Version 10.0.15254

  • AES-CBC:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CCM:
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
    • Plain Text Length: 0-32
    • AAD Length: 0-65536
  • AES-CFB128:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CFB8:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-CMAC:
    • Generation:
      • AES-128:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-192:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-256:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
    • Verification:
      • AES-128:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-192:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
      • AES-256:
        • Block Sizes: Full, Partial
        • Message Length: 0-65536
        • Tag Length: 16-16
  • AES-CTR:
    • Counter Source: Internal
    • Key Lengths: 128, 192, 256 (bits)
  • AES-ECB:
    • Modes: Decrypt, Encrypt
    • Key Lengths: 128, 192, 256 (bits)
  • AES-GCM:
    • Modes: Decrypt, Encrypt
    • IV Generation: External
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • Key Size: 128:
      • Modes: Decrypt, Encrypt
      • Block Sizes: Full
    • Key Size: 256:
      • Modes: Decrypt, Encrypt
      • Block Sizes: Full

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

Version 10.0.16299

AES-KW:

  • Modes: Decrypt, Encrypt
  • CIPHK transformation direction: Forward
  • Key Lengths: 128, 192, 256 (bits)
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)

AES Val#4902

Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900

Version 10.0.15063.674

AES-KW:

  • Modes: Decrypt, Encrypt
  • CIPHK transformation direction: Forward
  • Key Lengths: 128, 192, 256 (bits)
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)

AES Val#4901

Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899

Version 10.0.15254

AES-KW:

  • Modes: Decrypt, Encrypt
  • CIPHK transformation direction: Forward
  • Key Lengths: 128, 192, 256 (bits)
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)

AES Val#4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898

Version 10.0.16299

AES-CCM:

  • Key Lengths: 256 (bits)
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
  • AAD Length: 0-65536

AES Val#4902

Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896

Version 10.0.15063.674

AES-CCM:

  • Key Lengths: 256 (bits)
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
  • AAD Length: 0-65536

AES Val#4901

Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895

Version 10.0.15254

AES-CCM:

  • Key Lengths: 256 (bits)
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
  • AAD Length: 0-65536

AES Val#4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894

Version 10.0.16299

CBC ( e/d; 128 , 192 , 256 );

CFB128 ( e/d; 128 , 192 , 256 );

OFB ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627

Version 10.0.15063

KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

AES Val#4624

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626

Version 10.0.15063

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

AES Val#4624

 

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625

Version 10.0.15063

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

CFB128 ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )

(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )

IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported

GMAC_Supported

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624

Version 10.0.15063

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434

Version 7.00.2872

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433

Version 8.00.6246

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431

Version 7.00.2872

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430

Version 8.00.6246

CBC ( e/d; 128 , 192 , 256 );

CFB128 ( e/d; 128 , 192 , 256 );

OFB ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074

Version 10.0.14393

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
GMAC_Supported

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064

Version 10.0.14393

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

 

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
Version 10.0.14393

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )

AES Val#4064

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062

Version 10.0.14393

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

AES Val#4064

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061

Version 10.0.14393

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

AES Val#3629

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652

Version 10.0.10586

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

AES Val#3629

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653

Version 10.0.10586

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

 

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
Version 10.0.10586

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
GMAC_Supported

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629

Version 10.0.10586

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

AES Val#3497

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507

Version 10.0.10240

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

AES Val#3497

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498

Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

CMAC(Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
GMAC_Supported

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

 

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

 

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853

Version 6.3.9600

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

AES Val#2832

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848

Version 6.3.9600

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )

(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )

IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 8 , 1024 ) ; 96BitIV_Supported ;
OtherIVLen_Supported
GMAC_Supported

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

Version 6.3.9600

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
AES Val#2197

CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
AES Val#2197

GCM(KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
GMAC_Supported

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

AES Val#2196

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

CFB128 ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

 

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
AES Val#1168

Windows Server 2008 R2 and SP1 CNG algorithms #1187

Windows 7 Ultimate and SP1 CNG algorithms #1178

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
AES Val#1168
Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

 

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168

GCM

GMAC

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed
CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 ) Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

Windows Server 2008 CNG algorithms #757

Windows Vista Ultimate SP1 CNG algorithms #756

CBC ( e/d; 128 , 256 );

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )

Windows Vista Ultimate BitLocker Drive Encryption #715

Windows Vista Ultimate BitLocker Drive Encryption #424

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CFB8 ( e/d; 128 , 192 , 256 );

Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739

Windows Vista Symmetric Algorithm Implementation #553

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023

ECB ( e/d; 128 , 192 , 256 );

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781

Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516

Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290

Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80

Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33

Deterministic Random Bit Generator (DRBG)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • Counter:
    • Modes: AES-256
    • Derivation Function States: Derivation Function not used
    • Prediction Resistance Modes: Not Enabled

Prerequisite: AES #4904

Microsoft Surface Hub Virtual TPM Implementations #1734

Version 10.0.15063.674

  • Counter:
    • Modes: AES-256
    • Derivation Function States: Derivation Function not used
    • Prediction Resistance Modes: Not Enabled

Prerequisite: AES #4903

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733

Version 10.0.16299

  • Counter:
    • Modes: AES-256
    • Derivation Function States: Derivation Function used
    • Prediction Resistance Modes: Not Enabled

Prerequisite: AES #4902

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732

Version 10.0.15063.674

  • Counter:
    • Modes: AES-256
    • Derivation Function States: Derivation Function used
    • Prediction Resistance Modes: Not Enabled

Prerequisite: AES #4901

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731

Version 10.0.15254

  • Counter:
    • Modes: AES-256
    • Derivation Function States: Derivation Function used
    • Prediction Resistance Modes: Not Enabled

Prerequisite: AES #4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730

Version 10.0.16299

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4627 ) ]

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556

Version 10.0.15063

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4624 ) ]

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555

Version 10.0.15063

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4434 ) ]

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433

Version 7.00.2872

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4433 ) ]

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432

Version 8.00.6246

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4431 ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430

Version 7.00.2872

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4430 ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429

Version 8.00.6246

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4074 ) ]

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222

Version 10.0.14393

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4064 ) ]

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217

Version 10.0.14393

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3629 ) ]

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955

Version 10.0.10586

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3497 ) ]

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868

Version 10.0.10240

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2832 ) ]

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

Version 6.3.9600

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ] Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ] Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ] Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
DRBG (SP 800–90) Windows Vista Ultimate SP1, vendor-affirmed

Digital Signature Algorithm (DSA)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • DSA:
    • 186-4:
      • PQGGen:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • PQGVer:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • SigGen:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • SigVer:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • KeyPair:
        • L = 2048, N = 256
        • L = 3072, N = 256

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303

Version 10.0.15063.674

  • DSA:
    • 186-4:
      • PQGGen:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • PQGVer:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • SigGen:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • SigVer:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • KeyPair:
        •  
        •  
        • L = 2048, N = 256
        • L = 3072, N = 256

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302

Version 10.0.15254

  • DSA:
    • 186-4:
      • PQGGen:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • PQGVer:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • SigGen:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • SigVer:
        • L = 2048, N = 256 SHA: SHA-256
        • L = 3072, N = 256 SHA: SHA-256
      • KeyPair:
        • L = 2048, N = 256
        • L = 3072, N = 256

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301

Version 10.0.16299

FIPS186-4:

PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]

PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

KeyPairGen:   [ (2048,256) ; (3072,256) ]

SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]

SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

SHS: Val#3790

DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223

Version 10.0.15063

FIPS186-4:
PQG(ver)PARMS TESTED:
  [ (1024,160) SHA( 1 ); ]
SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
SHS: Val# 3649

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188

Version 7.00.2872

FIPS186-4:
PQG(ver)PARMS TESTED:
  [ (1024,160) SHA( 1 ); ]
SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
SHS: Val#3648

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187

Version 8.00.6246

FIPS186-4:
PQG(gen)
PARMS TESTED: [
(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
KeyPairGen:    [ (2048,256) ; (3072,256) ]
SIG(gen)PARMS TESTED:   [ (2048,256)
SHA( 256 ); (3072,256) SHA( 256 ); ]
SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

SHS: Val# 3347
DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098

Version 10.0.14393

FIPS186-4:
PQG(gen)
PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]
KeyPairGen:    [ (2048,256) ; (3072,256) ] SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

SHS: Val# 3047
DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024

Version 10.0.10586

FIPS186-4:
PQG(gen)
PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
KeyPairGen:    [ (2048,256) ; (3072,256) ]
SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

SHS: Val# 2886
DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983

Version 10.0.10240

FIPS186-4:
PQG(gen)
PARMS TESTED:   [
(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
PQG(ver)PARMS TESTED:   [ (2048,256)
SHA( 256 ); (3072,256) SHA( 256 ) ]
KeyPairGen:    [ (2048,256) ; (3072,256) ]
SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

SHS: Val# 2373
DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

Version 6.3.9600

FIPS186-2:
PQG(ver) MOD(1024);
SIG(ver) MOD(1024);
SHS: #1903
DRBG: #258

FIPS186-4:
PQG(gen)PARMS TESTED
: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
SHS: #1903
DRBG: #258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
FIPS186-2:
PQG(ver)
MOD(1024);
SIG(ver) MOD(1024);
SHS: #1902
DRBG: #258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 1773
DRBG: Val# 193
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 1081
DRBG: Val# 23
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.

Windows Server 2008 R2 and SP1 CNG algorithms #391

Windows 7 Ultimate and SP1 CNG algorithms #386

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 1081
RNG: Val# 649
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.

Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 753
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.

Windows Server 2008 CNG algorithms #284

Windows Vista Ultimate SP1 CNG algorithms #283

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 753
RNG: Val# 435
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.

Windows Server 2008 Enhanced DSS (DSSENH) #282

Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 618
RNG: Val# 321
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.

Windows Vista CNG algorithms #227

Windows Vista Enhanced DSS (DSSENH) #226

FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 784
RNG: Val# 448
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.
Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
FIPS186-2:
SIG(ver)
MOD(1024);
SHS: Val# 783
RNG: Val# 447
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
FIPS186-2:
PQG(gen)
MOD(1024);
PQG(ver) MOD(1024);
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
SHS: Val# 611
RNG: Val# 314
Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
FIPS186-2:
PQG(gen)
MOD(1024);
PQG(ver) MOD(1024);
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
SHS: Val# 385
Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
FIPS186-2:
PQG(ver)
MOD(1024);
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SIG(ver) MOD(1024);
SHS: Val# 181

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
FIPS186-2:
PQG(gen)
MOD(1024);
PQG(ver) MOD(1024);
KEYGEN(Y) MOD(1024);
SIG(gen) MOD(1024);
SHS: SHA-1 (BYTE)
SIG(ver) MOD(1024);
SHS: SHA-1 (BYTE)

Windows 2000 DSSENH.DLL #29

Windows 2000 DSSBASE.DLL #28

Windows NT 4 SP6 DSSENH.DLL #26

Windows NT 4 SP6 DSSBASE.DLL #25

FIPS186-2: PRIME;
FIPS186-2:

KEYGEN(Y):
SHS: SHA-1 (BYTE)

SIG(gen):
SIG(ver)
MOD(1024);
SHS: SHA-1 (BYTE)

Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17

Elliptic Curve Digital Signature Algorithm (ECDSA)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384, P-521
        • Generation Methods: Extra Random Bits
      • Public Key Validation:
        • Curves: P-256, P-384, P-521
      • Signature Generation:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512
      • Signature Verification:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512

Prerequisite: SHS #2373, DRBG #489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

Version 6.3.9600

  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384
        • Generation Methods: Testing Candidates

Prerequisite: SHS #4011, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #1253

Version 10.0.15063.674

  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384
        • Generation Methods: Testing Candidates

Prerequisite: SHS #4009, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252

Version 10.0.16299

  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384, P-521
        • Generation Methods: Extra Random Bits
      • Public Key Validation:
        • Curves: P-256, P-384, P-521
      • Signature Generation:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512
      • Signature Verification:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #1251

Version 10.0.15063.674

  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384, P-521
        • Generation Methods: Extra Random Bits
      • Public Key Validation:
        • Curves: P-256, P-384, P-521
      • Signature Generation:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512
      • Signature Verification:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250

Version 10.0.15063.674

  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384, P-521
        • Generation Methods: Extra Random Bits
      • Public Key Validation:
        • Curves: P-256, P-384, P-521
      • Signature Generation:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512
      • Signature Verification:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249

Version 10.0.15254

  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384, P-521
        • Generation Methods: Extra Random Bits
      • Public Key Validation:
        • Curves: P-256, P-384, P-521
      • Signature Generation:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512
      • Signature Verification:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248

Version 10.0.15254

  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384, P-521
        • Generation Methods: Extra Random Bits
      • Public Key Validation:
        • Curves: P-256, P-384, P-521
      • Signature Generation:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512
      • Signature Verification:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247

Version 10.0.16299

  • ECDSA:
    • 186-4:
      • Key Pair Generation:
        • Curves: P-256, P-384, P-521
        • Generation Methods: Extra Random Bits
      • Public Key Validation:
        • Curves: P-256, P-384, P-521
      • Signature Generation:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512
      • Signature Verification:
        • P-256 SHA: SHA-256
        • P-384 SHA: SHA-384
        • P-521 SHA: SHA-512

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246

Version 10.0.16299

FIPS186-4:
PKG: CURVES
( P-256 P-384 TestingCandidates )
SHS: Val#3790
DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136

Version 10.0.15063

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
PKV: CURVES( P-256 P-384 P-521 )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
SHS: Val#3790
DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135

Version 10.0.15063

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
PKV: CURVES( P-256 P-384 P-521 )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
SHS: Val#3790
DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133

Version 10.0.15063

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
PKV: CURVES( P-256 P-384 P-521 )
SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
SHS:Val# 3649
DRBG:Val# 1430

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073

Version 7.00.2872

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
PKV: CURVES( P-256 P-384 P-521 )
SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
SHS:Val#3648
DRBG:Val# 1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072

Version 8.00.6246

FIPS186-4:
PKG: CURVES
( P-256 P-384 TestingCandidates )
PKV: CURVES( P-256 P-384 )
SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )

SHS: Val# 3347
DRBG: Val# 1222

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920

Version 10.0.14393

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
PKV: CURVES( P-256 P-384 P-521 )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

SHS: Val# 3347
DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911

Version 10.0.14393

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

SHS: Val# 3047
DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760

Version 10.0.10586

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

SHS: Val# 2886
DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706

Version 10.0.10240

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

SHS: Val#2373
DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

Version 6.3.9600

FIPS186-2:
PKG: CURVES
( P-256 P-384 P-521 )
SHS: #1903
DRBG: #258
SIG(ver):CURVES( P-256 P-384 P-521 )
SHS: #1903
DRBG: #258

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
SHS: #1903
DRBG: #258
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341

FIPS186-2:
PKG: CURVES
( P-256 P-384 P-521 )
SHS: Val#1773
DRBG: Val# 193
SIG(ver): CURVES( P-256 P-384 P-521 )
SHS: Val#1773
DRBG: Val# 193

FIPS186-4:
PKG: CURVES
( P-256 P-384 P-521 ExtraRandomBits )
SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
SHS: Val#1773
DRBG: Val# 193
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
FIPS186-2:
PKG: CURVES
( P-256 P-384 P-521 )
SHS: Val#1081
DRBG: Val# 23
SIG(ver): CURVES( P-256 P-384 P-521 )
SHS: Val#1081
DRBG: Val# 23
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.

Windows Server 2008 R2 and SP1 CNG algorithms #142

Windows 7 Ultimate and SP1 CNG algorithms #141

FIPS186-2:
PKG: CURVES
( P-256 P-384 P-521 )
SHS: Val#753
SIG(ver): CURVES( P-256 P-384 P-521 )
SHS: Val#753
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.

Windows Server 2008 CNG algorithms #83

Windows Vista Ultimate SP1 CNG algorithms #82

FIPS186-2:
PKG: CURVES
( P-256 P-384 P-521 )
SHS: Val#618
RNG: Val# 321
SIG(ver): CURVES( P-256 P-384 P-521 )
SHS: Val#618
RNG: Val# 321
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.
Windows Vista CNG algorithms #60

Keyed-Hash Message Authentication Code (HMAC)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • HMAC-SHA-1:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-256:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-384:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size

Prerequisite: SHS #4011

Microsoft Surface Hub Virtual TPM Implementations #3271

Version 10.0.15063.674

  • HMAC-SHA-1:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-256:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-384:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size

Prerequisite: SHS #4009

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270

Version 10.0.16299

  • HMAC-SHA-1:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-256:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-384:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-512:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size

Prerequisite: SHS #4011

Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269

Version 10.0.15063.674

  • HMAC-SHA-1:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-256:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-384:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-512:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size

Prerequisite: SHS #4010

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268

Version 10.0.15254

  • HMAC-SHA-1:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-256:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-384:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size
  • HMAC-SHA2-512:
    • Key Sizes < Block Size
    • Key Sizes > Block Size
    • Key Sizes = Block Size

Prerequisite: SHS #4009

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267

Version 10.0.16299

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3790

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062

Version 10.0.15063

HMAC-SHA1(Key Sizes Ranges Tested: KSBS ) SHS Val#3790

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061

Version 10.0.15063

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3652

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3652

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3652

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3652

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946

Version 7.00.2872

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3651

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3651

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3651

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3651

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945

Version 8.00.6246

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3649

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal# 3649

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943

Version 7.00.2872

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3648

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3648

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3648

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3648

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942

Version 8.00.6246

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
SHS Val# 3347

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
SHS Val# 3347

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
SHS Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661

Version 10.0.14393

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3347

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651

Version 10.0.14393

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
SHS Val# 3047

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
SHS Val# 3047

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
SHS Val# 3047

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
SHS Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381

Version 10.0.10586

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
SHSVal# 2886

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
SHSVal# 2886

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
 SHSVal# 2886

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
SHSVal# 2886

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233

Version 10.0.10240

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
SHS Val#2373

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
SHS Val#2373

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
SHS Val#2373

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
SHS Val#2373

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

Version 6.3.9600

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#2764

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122

Version 5.2.29344

HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902

HMAC-SHA256 ( Key Size Ranges Tested: KS#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS#1902

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS#1902

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS#1902

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )

SHS#1903

HMAC-SHA256 ( Key Size Ranges Tested: KSBS )

SHS#1903

HMAC-SHA384 ( Key Size Ranges Tested: KSBS )

SHS#1903

HMAC-SHA512 ( Key Size Ranges Tested: KSBS )

SHS#1903

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1773

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1774

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1081

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

Windows Server 2008 R2 and SP1 CNG algorithms #686

Windows 7 and SP1 CNG algorithms #677

Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687

Windows 7 Enhanced Cryptographic Provider (RSAENH) #673

HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#1081

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#816

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#816

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#816

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#816

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#753

Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753

HMAC-SHA512 ( Key Size Ranges Tested: KSBS )SHS Val#753

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408

Windows Vista Enhanced Cryptographic Provider (RSAENH) #407

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHSVal#618

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618

Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#785

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#783

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#783

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#783

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#783

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#613

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#613

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#613

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#613

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#610 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#753

Windows Server 2008 CNG algorithms #413

Windows Vista Ultimate SP1 CNG algorithms #412

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#737

Windows Vista Ultimate BitLocker Drive Encryption #386

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#618

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618

Windows Vista CNG algorithms #298

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#589

HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHSVal#589

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#589

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#589

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#578

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#578

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#578

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#578

Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#495

Windows Vista BitLocker Drive Encryption #199
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#364

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#305

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#305

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#305

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#305

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31

Key Agreement Scheme (KAS)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • KAS ECC:
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
    • Schemes:
      • Full Unified:
        • Key Agreement Roles: Initiator, Responder
        • KDFs: Concatenation
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC

Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #150

Version 10.0.15063.674

  • KAS ECC:
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
    • Schemes:
      • Full Unified:
        • Key Agreement Roles: Initiator, Responder
        • KDFs: Concatenation
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC

Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149

Version 10.0.16299

  • KAS ECC:
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
    • Schemes:
      • Ephemeral Unified:
        • Key Agreement Roles: Initiator, Responder
        • KDFs: Concatenation
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC
      • One Pass DH:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC
      • Static Unified:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC

Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732

  • KAS FFC:
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
    • Schemes:
      • dhEphem:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC
      • dhOneFlow:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC
      • dhStatic:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC

Prerequisite: SHS #4011, DSA #1303, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #148

Version 10.0.15063.674

  • KAS ECC:
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
    • Schemes:
      • Ephemeral Unified:
        • Key Agreement Roles: Initiator, Responder
        • KDFs: Concatenation
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC
      • One Pass DH:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC
      • Static Unified:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC

Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731

  • KAS FFC:
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
    • Schemes:
      • dhEphem:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC
      • dhOneFlow:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC
      • dhStatic:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC

Prerequisite: SHS #4010, DSA #1302, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147

Version 10.0.15254

  • KAS ECC:
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
    • Schemes:
      • Ephemeral Unified:
        • Key Agreement Roles: Initiator, Responder
        • KDFs: Concatenation
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC
      • One Pass DH:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC
      • Static Unified:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • EC:
            • Curve: P-256
            • SHA: SHA-256
            • MAC: HMAC
          • ED:
            • Curve: P-384
            • SHA: SHA-384
            • MAC: HMAC
          • EE:
            • Curve: P-521
            • SHA: SHA-512
            • MAC: HMAC

Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730

  • KAS FFC:
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
    • Schemes:
      • dhEphem:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC
      • dhOneFlow:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC
      • dhStatic:
        • Key Agreement Roles: Initiator, Responder
        • Parameter Sets:
          • FB:
            • SHA: SHA-256
            • MAC: HMAC
          • FC:
            • SHA: SHA-256
            • MAC: HMAC

Prerequisite: SHS #4009, DSA #1301, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146

Version 10.0.16299

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration ) SCHEMES [ FullUnified ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ]

SHS Val#3790
DSA Val#1135
DRBG Val#1556

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128

Version 10.0.15063

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhOneFlow ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
SHS Val#3790
DSA Val#1223
DRBG Val#1555

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]

SHS Val#3790
ECDSA Val#1133
DRBG Val#1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127

Version 10.0.15063

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
SHS Val# 3649
DSA Val#1188
DRBG Val#1430

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115

Version 7.00.2872

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder> ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
SHS Val#3648
DSA Val#1187
DRBG Val#1429

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]

SHS Val#3648
ECDSA Val#1072
DRBG Val#1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114

Version 8.00.6246

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration )
SCHEMES  [ FullUnified  ( No_KC  < KARole(s): Initiator / Responder > < KDF: CONCAT > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ]

SHS Val# 3347 ECDSA Val#920 DRBG Val#1222

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93

Version 10.0.14393

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation )
SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic (No_KC  < KARole(s): Initiator / Responder > ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

SHS Val# 3347 DSA Val#1098 DRBG Val#1217

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH  ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
[ StaticUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92

Version 10.0.14393

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  < KARole(s): Initiator / Responder > ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

SHS Val# 3047 DSA Val#1024 DRBG Val#955

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH  ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
[ StaticUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

SHS Val# 3047 ECDSA Val#760 DRBG Val#955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72

Version 10.0.10586

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  < KARole(s): Initiator / Responder > ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

SHS Val# 2886 DSA Val#983 DRBG Val#868

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH  ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
[ StaticUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

SHS Val# 2886 ECDSA Val#706 DRBG Val#868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64

Version 10.0.10240

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  < KARole(s): Initiator / Responder > ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

SHS Val#2373 DSA Val#855 DRBG Val#489

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH  ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
[ StaticUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

SHS Val#2373 ECDSA Val#505 DRBG Val#489

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47

Version 6.3.9600

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
SHS #1903 DSA Val#687 DRBG #258

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
[ OnePassDH( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]

SHS #1903 ECDSA Val#341 DRBG #258

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36

KAS (SP 800–56A)

key agreement

key establishment methodology provides 80 to 256 bits of encryption strength

Windows 7 and SP1, vendor-affirmed

Windows Server 2008 R2 and SP1, vendor-affirmed

SP 800-108 Key-Based Key Derivation Functions (KBKDF)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • Counter:
    • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384

MAC prerequisite: HMAC #3271

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

K prerequisite: DRBG #1734, KAS #150

Microsoft Surface Hub Virtual TPM Implementations #161

Version 10.0.15063.674

  • Counter:
    • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384

MAC prerequisite: HMAC #3270

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

K prerequisite: DRBG #1733, KAS #149

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160

Version 10.0.16299

  • Counter:
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

MAC prerequisite: AES #4902, HMAC #3269

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A
  • K prerequisite: KAS #148

Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159

Version 10.0.15063.674

  • Counter:
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

MAC prerequisite: AES #4901, HMAC #3268

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

K prerequisite: KAS #147

Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158

Version 10.0.15254

  • Counter:
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

MAC prerequisite: AES #4897, HMAC #3267

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

K prerequisite: KAS #146

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157

Version 10.0.16299

CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

KAS Val#128
DRBG Val#1556
MAC Val#3062

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141

Version 10.0.15063

CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

KAS Val#127
AES Val#4624
DRBG Val#1555
MAC Val#3061

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140

Version 10.0.15063

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

KAS Val#93 DRBG Val#1222 MAC Val#2661

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102

Version 10.0.14393

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101

Version 10.0.14393

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72

Version 10.0.10586

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66

Version 10.0.10240

CTR_Mode:  ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

DRBG Val#489 MAC Val#1773

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30

Version 6.3.9600

CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

DRBG #258 HMAC Val#1345

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3

Random Number Generator (RNG)

Modes / States / Key Sizes Algorithm Implementation and Certificate #

FIPS 186-2 General Purpose

[ (x-Original); (SHA-1) ]

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
FIPS 186-2
[ (x-Original); (SHA-1) ]

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292

Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286

Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66

FIPS 186-2
[ (x-Change Notice); (SHA-1) ]

FIPS 186-2 General Purpose
[ (x-Change Notice); (SHA-1) ]

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649

Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435

Windows Vista RNG implementation #321

FIPS 186-2 General Purpose
[ (x-Change Notice); (SHA-1) ]

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313

FIPS 186-2
[ (x-Change Notice); (SHA-1) ]

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314

RSA

Modes / States / Key Sizes Algorithm Implementation and Certificate #

RSA:

  • 186-4:
    • Signature Generation PKCS1.5:
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
    • Signature Generation PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
    • Signature Verification PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)

Prerequisite: SHS #4011, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #2677

Version 10.0.15063.674

RSA:

  • 186-4:
    • Signature Generation PKCS1.5:
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
    • Signature Generation PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 240 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
    • Signature Verification PSS:
      • Mod 1024:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)

Prerequisite: SHS #4009, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676

Version 10.0.16299

RSA:

  • 186-4:
    • Key Generation:
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub RSA32 Algorithm Implementations #2675

Version 10.0.15063.674

RSA:

  • 186-4:
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674

Version 10.0.16299

RSA:

  • 186-4:
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673

Version 10.0.15254

RSA:

  • 186-4:
    • Key Generation:
      • Public Key Exponent: Fixed (10001)
      • Provable Primes with Conditions:
        • Mod lengths: 2048, 3072 (bits)
        • Primality Tests: C.3
    • Signature Generation PKCS1.5:
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Generation PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Verification PSS:
      • Mod 1024:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 496 (bits)
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #2672

Version 10.0.15063.674

RSA:

  • 186-4:
    • Key Generation:
      • Probable Random Primes:
        • Mod lengths: 2048, 3072 (bits)
        • Primality Tests: C.2
    • Signature Generation PKCS1.5:
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Generation PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Verification PSS:
      • Mod 1024:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 496 (bits)
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671

Version 10.0.15063.674

RSA:

  • 186-4:
    • Key Generation:
      • Probable Random Primes:
        • Mod lengths: 2048, 3072 (bits)
        • Primality Tests: C.2
    • Signature Generation PKCS1.5:
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Generation PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Verification PSS:
      • Mod 1024:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 496 (bits)
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670

Version 10.0.15254

RSA:

  • 186-4:
    • Key Generation:
      • Public Key Exponent: Fixed (10001)
      • Provable Primes with Conditions:
        • Mod lengths: 2048, 3072 (bits)
        • Primality Tests: C.3
    • Signature Generation PKCS1.5:
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Generation PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Verification PSS:
      • Mod 1024:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 496 (bits)
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669

Version 10.0.15254

  • 186-4:
    • Key Generation:
      • Public Key Exponent: Fixed (10001)
      • Provable Primes with Conditions:
        • Mod lengths: 2048, 3072 (bits)
        • Primality Tests: C.3
    • Signature Generation PKCS1.5:
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Generation PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Verification PSS:
      • Mod 1024:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 496 (bits)
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668

Version 10.0.16299

  • 186-4:
    • Key Generation:
      • Probable Random Primes:
        • Mod lengths: 2048, 3072 (bits)
        • Primality Tests: C.2
    • Signature Generation PKCS1.5:
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Generation PSS:
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
    • Signature Verification PKCS1.5:
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
    • Signature Verification PSS:
      • Mod 1024:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 496 (bits)
      • Mod 2048:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)
      • Mod 3072:
        • SHA-1: Salt Length: 160 (bits)
        • SHA-256: Salt Length: 256 (bits)
        • SHA-384: Salt Length: 384 (bits)
        • SHA-512: Salt Length: 512 (bits)

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667

Version 10.0.16299

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
SHA Val#3790

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524

Version 10.0.15063

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
SHA Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523

Version 10.0.15063

FIPS186-4:
186-4KEY(gen):
FIPS186-4_Fixed_e ( 10001 ) ;
PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
SHA Val#3790
DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522

Version 10.0.15063

FIPS186-4:
186-4KEY(gen):
PGM(ProbRandom:
( 2048 , 3072 ) PPTT:( C.2 )
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
SHA Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521

Version 10.0.15063

FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652

FIPS186-4:
ALG[ANSIX9.31]
Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
SHA Val#3652

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415

Version 7.00.2872

FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651

FIPS186-4:
ALG[ANSIX9.31]
Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
SHA Val#3651

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414

Version 8.00.6246

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 4096 , SHS: SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val# 3649 , SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649

FIPS186-4:
186-4KEY(gen):
FIPS186-4_Fixed_e (10001) ;
PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
SHA Val# 3649
DRBG: Val# 1430

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412

Version 7.00.2872

FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 4096 , SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648

FIPS186-4:
186-4KEY(gen):
FIPS186-4_Fixed_e (10001) ;
PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
SHA Val#3648
DRBG: Val# 1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411

Version 8.00.6246

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))

SHA Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206

Version 10.0.14393

FIPS186-4:
186-4KEY(gen):
FIPS186-4_Fixed_e ( 10001 ) ;
PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195

Version 10.0.14393

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

SHA Val#3346

soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194

Version 10.0.14393

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193

Version 10.0.14393

FIPS186-4:
[RSASSA-PSS]: Sig(Gen):
(2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192

Version 10.0.14393

FIPS186-4:
186-4KEY(gen)
:  FIPS186-4_Fixed_e ( 10001 ) ;
PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

SHA Val# 3047 DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889

Version 10.0.10586

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

SHA Val#3048

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871

Version 10.0.10586

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

SHA Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888

Version 10.0.10586

FIPS186-4:
[RSASSA-PSS]: Sig(Gen)
: (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

SHA Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887

Version 10.0.10586

FIPS186-4:
186-4KEY(gen):
FIPS186-4_Fixed_e ( 10001 ) ;
PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

SHA Val# 2886 DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798

Version 10.0.10240

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

SHA Val#2871

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784

Version 10.0.10240

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

SHA Val#2871

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783

Version 10.0.10240

FIPS186-4:
[RSASSA-PSS]:
Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

SHA Val# 2886

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802

Version 10.0.10240

FIPS186-4:
186-4KEY(gen):
FIPS186-4_Fixed_e ;
PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

SHA Val#2373 DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487

Version 6.3.9600

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

SHA Val#2373

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494

Version 6.3.9600

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5
] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

SHA Val#2373

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493

Version 6.3.9600

FIPS186-4:
[RSASSA-PSS]:
Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

SHA Val#2373

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519

Version 6.3.9600

FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]
SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
SHA #1903

Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
FIPS186-4:
186-4KEY(gen):
FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
SHA #1903 DRBG: #258
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
FIPS186-2:
ALG[ANSIX9.31]:
Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
FIPS186-2:
ALG[ANSIX9.31]:
Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.
Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.

Windows Server 2008 R2 and SP1 CNG algorithms #567

Windows 7 and SP1 CNG algorithms #560

FIPS186-2:
ALG[ANSIX9.31]:
Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.
Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.
Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
FIPS186-2:
ALG[ANSIX9.31]:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.

Windows Server 2008 CNG algorithms #358

Windows Vista SP1 CNG algorithms #357

FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355

Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354

FIPS186-2:
ALG[ANSIX9.31]:
Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.
Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
FIPS186-2:
ALG[ANSIX9.31]:
Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.
Windows Vista RSA key generation implementation #258
FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.
Windows Vista CNG algorithms #257
FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:
SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.
Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.
Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.
Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:

SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.
Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
FIPS186-2:
ALG[ANSIX9.31]:

SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.
Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52

FIPS186-2:

– PKCS#1 v1.5, signature generation and verification

– Mod sizes: 1024, 1536, 2048, 3072, 4096

– SHS: SHA–1/256/384/512

Windows XP, vendor-affirmed

Windows 2000, vendor-affirmed

Secure Hash Standard (SHS)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • SHA-1:
    • Supports Empty Message
  • SHA-256:
    • Supports Empty Message
  • SHA-384:
    • Supports Empty Message
  • SHA-512:
    • Supports Empty Message

Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011

Version 10.0.15063.674

  • SHA-1:
    • Supports Empty Message
  • SHA-256:
    • Supports Empty Message
  • SHA-384:
    • Supports Empty Message
  • SHA-512:
    • Supports Empty Message

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010

Version 10.0.15254

  • SHA-1:
    • Supports Empty Message
  • SHA-256:
    • Supports Empty Message
  • SHA-384:
    • Supports Empty Message
  • SHA-512:
    • Supports Empty Message

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009

Version 10.0.16299

SHA-1      (BYTE-only)
SHA-256  (BYTE-only)
SHA-384  (BYTE-only)
SHA-512  (BYTE-only)

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790

Version 10.0.15063

SHA-1      (BYTE-only)
SHA-256  (BYTE-only)
SHA-384  (BYTE-only)
SHA-512  (BYTE-only)

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652

Version 7.00.2872

SHA-1      (BYTE-only)
SHA-256  (BYTE-only)
SHA-384  (BYTE-only)
SHA-512  (BYTE-only)

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651

Version 8.00.6246

SHA-1      (BYTE-only)
SHA-256  (BYTE-only)
SHA-384  (BYTE-only)
SHA-512  (BYTE-only)

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649

Version 7.00.2872

SHA-1      (BYTE-only)
SHA-256  (BYTE-only)
SHA-384  (BYTE-only)
SHA-512  (BYTE-only)

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648

Version 8.00.6246

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
Version 10.0.14393
SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
Version 10.0.14393
SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
Version 10.0.10586
SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
Version 10.0.10586
SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
Version 10.0.10240
SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
Version 10.0.10240
SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
Version 6.3.9600
SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
Version 6.3.9600

SHA-1 (BYTE-only)

SHA-256 (BYTE-only)

SHA-384 (BYTE-only)

SHA-512 (BYTE-only)

Implementation does not support zero-length (null) messages.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816

SHA-1 (BYTE-only)

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783
SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753

Windows Vista Symmetric Algorithm Implementation #618

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)

Windows Vista BitLocker Drive Encryption #737

Windows Vista Beta 2 BitLocker Drive Encryption #495

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364

SHA-1 (BYTE-only)

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589

Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305

SHA-1 (BYTE-only)

Windows XP Microsoft Enhanced Cryptographic Provider #83

Crypto Driver for Windows 2000 (fips.sys) #35

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32

Windows 2000 RSAENH.DLL #24

Windows 2000 RSABASE.DLL #23

Windows NT 4 SP6 RSAENH.DLL #21

Windows NT 4 SP6 RSABASE.DLL #20

Triple DES

Modes / States / Key Sizes Algorithm Implementation and Certificate #
  • TDES-CBC:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB64:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB8:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-ECB:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1

Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558

Version 10.0.15063.674

  • TDES-CBC:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB64:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB8:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-ECB:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557

Version 10.0.15254

  • TDES-CBC:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB64:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-CFB8:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1
  • TDES-ECB:
    • Modes: Decrypt, Encrypt
    • Keying Option: 1

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556

Version 10.0.16299

TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459

Version 10.0.15063

TECB( KO 1 e/d, ) ;

TCBC( KO 1 e/d, )

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384

Version 8.00.6246

TECB( KO 1 e/d, ) ;

TCBC( KO 1 e/d, )

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383

Version 8.00.6246

TECB( KO 1 e/d, ) ;

TCBC( KO 1 e/d, ) ;

CTR ( int only )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382

Version 7.00.2872

TECB( KO 1 e/d, ) ;

TCBC( KO 1 e/d, )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381

Version 8.00.6246

TECB( KO 1 e/d, ) ;

TCBC( KO 1 e/d, ) ;

TCFB8( KO 1 e/d, ) ;

TCFB64( KO 1 e/d, )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227

Version 10.0.14393

TECB( KO 1 e/d, ) ;

TCBC( KO 1 e/d, ) ;

TCFB8( KO 1 e/d, ) ;

TCFB64( KO 1 e/d, )

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024

Version 10.0.10586

TECB( KO 1 e/d, ) ;

TCBC( KO 1 e/d, ) ;

TCFB8( KO 1 e/d, ) ;

TCFB64( KO 1 e/d, )

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969

Version 10.0.10240

TECB( KO 1 e/d, ) ;

TCBC( KO 1 e/d, ) ;

TCFB8( KO 1 e/d, ) ;

TCFB64( KO 1 e/d, )

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692

Version 6.3.9600

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 ) ;

TCFB8( e/d; KO 1,2 ) ;

TCFB64( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 ) ;

TCFB8( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 ) ;

TCFB8( e/d; KO 1,2 )

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 ) ;

TCFB8( e/d; KO 1,2 )

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 ) ;

TCFB8( e/d; KO 1,2 )

Windows Vista Symmetric Algorithm Implementation #549
Triple DES MAC

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed

TECB( e/d; KO 1,2 ) ;

TCBC( e/d; KO 1,2 )

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542

Windows CE 6.0 and Window CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526

Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192

Windows XP Microsoft Enhanced Cryptographic Provider #81

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18

Crypto Driver for Windows 2000 (fips.sys) #16

SP 800-132 Password Based Key Derivation Function (PBKDF)

Modes / States / Key Sizes Algorithm Implementation and Certificate #
PBKDF (vendor affirmed)

 Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
(Software Version: 10.0.14393)

Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)

Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
(Software Version: 10.0.14393)

Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931
(Software Version: 10.0.14393)

PBKDF (vendor affirmed)

Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed

Component Validation List

Publication / Component Validated / Description Implementation and Certificate #
  • ECDSA SigGen:
    • P-256 SHA: SHA-256
    • P-384 SHA: SHA-384
    • P-521 SHA: SHA-512

Prerequisite: DRBG #489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540

Version 6.3.9600

  • RSASP1:
    • Modulus Size: 2048 (bits)
    • Padding Algorithms: PKCS 1.5

Microsoft Surface Hub Virtual TPM Implementations #1519

Version 10.0.15063.674

  • RSASP1:
    • Modulus Size: 2048 (bits)
    • Padding Algorithms: PKCS 1.5

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518

Version 10.0.16299

  • RSADP:
    • Modulus Size: 2048 (bits)

Microsoft Surface Hub MsBignum Cryptographic Implementations #1517

Version 10.0.15063.674

  • RSASP1:
    • Modulus Size: 2048 (bits)
    • Padding Algorithms: PKCS 1.5

Microsoft Surface Hub MsBignum Cryptographic Implementations #1516

Version 10.0.15063.674

  • ECDSA SigGen:
    • P-256 SHA: SHA-256
    • P-384 SHA: SHA-384
    • P-521 SHA: SHA-512

 Prerequisite: DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #1515

Version 10.0.15063.674

  • ECDSA SigGen:
    • P-256 SHA: SHA-256
    • P-384 SHA: SHA-384
    • P-521 SHA: SHA-512

Prerequisite: DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514

Version 10.0.15063.674

  • RSADP:
    • Modulus Size: 2048 (bits)

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513

Version 10.0.15063.674

  • RSASP1:
    • Modulus Size: 2048 (bits)
    • Padding Algorithms: PKCS 1.5

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512

Version 10.0.15063.674

  • IKEv1:
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
    • Pre-shared Key Length: 64-2048
    • Diffie-Hellman shared secrets:
      • Diffie-Hellman shared secret:
        • Length: 2048 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 256 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 384 (bits)
        • SHA Functions: SHA-384

Prerequisite: SHS #4011, HMAC #3269

  • IKEv2:
    • Derived Keying Material length: 192-1792
    • Diffie-Hellman shared secrets:
      • Diffie-Hellman shared secret:
        • Length: 2048 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 256 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 384 (bits)
        • SHA Functions: SHA-384

Prerequisite: SHS #4011, HMAC #3269

  • TLS:
    • Supports TLS 1.0/1.1
    • Supports TLS 1.2:
      • SHA Functions: SHA-256, SHA-384

Prerequisite: SHS #4011, HMAC #3269

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511

Version 10.0.15063.674

  • ECDSA SigGen:
    • P-256 SHA: SHA-256
    • P-384 SHA: SHA-384
    • P-521 SHA: SHA-512

Prerequisite: DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510

Version 10.0.15254

  • RSADP:
    • Modulus Size: 2048 (bits)

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509

Version 10.0.15254

  • RSASP1:
    • Modulus Size: 2048 (bits)
    • Padding Algorithms: PKCS 1.5

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508

Version 10.0.15254

  • IKEv1:
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
    • Pre-shared Key Length: 64-2048
    • Diffie-Hellman shared secrets:
      • Diffie-Hellman shared secret:
        • Length: 2048 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 256 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 384 (bits)
        • SHA Functions: SHA-384

Prerequisite: SHS #4010, HMAC #3268

  • IKEv2:
    • Derived Keying Material length: 192-1792
    • Diffie-Hellman shared secrets:
      • Diffie-Hellman shared secret:
        • Length: 2048 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 256 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 384 (bits)
        • SHA Functions: SHA-384

Prerequisite: SHS #4010, HMAC #3268

  • TLS:
    • Supports TLS 1.0/1.1
    • Supports TLS 1.2:
      • SHA Functions: SHA-256, SHA-384

Prerequisite: SHS #4010, HMAC #3268

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507

Version 10.0.15254

  • ECDSA SigGen:
    • P-256 SHA: SHA-256
    • P-384 SHA: SHA-384
    • P-521 SHA: SHA-512

Prerequisite: DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506

Version 10.0.15254

  • RSADP:
    • Modulus Size: 2048 (bits)

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505

Version 10.0.15254

  • RSASP1:
    • Modulus Size: 2048 (bits)
    • Padding Algorithms: PKCS 1.5

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504

Version 10.0.15254

  • ECDSA SigGen:
    • P-256 SHA: SHA-256
    • P-384 SHA: SHA-384
    • P-521 SHA: SHA-512

Prerequisite: DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503

Version 10.0.16299

  • RSADP:
    • Modulus Size: 2048 (bits)

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502

Version 10.0.16299

  • RSASP1:
    • Modulus Size: 2048 (bits)
    • Padding Algorithms: PKCS 1.5

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501

Version 10.0.16299

  • ECDSA SigGen:
    • P-256 SHA: SHA-256
    • P-384 SHA: SHA-384
    • P-521 SHA: SHA-512

Prerequisite: DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499

Version 10.0.16299

  • RSADP:
    • Modulus Size: 2048 (bits)

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498

Version 10.0.16299

 

  • RSASP1:
    • Modulus Size: 2048 (bits)
    • Padding Algorithms: PKCS 1.5

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497

Version 10.0.16299

  • IKEv1:
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
    • Pre-shared Key Length: 64-2048
    • Diffie-Hellman shared secrets:
      • Diffie-Hellman shared secret:
        • Length: 2048 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 256 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 384 (bits)
        • SHA Functions: SHA-384

Prerequisite: SHS #4009, HMAC #3267

  • IKEv2:
    • Derived Keying Material length: 192-1792
    • Diffie-Hellman shared secrets:
      • Diffie-Hellman shared secret:
        • Length: 2048 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 256 (bits)
        • SHA Functions: SHA-256
      • Diffie-Hellman shared secret:
        • Length: 384 (bits)
        • SHA Functions: SHA-384

Prerequisite: SHS #4009, HMAC #3267

  • TLS:
    • Supports TLS 1.0/1.1
    • Supports TLS 1.2:
      • SHA Functions: SHA-256, SHA-384

Prerequisite: SHS #4009, HMAC #3267

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

Version 10.0.16299

FIPS186-4 ECDSA

Signature Generation of hash sized messages

ECDSA SigGen Component: CURVES( P-256 P-384 P-521 )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
Version 10.0. 15063

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
Version 10.0. 15063

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
Version 10.0.14393

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
Version 10.0.10586

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
Version 6.3.9600

FIPS186-4 RSA; PKCS#1 v2.1

RSASP1 Signature Primitive

RSASP1: (Mod2048: PKCS1.5 PKCSPSS)

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285
Version 10.0.15063

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282
Version 10.0.15063

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
Version 10.0.15063

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
Version 10.0.14393

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
Version 10.0.14393

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
Version 10.0.10586

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
Version  10.0.10240

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289
Version 6.3.9600

FIPS186-4 RSA; RSADP

RSADP Primitive

RSADP: (Mod2048)

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283
Version 10.0.15063

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
Version 10.0.15063

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
Version 10.0.14393

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
Version 10.0.14393

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663
Version 10.0.10586

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576
Version  10.0.10240

SP800-135

Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

Version 10.0.16299

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
Version 10.0.15063

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140
Version 7.00.2872

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139
Version 8.00.6246

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886
Version 10.0.14393

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664
Version 10.0.10586

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
Version  10.0.10240

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
Version 6.3.9600

References

[FIPS 140] - FIPS 140-2, Security Requirements for Cryptographic Modules

[FIPS FAQ] - Cryptographic Module Validation Program (CMVP) FAQ

[SP 800-57] - Recommendation for Key Management – Part 1: General (Revised)

[SP 800-131A] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths