FIPS 140-2 Validation

FIPS 140-2 standard overview

The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products.

The Cryptographic Module Validation Program (CMVP) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.

Microsoft’s approach to FIPS 140-2 validation

Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.

Using Windows in a FIPS 140-2 approved mode of operation

Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode."  If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly.

The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library.

US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography.

Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below.

Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed

Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. Tables listing validated modules, organized by operating system release, are available later in this article.

Step 2: Ensure all security policies for all cryptographic modules are followed

Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found in the table of validated modules at the end of this article. Select the module version number to view the published SPD for the module.

Step 3: Enable the FIPS security policy

Windows provides the security policy setting, System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing. This setting is used by some Microsoft products to determine whether to run in FIPS mode. When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode. This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.

Step 4: Ensure that only FIPS validated cryptographic algorithms are used

FIPS mode is enforced at the level of the application or service. It is not enforced by the operating system or by individual cryptographic modules. Applications or services running in FIPS mode must follow the security policies of validated modules. They must not use a cryptographic algorithm that isn't FIPS-compliant.

In short, an application or service is running in FIPS mode if it:

  • Checks for the policy flag
  • Enforces security policies of validated modules

Frequently asked questions

How long does it take to certify a cryptographic module?

Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors.

When does Microsoft undertake a FIPS 140 validation?

The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server. As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules.

What is the difference between FIPS 140 validated and FIPS 140 compliant?

FIPS 140 validated means that the cryptographic module, or a product that embeds the module, has been validated ("certified") by the CMVP as meeting the FIPS 140-2 requirements. FIPS 140 compliant is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.

How do I know if a Windows service or application is FIPS 140-2 validated?

The cryptographic modules used in Windows are validated through the CMVP. They aren't validated by individual services, applications, hardware peripherals, or other solutions. Any compliant solution must call a FIPS 140-2 validated cryptographic module in the underlying OS, and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module.

What does When operated in FIPS mode mean on a certificate?

This label means that certain configuration and security rules must be followed to use the cryptographic module in compliance with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module.

What is the relationship between FIPS 140-2 and Common Criteria?

FIPS 140-2 and Common Criteria are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules. Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.

How does FIPS 140 relate to Suite B?

Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS approved cryptographic algorithms allowed by the FIPS 140-2 standard.

Is SMB3 (Server Message Block) FIPS 140 compliant in Windows?

SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server. In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations.

Microsoft FIPS 140-2 validated cryptographic modules

The following tables identify the cryptographic modules used in an operating system, organized by release.

Modules used by Windows

Windows 10 Fall 2018 Update (Version 1809)

Validated Editions: Home, Pro, Enterprise, Education

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.17763 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.17763 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.17763 #3644 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.17763 #3615 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.17763 #3651 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.17763 #3092 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.17763 #3089 See Security Policy and Certificate page for algorithm information
Virtual TPM 10.0.17763 #3690 See Security Policy and Certificate page for algorithm information
Windows 10 Spring 2018 Update (Version 1803)

Validated Editions: Home, Pro, Enterprise, Education

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.17134 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.17134 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.17134 #3195 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.17134 #3480 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.17134 #3096 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.17134 #3092 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.17134 #3089 See Security Policy and Certificate page for algorithm information
Windows 10 Fall Creators Update (Version 1709)

Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.16299 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.16299 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.16299 #3195 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.16299 #3194 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.16299 #3096 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.16299 #3092 See Security Policy and Certificate page for algorithm information
Windows Resume 10.0.16299 #3091 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.16299 #3089 See Security Policy and Certificate page for algorithm information
Windows 10 Creators Update (Version 1703)

Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.15063 #3095 FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs

#1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.15063 #3094 #3094

FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.; FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)

Boot Manager 10.0.15063 #3089 FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790

Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)

Windows OS Loader 10.0.15063 #3090 FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790

Other algorithms: NDRNG

Windows Resume [1] 10.0.15063 #3091 FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
BitLocker® Dump Filter [2] 10.0.15063 #3092 FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
Code Integrity (ci.dll) 10.0.15063 #3093 FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

Secure Kernel Code Integrity (skci.dll)[3] 10.0.15063 #3096 FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

[1] Applies only to Home, Pro, Enterprise, Education, and S.

[2] Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub

[3] Applies only to Pro, Enterprise, Education, and S

Windows 10 Anniversary Update (Version 1607)

Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.14393 #2937 FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.14393 #2936 FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)

Boot Manager 10.0.14393 #2931 FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload) 10.0.14393 #2932 FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: NDRNG; MD5

BitLocker® Windows Resume (winresume)[1] 10.0.14393 #2933 FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5

BitLocker® Dump Filter (dumpfve.sys)[2] 10.0.14393 #2934 FIPS approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll) 10.0.14393 #2935 FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

Secure Kernel Code Integrity (skci.dll)[3] 10.0.14393 #2938 FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

[1] Applies only to Home, Pro, Enterprise, and Enterprise LTSB

[2] Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile

[3] Applies only to Pro, Enterprise, and Enterprise LTSB

Windows 10 November 2015 Update (Version 1511)

Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.10586 #2606 FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.10586 #2605 FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)

Boot Manager [4] 10.0.10586 #2700 FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)

BitLocker® Windows OS Loader (winload)[5] 10.0.10586 #2701 FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

Other algorithms: MD5; NDRNG

BitLocker® Windows Resume (winresume)[6] 10.0.10586 #2702 FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)

Other algorithms: MD5

BitLocker® Dump Filter (dumpfve.sys)[7] 10.0.10586 #2703 FIPS approved algorithms: AES (Certs. #3653)
Code Integrity (ci.dll) 10.0.10586 #2604 FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

Secure Kernel Code Integrity (skci.dll)[8] 10.0.10586 #2607 FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

[4] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub

[5] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub

[6] Applies only to Home, Pro, and Enterprise

[7] Applies only to Pro, Enterprise, Mobile, and Surface Hub

[8] Applies only to Enterprise and Enterprise LTSB

Windows 10 (Version 1507)

Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.10240 #2606 FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.10240 #2605 FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)

Boot Manager[9] 10.0.10240 #2600 FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)

BitLocker® Windows OS Loader (winload)[10] 10.0.10240 #2601 FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

Other algorithms: MD5; NDRNG

BitLocker® Windows Resume (winresume)[11] 10.0.10240 #2602 FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

Other algorithms: MD5

BitLocker® Dump Filter (dumpfve.sys)[12] 10.0.10240 #2603 FIPS approved algorithms: AES (Certs. #3497 and #3498)
Code Integrity (ci.dll) 10.0.10240 #2604 FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

Secure Kernel Code Integrity (skci.dll)[13] 10.0.10240 #2607 FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

[9] Applies only to Home, Pro, Enterprise, and Enterprise LTSB

[10] Applies only to Home, Pro, Enterprise, and Enterprise LTSB

[11] Applies only to Home, Pro, Enterprise, and Enterprise LTSB

[12] Applies only to Pro, Enterprise, and Enterprise LTSB

[13] Applies only to Enterprise and Enterprise LTSB

Windows 8.1

Validated Editions: RT, Pro, Enterprise, Phone, Embedded

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 6.3.9600 6.3.9600.17031 #2357 FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.3.9600 6.3.9600.17042 #2356 FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

Boot Manager 6.3.9600 6.3.9600.17031 #2351 FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)

BitLocker® Windows OS Loader (winload) 6.3.9600 6.3.9600.17031 #2352 FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

Other algorithms: MD5; NDRNG

BitLocker® Windows Resume (winresume)[14] 6.3.9600 6.3.9600.17031 #2353 FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5

BitLocker® Dump Filter (dumpfve.sys) 6.3.9600 6.3.9600.17031 #2354 FIPS approved algorithms: AES (Cert. #2832)

Other algorithms: N/A

Code Integrity (ci.dll) 6.3.9600 6.3.9600.17031 #2355 FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

Other algorithms: MD5

Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

[14] Applies only to Pro, Enterprise, and Embedded 8.

Windows 8

Validated Editions: RT, Home, Pro, Enterprise, Phone

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.2.9200 #1892 FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.2.9200 #1891 FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)

Boot Manager 6.2.9200 #1895 FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5

BitLocker® Windows OS Loader (WINLOAD) 6.2.9200 #1896 FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG

BitLocker® Windows Resume (WINRESUME)[15] 6.2.9200 #1898 FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5

BitLocker® Dump Filter (DUMPFVE.SYS) 6.2.9200 #1899 FIPS approved algorithms: AES (Certs. #2196 and #2198)

Other algorithms: N/A

Code Integrity (CI.DLL) 6.2.9200 #1897 FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.2.9200 #1893 FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH.DLL) 6.2.9200 #1894 FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

[15] Applies only to Home and Pro

Windows 7

Validated Editions: Windows 7, Windows 7 SP1

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.1.7600.16385

6.1.7601.17514

1329 FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)

Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.1.7600.16385

6.1.7600.16915

6.1.7600.21092

6.1.7601.17514

6.1.7601.17725

6.1.7601.17919

6.1.7601.21861

6.1.7601.22076

1328 FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Boot Manager 6.1.7600.16385

6.1.7601.17514

1319 FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)

Other algorithms: MD5

Winload OS Loader (winload.exe) 6.1.7600.16385

6.1.7600.16757

6.1.7600.20897

6.1.7600.20916

6.1.7601.17514

6.1.7601.17556

6.1.7601.21655

6.1.7601.21675

1326 FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5

BitLocker™ Drive Encryption 6.1.7600.16385

6.1.7600.16429

6.1.7600.16757

6.1.7600.20536

6.1.7600.20873

6.1.7600.20897

6.1.7600.20916

6.1.7601.17514

6.1.7601.17556

6.1.7601.21634

6.1.7601.21655

6.1.7601.21675

1332 FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

Other algorithms: Elephant Diffuser

Code Integrity (CI.DLL) 6.1.7600.16385

6.1.7600.17122v6.1.7600.21320

6.1.7601.17514

6.1.7601.17950v6.1.7601.22108

1327 FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.1.7600.16385

(no change in SP1)

1331 FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4

Enhanced Cryptographic Provider (RSAENH.DLL) 6.1.7600.16385

(no change in SP1)

1330 FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Windows Vista SP1

Validated Editions: Ultimate Edition

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Boot Manager (bootmgr) 6.0.6001.18000 and 6.0.6002.18005 978 FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
Winload OS Loader (winload.exe) 6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596 979 FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)

Other algorithms: MD5

Code Integrity (ci.dll) 6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005 980 FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753)

Other algorithms: MD5

Kernel Mode Security Support Provider Interface (ksecdd.sys) 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 1000 FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Cryptographic Primitives Library (bcrypt.dll) 6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 1001 FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH) 6.0.6001.22202 and 6.0.6002.18005 1002 FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.0.6001.18000 and 6.0.6002.18005 1003 FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Windows Vista

Validated Editions: Ultimate Edition

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Enhanced Cryptographic Provider (RSAENH) 6.0.6000.16386 893 FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.0.6000.16386 894 FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption 6.0.6000.16386 947 FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)

Other algorithms: Elephant Diffuser
Kernel Mode Security Support Provider Interface (ksecdd.sys) 6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067 891 FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
Windows XP SP3
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.1.2600.5512 997 FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

Other algorithms: DES; MD5; HMAC MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.1.2600.5507 990 FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

Enhanced Cryptographic Provider (RSAENH) 5.1.2600.5507 989 FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)

Windows XP SP2
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
DSS/Diffie-Hellman Enhanced Cryptographic Provider 5.1.2600.2133 240 FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Microsoft Enhanced Cryptographic Provider 5.1.2600.2161 238 FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

Windows XP SP1
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Microsoft Enhanced Cryptographic Provider 5.1.2600.1029 238 FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

Windows XP
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module 5.1.2600.0 241 FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

Other algorithms: DES (Cert. #89)

Windows 2000 SP3
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.0.2195.1569 106 FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider (Base DSS: 5.0.2195.3665 [SP3])

(Base: 5.0.2195.3839 [SP3])

(DSS/DH Enh: 5.0.2195.3665 [SP3])

(Enh: 5.0.2195.3839 [SP3]

103 FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

Windows 2000 SP2
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.0.2195.1569 106 FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider (Base DSS:

5.0.2195.2228 [SP2])

(Base:

5.0.2195.2228 [SP2])

(DSS/DH Enh:

5.0.2195.2228 [SP2])

(Enh:

5.0.2195.2228 [SP2])

103 FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

Windows 2000 SP1
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider (Base DSS: 5.0.2150.1391 [SP1])

(Base: 5.0.2150.1391 [SP1])

(DSS/DH Enh: 5.0.2150.1391 [SP1])

(Enh: 5.0.2150.1391 [SP1])

103 FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

Windows 2000
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider 5.0.2150.1 76 FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Windows 95 and Windows 98
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider 5.0.1877.6 and 5.0.1877.7 75 FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Windows NT 4.0
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Base Cryptographic Provider 5.0.1877.6 and 5.0.1877.7 68 FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)

Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

Modules used by Windows Server

Windows Server 2019 (Version 1809)

Validated Editions: Standard, Datacenter

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.17763 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.17763 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.17763 #3644 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.17763 #3615 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.17763 #3651 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.17763 #3092 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.17763 #3089 See Security Policy and Certificate page for algorithm information
Virtual TPM 10.0.17763 #3690 See Security Policy and Certificate page for algorithm information
Windows Server (Version 1803)

Validated Editions: Standard, Datacenter

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.17134 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.17134 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.17134 #3195 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.17134 #3480 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.17134 #3096 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.17134 #3092 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.17134 #3089 See Security Policy and Certificate page for algorithm information
Windows Server (Version 1709)

Validated Editions: Standard, Datacenter

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library 10.0.16299 #3197 See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library 10.0.16299 #3196 See Security Policy and Certificate page for algorithm information
Code Integrity 10.0.16299 #3195 See Security Policy and Certificate page for algorithm information
Windows OS Loader 10.0.16299 #3194 See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity 10.0.16299 #3096 See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter 10.0.16299 #3092 See Security Policy and Certificate page for algorithm information
Windows Resume 10.0.16299 #3091 See Security Policy and Certificate page for algorithm information
Boot Manager 10.0.16299 #3089 See Security Policy and Certificate page for algorithm information
Windows Server 2016

Validated Editions: Standard, Datacenter, Storage Server

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.14393 2937 FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.14393 2936 FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Boot Manager 10.0.14393 2931 FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload) 10.0.14393 2932 FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: NDRNG; MD5

BitLocker® Windows Resume (winresume) 10.0.14393 2933 FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5

BitLocker® Dump Filter (dumpfve.sys) 10.0.14393 2934 FIPS approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll) 10.0.14393 2935 FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: AES (non-compliant); MD5

Secure Kernel Code Integrity (skci.dll) 10.0.14393 2938 FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

Other algorithms: MD5

Windows Server 2012 R2

Validated Editions: Server, Storage Server,

StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 6.3.9600 6.3.9600.17031 2357 FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.3.9600 6.3.9600.17042 2356 FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Boot Manager 6.3.9600 6.3.9600.17031 2351 FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)

BitLocker® Windows OS Loader (winload) 6.3.9600 6.3.9600.17031 2352 FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

Other algorithms: MD5; NDRNG

BitLocker® Windows Resume (winresume)[16] 6.3.9600 6.3.9600.17031 2353 FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5

BitLocker® Dump Filter (dumpfve.sys)[17] 6.3.9600 6.3.9600.17031 2354 FIPS approved algorithms: AES (Cert. #2832)

Other algorithms: N/A

Code Integrity (ci.dll) 6.3.9600 6.3.9600.17031 2355 FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

Other algorithms: MD5

[16] Doesn't apply to Azure StorSimple Virtual Array Windows Server 2012 R2

[17] Doesn't apply to Azure StorSimple Virtual Array Windows Server 2012 R2

Windows Server 2012

Validated Editions: Server, Storage Server

Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.2.9200 1892 FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.2.9200 1891 FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)

Boot Manager 6.2.9200 1895 FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5

BitLocker® Windows OS Loader (WINLOAD) 6.2.9200 1896 FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG

BitLocker® Windows Resume (WINRESUME) 6.2.9200 1898 FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5

BitLocker® Dump Filter (DUMPFVE.SYS) 6.2.9200 1899 FIPS approved algorithms: AES (Certs. #2196 and #2198)

Other algorithms: N/A

Code Integrity (CI.DLL) 6.2.9200 1897 FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.2.9200 1893 FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH.DLL) 6.2.9200 1894 FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Windows Server 2008 R2
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Boot Manager (bootmgr) 6.1.7600.16385 or 6.1.7601.17514 1321 FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5

Winload OS Loader (winload.exe) 6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 1333 FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5

Code Integrity (ci.dll) 6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 1334 FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 1335 FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Cryptographic Primitives Library (bcryptprimitives.dll) 66.1.7600.16385 or 6.1.7601.17514 1336 FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4

Enhanced Cryptographic Provider (RSAENH) 6.1.7600.16385 1337 FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.1.7600.16385 1338 FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4

BitLocker™ Drive Encryption 6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 1339 FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

Other algorithms: Elephant Diffuser

Windows Server 2008
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Boot Manager (bootmgr) 6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 1004 FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: N/A

Winload OS Loader (winload.exe) 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 1005 FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: MD5

Code Integrity (ci.dll) 6.0.6001.18000 and 6.0.6002.18005 1006 FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: MD5

Kernel Mode Security Support Provider Interface (ksecdd.sys) 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 1007 FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Cryptographic Primitives Library (bcrypt.dll) 6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 1008 FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.0.6001.18000 and 6.0.6002.18005 1009 FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Enhanced Cryptographic Provider (RSAENH) 6.0.6001.22202 and 6.0.6002.18005 1010 FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Windows Server 2003 SP2
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.3959 875 FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.3959 869 FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

Other algorithms: DES; HMAC-MD5

Enhanced Cryptographic Provider (RSAENH) 5.2.3790.3959 868 FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Windows Server 2003 SP1
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.1830 [SP1] 405 FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

[1] x86

[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH) 5.2.3790.1830 [Service Pack 1]) 382 FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

[1] x86

[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.1830 [Service Pack 1] 381 FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

[1] x86

[2] SP1 x86, x64, IA64

Windows Server 2003
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.0 405 FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

[1] x86

[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH) 5.2.3790.0 382 FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

[1] x86

[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.0 381 FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

[1] x86

[2] SP1 x86, x64, IA64

Other Products

Windows Embedded Compact 7 and Windows Embedded Compact 8
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Enhanced Cryptographic Provider 7.00.2872 [1] and 8.00.6246 [2] 2957 FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

Allowed algorithms: HMAC-MD5, MD5, NDRNG

Cryptographic Primitives Library (bcrypt.dll) 7.00.2872 [1] and 8.00.6246 [2] 2956 FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength

Windows CE 6.0 and Windows Embedded Compact 7
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Enhanced Cryptographic Provider 6.00.1937 [1] and 7.00.1687 [2] 825 FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

Outlook Cryptographic Provider
Cryptographic Module Version (link to Security Policy) FIPS Certificate # Algorithms
Outlook Cryptographic Provider (EXCHCSP) SR-1A (3821) 110 FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5

Cryptographic Algorithms

The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.

Advanced Encryption Standard (AES)

Modes / States / Key Sizes Algorithm Implementation and Certificate #

AES-CBC:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CFB128:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CTR:

    Counter Source: Internal

  • Key Lengths: 128, 192, 256 (bits)

    AES-OFB:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)
  • Microsoft Surface Hub Virtual TPM Implementations #4904

    Version 10.0.15063.674

    AES-CBC:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CFB128:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CTR:

    Counter Source: Internal

  • Key Lengths: 128, 192, 256 (bits)

    AES-OFB:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)
  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903

    Version 10.0.16299

    AES-CBC:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CCM:

  • Key Lengths: 128, 192, 256 (bits)
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
  • Additional authenticated data length: 0-65536

    AES-CFB128:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CFB8:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CMAC:

  • Generation:

    AES-128:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-192:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-256:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    Verification:

    AES-128:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-192:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-256:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-CTR:

    Counter Source: Internal

  • Key Lengths: 128, 192, 256 (bits)

    AES-ECB:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-GCM:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)
  • Tag Lengths: 96, 104, 112, 120, 128 (bits)
  • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
  • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
  • 96 bit IV supported

    AES-XTS:

  • Key Size: 128:
  • Modes: Decrypt, Encrypt
  • Block Sizes: Full
  • Key Size: 256:
  • Modes: Decrypt, Encrypt
  • Block Sizes: Full
  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902

    Version 10.0.15063.674

    AES-CBC:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CCM:

  • Key Lengths: 128, 192, 256 (bits)
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
  • Additional authenticated data length: 0-65536

    AES-CFB128:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CFB8:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CMAC:

  • Generation:

    AES-128:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-192:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-256:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16
  • Verification:

    AES-128:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-192:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-256:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-CTR:

    Counter Source: Internal

  • Key Lengths: 128, 192, 256 (bits)

    AES-ECB:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-GCM:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)
  • Tag Lengths: 96, 104, 112, 120, 128 (bits)
  • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
  • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits),96 bit IV supported

    AES-XTS:

  • Key Size: 128:
  • Modes: Decrypt, Encrypt
  • Block Sizes: Full
  • Key Size: 256:
  • Modes: Decrypt, Encrypt
  • Block Sizes: Full
  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901

    Version 10.0.15254

    AES-CBC:
  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CCM:

  • Key Lengths: 128, 192, 256 (bits)
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
  • Additional authenticated data length: 0-65536

    AES-CFB128:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CFB8:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-CMAC:

  • Generation:

    AES-128:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-192:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-256:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    Verification:

    AES-128:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-192:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-256:

  • Block Sizes: Full, Partial
  • Message Length: 0-65536
  • Tag Length: 16-16

    AES-CTR:

    Counter Source: Internal

  • Key Lengths: 128, 192, 256 (bits)

    AES-ECB:

  • Modes: Decrypt, Encrypt
  • Key Lengths: 128, 192, 256 (bits)

    AES-GCM:

  • Modes: Decrypt, Encrypt
  • IV Generation: External
  • Key Lengths: 128, 192, 256 (bits)
  • Tag Lengths: 96, 104, 112, 120, 128 (bits)
  • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
  • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
  • 96 bit IV supported

    AES-XTS:

  • Key Size: 128:
  • Modes: Decrypt, Encrypt
  • Block Sizes: Full
  • Key Size: 256:
  • Modes: Decrypt, Encrypt
  • Block Sizes: Full
  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

    Version 10.0.16299

    AES-KW:
  • Modes: Decrypt, Encrypt
  • CIPHK transformation direction: Forward
  • Key Lengths: 128, 192, 256 (bits)
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)

    AES validation number 4902

  • Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900

    Version 10.0.15063.674

    AES-KW:
  • Modes: Decrypt, Encrypt
  • CIPHK transformation direction: Forward
  • Key Lengths: 128, 192, 256 (bits)
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)

    AES validation number 4901

  • Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899

    Version 10.0.15254

    AES-KW:
  • Modes: Decrypt, Encrypt
  • CIPHK transformation direction: Forward
  • Key Lengths: 128, 192, 256 (bits)
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)

    AES validation number 4897

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898

    Version 10.0.16299

    AES-CCM:
  • Key Lengths: 256 (bits)
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain
  • Text Length: 0-32
  • Additional authenticated data length: 0-65536

    AES validation number 4902

  • Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896

    Version 10.0.15063.674

    AES-CCM:
  • Key Lengths: 256 (bits)
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
  • Additional authenticated data length: 0-65536

    AES validation number 4901

  • Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895

    Version 10.0.15254

    AES-CCM:
  • Key Lengths: 256 (bits)
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
  • Additional authenticated data length: 0-65536

    AES validation number 4897

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894

    Version 10.0.16299

    CBC (e/d; 128, 192, 256);

    CFB128 (e/d; 128, 192, 256);

    OFB (e/d; 128, 192, 256);

    CTR (int only; 128, 192, 256)

    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627

    Version 10.0.15063

    KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)

    AES validation number 4624

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626

    Version 10.0.15063

    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES validation number 4624

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625

    Version 10.0.15063

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    CFB128 (e/d; 128, 192, 256);

    CTR (int only; 128, 192, 256)

    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported

    GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624

    Version 10.0.15063

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434

    Version 7.00.2872

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433

    Version 8.00.6246

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CTR (int only; 128, 192, 256)

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431

    Version 7.00.2872

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CTR (int only; 128, 192, 256)

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430

    Version 8.00.6246

    CBC (e/d; 128, 192, 256);

    CFB128 (e/d; 128, 192, 256);

    OFB (e/d; 128, 192, 256);

    CTR (int only; 128, 192, 256)

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074

    Version 10.0.14393

    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256);

    CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)

    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported

    GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064

    Version 10.0.14393

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063

    Version 10.0.14393

    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)

    AES validation number 4064

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062

    Version 10.0.14393

    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES validation number 4064

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061

    Version 10.0.14393

    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)

    AES validation number 3629

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652

    Version 10.0.10586

    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES validation number 3629

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653

    Version 10.0.10586

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630

    Version 10.0.10586

    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256);

    CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)

    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)vIV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported

    GMAC supported

    XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629

    Version 10.0.10586

    KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)

    AES validation number 3497

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507

    Version 10.0.10240

    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES validation number 3497

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498

    Version 10.0.10240

    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256);

    CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)

    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96 bit IV supported

    GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497

    Version 10.0.10240

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476

    Version 10.0.10240

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853

    Version 6.3.9600

    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES validation number 2832

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848

    Version 6.3.9600

    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96 bit IV supported;

    OtherIVLen_Supported

    GMAC supported

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

    Version 6.3.9600

    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    AES validation number 2197

    CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)

    AES validation number 2197

    GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported

    GMAC supported

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216
    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES validation number 2196

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    CFB128 (e/d; 128, 192, 256);

    CTR (int only; 128, 192, 256)

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197
    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    AES validation number 1168

    Windows Server 2008 R2 and SP1 CNG algorithms #1187

    Windows 7 Ultimate and SP1 CNG algorithms #1178

    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)

    AES validation number 1168

    Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177
    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168
    GCM

    GMAC

    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168, vendor-affirmed
    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16) Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16**)** Windows Server 2008 CNG algorithms #757

    Windows Vista Ultimate SP1 CNG algorithms #756

    CBC (e/d; 128, 256);

    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)

    Windows Vista Ultimate BitLocker Drive Encryption #715

    Windows Vista Ultimate BitLocker Drive Encryption #424

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CFB8 (e/d; 128, 192, 256);

    Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739

    Windows Vista Symmetric Algorithm Implementation #553

    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    CTR (int only; 128, 192, 256)

    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023
    ECB (e/d; 128, 192, 256);

    CBC (e/d; 128, 192, 256);

    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024

    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818

    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781

    Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548

    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516

    Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507

    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290

    Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224

    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80

    Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33

    Deterministic Random Bit Generator (DRBG)

    Modes / States / Key Sizes Algorithm Implementation and Certificate #

    Counter:

  • Modes: AES-256
  • Derivation Function States: Derivation Function not used
  • Prediction Resistance Modes: Not Enabled

    Prerequisite: AES #4904

  • Microsoft Surface Hub Virtual TPM Implementations #1734

    Version 10.0.15063.674

    Counter:

  • Modes: AES-256
  • Derivation Function States: Derivation Function not used
  • Prediction Resistance Modes: Not Enabled

    Prerequisite: AES #4903

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733

    Version 10.0.16299

    Counter:

  • Modes: AES-256
  • Derivation Function States: Derivation Function used
  • Prediction Resistance Modes: Not Enabled

    Prerequisite: AES #4902

  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732

    Version 10.0.15063.674

    Counter:

  • Modes: AES-256
  • Derivation Function States: Derivation Function used
  • Prediction Resistance Modes: Not Enabled

    Prerequisite: AES #4901

  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731

    Version 10.0.15254

    Counter:

  • Modes: AES-256
  • Derivation Function States: Derivation Function used
  • Prediction Resistance Modes: Not Enabled

    Prerequisite: AES #4897

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730

    Version 10.0.16299

    CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256)

    (AES validation number 4627)]

    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556

    Version 10.0.15063

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256 (AES validation number 4624)] Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555

    Version 10.0.15063

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4434)] Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433

    Version 7.00.2872

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4433)] Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432

    Version 8.00.6246

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4431)] Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430

    Version 7.00.2872

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4430)] Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429

    Version 8.00.6246

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4074)] Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222

    Version 10.0.14393

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4064)] Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217

    Version 10.0.14393

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3629)] Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955

    Version 10.0.10586

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3497)] Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868

    Version 10.0.10240

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2832)] Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

    Version 6.3.9600

    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2197)] Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 2023)] Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
    CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 1168)] Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
    DRBG (SP 800–90) Windows Vista Ultimate SP1, vendor-affirmed

    Digital Signature Algorithm (DSA)

    Modes / States / Key Sizes Algorithm Implementation and Certificate #
    DSA:
  • 186-4:

    PQGGen:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    PQGVer:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    SigGen:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    SigVer:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    KeyPair:

  • L = 2048, N = 256
  • L = 3072, N = 256

    Prerequisite: SHS #4011, DRBG #1732

  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303

    Version 10.0.15063.674

    DSA:
  • 186-4:

    PQGGen:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    PQGVer:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    SigGen:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    SigVer:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    KeyPair:

  • L = 2048, N = 256
  • L = 3072, N = 256

    Prerequisite: SHS #4010, DRBG #1731

  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302

    Version 10.0.15254

    DSA:
  • 186-4:

    PQGGen:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    PQGVer:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    SigGen:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    SigVer:

  • L = 2048, N = 256 SHA: SHA-256
  • L = 3072, N = 256 SHA: SHA-256

    KeyPair:

  • L = 2048, N = 256
  • L = 3072, N = 256

    Prerequisite: SHS #4009, DRBG #1730

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301

    Version 10.0.16299

    FIPS186-4:
    PQG(gen) PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]

    **PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    KeyPairGen:   [(2048,256); (3072,256)]

    **SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SIG(ver) PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: validation number 3790

    DRBG: validation number 1555

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223

    Version 10.0.15063

    FIPS186-4:
    PQG(ver)PARMS TESTED:
      [(1024,160) SHA(1)]

    SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]

    SHS: validation number 3649

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188

    Version 7.00.2872

    FIPS186-4:
    PQG(ver)PARMS TESTED:
      [(1024,160) SHA(1)]

    SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]

    SHS: validation number 3648

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187

    Version 8.00.6246

    FIPS186-4:
    PQG(gen)
    PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]

    **PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    KeyPairGen:    [(2048,256); (3072,256)]

    **SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    **SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: validation number 3347

    DRBG: validation number 1217

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098

    Version 10.0.14393

    FIPS186-4:
    PQG(gen)
    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]

    **PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    KeyPairGen:    [(2048,256); (3072,256)] **SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    **SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: validation number 3047

    DRBG: validation number 955

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024

    Version 10.0.10586

    FIPS186-4:
    PQG(gen)
    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]

    **PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    KeyPairGen: [(2048,256); (3072,256)]

    **SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: validation number 2886

    DRBG: validation number 868

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983

    Version 10.0.10240

    FIPS186-4:
    PQG(gen)
    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]

    PQG(ver)PARMS TESTED:   [(2048,256), SHA(256); (3072,256) SHA(256)]
    KeyPairGen:    [(2048,256); (3072,256)]

    **SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    **SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: validation number 2373

    DRBG: validation number 489

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

    Version 6.3.9600

    FIPS186-2:

    PQG(ver) MOD(1024);

    SIG(ver) MOD(1024);

    SHS: #1903

    DRBG: #258

    FIPS186-4: PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]

    PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]

    SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]

    SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: #1903

    DRBG: #258

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 687.

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
    FIPS186-2:
    PQG(ver)
    MOD(1024);

    SIG(ver) MOD(1024);

    SHS: #1902

    DRBG: #258

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 686.

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
    FIPS186-2:
    SIG(ver)
    MOD(1024);

    SHS: validation number 1773

    DRBG: validation number 193

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 645.

    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
    FIPS186-2:
    SIG(ver)
    MOD(1024);

    SHS: validation number 1081

    DRBG: validation number 23

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 391. See Historical DSA List validation number 386.

    Windows Server 2008 R2 and SP1 CNG algorithms #391

    Windows 7 Ultimate and SP1 CNG algorithms #386

    FIPS186-2:
    SIG(ver)
    MOD(1024);

    SHS: validation number 1081

    RNG: validation number 649

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 390. See Historical DSA List validation number 385.

    Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

    Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385

    FIPS186-2:
    SIG(ver)
    MOD(1024);

    SHS: validation number 753

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 284. See Historical DSA List validation number 283.

    Windows Server 2008 CNG algorithms #284

    Windows Vista Ultimate SP1 CNG algorithms #283

    FIPS186-2:
    SIG(ver)
    MOD(1024);

    SHS: validation number 753

    RNG: validation number 435

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 282. See Historical DSA List validation number 281.

    Windows Server 2008 Enhanced DSS (DSSENH) #282

    Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281

    FIPS186-2:
    SIG(ver)
    MOD(1024);

    SHS: validation number 618

    RNG: validation number 321

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 227. See Historical DSA List validation number 226.

    Windows Vista CNG algorithms #227

    Windows Vista Enhanced DSS (DSSENH) #226

    FIPS186-2:
    SIG(ver)
    MOD(1024);

    SHS: validation number 784

    RNG: validation number 448

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 292.

    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
    FIPS186-2:
    SIG(ver)
    MOD(1024);

    SHS: validation number 783

    RNG: validation number 447vSome of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 291.

    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
    FIPS186-2:
    PQG(gen)
    MOD(1024);

    PQG(ver) MOD(1024);

    KEYGEN(Y) MOD(1024);

    SIG(gen) MOD(1024);

    SIG(ver) MOD(1024);

    SHS: validation number 611

    RNG: validation number 314

    Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
    FIPS186-2:
    PQG(gen)
    MOD(1024);

    PQG(ver) MOD(1024);

    KEYGEN(Y) MOD(1024);

    SIG(gen) MOD(1024);vSIG(ver) MOD(1024);vSHS: validation number 385

    Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
    FIPS186-2:
    PQG(ver)
    MOD(1024);

    KEYGEN(Y) MOD(1024);vSIG(gen) MOD(1024);

    SIG(ver) MOD(1024);

    SHS: validation number 181

    Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
    FIPS186-2:
    PQG(gen)
    MOD(1024);

    PQG(ver) MOD(1024);

    KEYGEN(Y) MOD(1024);

    SIG(gen) MOD(1024); SHS: SHA-1 (BYTE)

    SIG(ver) MOD(1024); SHS: SHA-1 (BYTE)

    Windows 2000 DSSENH.DLL #29

    Windows 2000 DSSBASE.DLL #28

    Windows NT 4 SP6 DSSENH.DLL #26

    Windows NT 4 SP6 DSSBASE.DLL #25

    FIPS186-2: PRIME;
    FIPS186-2:

    **KEYGEN(Y):**SHS: SHA-1 (BYTE)

    SIG(gen):SIG(ver) MOD(1024);

    SHS: SHA-1 (BYTE)

    Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17

    Elliptic Curve Digital Signature Algorithm (ECDSA)

    Modes / States / Key Sizes Algorithm Implementation and Certificate #

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384, P-521
  • Generation Methods: Extra Random Bits

    Public Key Validation:

  • Curves: P-256, P-384, P-521

    Signature Generation:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Signature Verification:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: SHS #2373, DRBG #489

  • Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

    Version 6.3.9600

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384
  • Generation Methods: Testing Candidates

    Prerequisite: SHS #4011, DRBG #1734

  • Microsoft Surface Hub Virtual TPM Implementations #1253

    Version 10.0.15063.674

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384
  • Generation Methods: Testing Candidates

    Prerequisite: SHS #4009, DRBG #1733

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252

    Version 10.0.16299

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384, P-521
  • Generation Methods: Extra Random Bits

    Public Key Validation:

  • Curves: P-256, P-384, P-521

    Signature Generation:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Signature Verification:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: SHS #4011, DRBG #1732

  • Microsoft Surface Hub MsBignum Cryptographic Implementations #1251

    Version 10.0.15063.674

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384, P-521
  • Generation Methods: Extra Random Bits

    Public Key Validation:

  • Curves: P-256, P-384, P-521

    Signature Generation:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Signature Verification:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: SHS #4011, DRBG #1732

  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250

    Version 10.0.15063.674

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384, P-521
  • Generation Methods: Extra Random Bits

    Public Key Validation:

  • Curves: P-256, P-384, P-521

    Signature Generation:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Signature Verification:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: SHS #4010, DRBG #1731

  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249

    Version 10.0.15254

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384, P-521
  • Generation Methods: Extra Random Bits

    Public Key Validation:

  • Curves: P-256, P-384, P-521

    Signature Generation:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Signature Verification:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: SHS #4010, DRBG #1731

  • Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248

    Version 10.0.15254

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384, P-521
  • Generation Methods: Extra Random Bits

    Public Key Validation:

  • Curves: P-256, P-384, P-521

    Signature Generation:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Signature Verification:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: SHS #4009, DRBG #1730

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247

    Version 10.0.16299

    ECDSA:186-4:

    Key Pair Generation:

  • Curves: P-256, P-384, P-521
  • Generation Methods: Extra Random Bits

    Public Key Validation:

  • Curves: P-256, P-384, P-521

    Signature Generation:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Signature Verification:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: SHS #4009, DRBG #1730

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246

    Version 10.0.16299

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 TestingCandidates)

    SHS: validation number 3790

    DRBG: validation number 1555

    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136

    Version 10.0.15063

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    PKV: CURVES(P-256 P-384 P-521)

    SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)

    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: validation number 3790

    DRBG: validation number 1555

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135

    Version 10.0.15063

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    PKV: CURVES(P-256 P-384 P-521)

    SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)

    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: validation number 3790

    DRBG: validation number 1555

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133

    Version 10.0.15063

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    PKV: CURVES(P-256 P-384 P-521)

    SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.

    SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))

    SHS:validation number 3649

    DRBG:validation number 1430

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073

    Version 7.00.2872

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    PKV: CURVES(P-256 P-384 P-521)

    SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.

    SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))

    SHS:validation number 3648

    DRBG:validation number 1429

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072

    Version 8.00.6246

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 TestingCandidates)vPKV: CURVES(P-256 P-384)

    SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.vSigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))

    SHS: validation number 3347

    DRBG: validation number 1222

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920

    Version 10.0.14393

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    PKV: CURVES(P-256 P-384 P-521)

    SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)

    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))vSHS: validation number 3347

    DRBG: validation number 1217

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911

    Version 10.0.14393

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)

    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: validation number 3047

    DRBG: validation number 955

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760

    Version 10.0.10586

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)

    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: validation number 2886

    DRBG: validation number 868

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706

    Version 10.0.10240

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)

    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: validation number 2373

    DRBG: validation number 489

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

    Version 6.3.9600

    FIPS186-2:
    PKG: CURVES
    (P-256 P-384 P-521)

    SHS: #1903

    DRBG: #258

    SIG(ver): CURVES(P-256 P-384 P-521)

    SHS: #1903

    DRBG: #258

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)

    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: #1903

    DRBG: #258

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 341.

    Windows 8,

    Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341

    FIPS186-2:
    PKG: CURVES
    (P-256 P-384 P-521)

    SHS: validation number 1773

    DRBG: validation number 193

    SIG(ver): CURVES(P-256 P-384 P-521)

    SHS: validation number 1773

    DRBG: validation number 193

    FIPS186-4:
    PKG: CURVES
    (P-256 P-384 P-521 ExtraRandomBits)

    SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)

    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: validation number 1773

    DRBG: validation number 193

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 295.

    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
    FIPS186-2:
    PKG: CURVES
    (P-256 P-384 P-521)

    SHS: validation number 1081

    DRBG: validation number 23

    SIG(ver): CURVES(P-256 P-384 P-521)

    SHS: validation number 1081

    DRBG: validation number 23

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 142. See Historical ECDSA List validation number 141.

    Windows Server 2008 R2 and SP1 CNG algorithms #142

    Windows 7 Ultimate and SP1 CNG algorithms #141

    FIPS186-2:
    PKG: CURVES
    (P-256 P-384 P-521)

    SHS: validation number 753

    SIG(ver): CURVES(P-256 P-384 P-521)

    SHS: validation number 753

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 83. See Historical ECDSA List validation number 82.

    Windows Server 2008 CNG algorithms #83

    Windows Vista Ultimate SP1 CNG algorithms #82

    FIPS186-2:
    PKG: CURVES
    (P-256 P-384 P-521)

    SHS: validation number 618

    RNG: validation number 321

    SIG(ver): CURVES(P-256 P-384 P-521)

    SHS: validation number 618

    RNG: validation number 321

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 60.

    Windows Vista CNG algorithms #60

    Keyed-Hash Message Authentication Code (HMAC)

    Modes / States /
  • Key Sizes
  • Algorithm Implementation and Certificate #

    HMAC-SHA-1:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-256:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-384:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    Prerequisite: SHS #4011

  • Microsoft Surface Hub Virtual TPM Implementations #3271

    Version 10.0.15063.674

    HMAC-SHA-1:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-256:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-384:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    Prerequisite: SHS #4009

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270

    Version 10.0.16299

    HMAC-SHA-1:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-256:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-384:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-512:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    Prerequisite: SHS #4011

  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269

    Version 10.0.15063.674

    HMAC-SHA-1:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-256:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-384:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-512:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    Prerequisite: SHS #4010

  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268

    Version 10.0.15254

    HMAC-SHA-1:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-256:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-384:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    HMAC-SHA2-512:

  • Key Sizes < Block Size
  • Key Sizes > Block Size
  • Key Sizes = Block Size

    Prerequisite: SHS #4009

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267

    Version 10.0.16299

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3790

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790

    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062

    Version 10.0.15063

    HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS validation number 3790

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3790

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061

    Version 10.0.15063

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3652

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3652

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3652

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3652

    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946

    Version 7.00.2872

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3651

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3651

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3651

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3651

    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945

    Version 8.00.6246

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3649

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3649

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3649

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3649

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943

    Version 7.00.2872

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3648

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3648

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3648

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3648

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942

    Version 8.00.6246

    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)

    SHS validation number 3347

    HMAC-SHA256 (Key Size Ranges Tested:  KSBS) SHS validation number 3347

    HMAC-SHA384 (Key Size Ranges Tested:  KSBS) SHS validation number 3347

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661

    Version 10.0.14393

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3347

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3347

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3347

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3347

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651

    Version 10.0.14393

    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    SHS validation number 3047

    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    SHS validation number 3047

    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    SHS validation number 3047

    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    SHS validation number 3047

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381

    Version 10.0.10586

    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    SHSvalidation number 2886

    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    SHSvalidation number 2886

    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
     SHSvalidation number 2886

    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    SHSvalidation number 2886

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233

    Version 10.0.10240

    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    SHS validation number 2373

    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    SHS validation number 2373

    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    SHS validation number 2373

    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    SHS validation number 2373

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

    Version 6.3.9600

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 2764

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 2764

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 2764

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 2764

    Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122

    Version 5.2.29344

    HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902

    HMAC-SHA256 (Key Size Ranges Tested: KS#1902

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS#1902

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS#1902

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS#1902

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS#1902

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
    SHS#1903

    HMAC-SHA256 (Key Size Ranges Tested: KSBS)
    SHS#1903

    HMAC-SHA384 (Key Size Ranges Tested: KSBS)
    SHS#1903

    HMAC-SHA512 (Key Size Ranges Tested: KSBS)
    SHS#1903

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 1773

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 1773
    Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 1773

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 1773

    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll), #1364

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 1774

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 1774

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 1774

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 1774

    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 1081

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 1081

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 1081

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 1081

    Windows Server 2008 R2 and SP1 CNG algorithms #686

    Windows 7 and SP1 CNG algorithms #677

    Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687

    Windows 7 Enhanced Cryptographic Provider (RSAENH) #673

    HMAC-SHA1(Key Sizes Ranges Tested: KSvalidation number 1081

    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 1081

    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 816

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 816

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 816

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 816

    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452

    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 753

    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 753

    Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 753

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 753

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 753

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 753

    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408

    Windows Vista Enhanced Cryptographic Provider (RSAENH) #407

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHS validation number 618

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 618

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 618

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 618

    Windows Vista Enhanced Cryptographic Provider (RSAENH) #297

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 785

    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429

    Windows XP, vendor-affirmed

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 783

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 783

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 783

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 783

    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 613

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 613

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 613

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 613

    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 610

    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 753

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 753

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 753

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 753

    Windows Server 2008 CNG algorithms #413

    Windows Vista Ultimate SP1 CNG algorithms #412

    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 737

    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 737

    Windows Vista Ultimate BitLocker Drive Encryption #386

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 618

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 618

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 618

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 618

    Windows Vista CNG algorithms #298

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 589

    HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHS validation number 589

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 589

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 589

    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 578

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 578

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 578

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 578

    Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260

    HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 495

    HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 495

    Windows Vista BitLocker Drive Encryption #199

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 364

    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99

    Windows XP, vendor-affirmed

    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 305

    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 305

    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 305

    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 305

    Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31

    Key Agreement Scheme (KAS)

    Modes / States / Key Sizes Algorithm Implementation and Certificate #
    KAS ECC:
    Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration

    Schemes:

    Full Unified:

  • Key Agreement Roles: Initiator, Responder
  • KDFs: Concatenation
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC
    Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734
  • Microsoft Surface Hub Virtual TPM Implementations #150

    Version 10.0.15063.674

    KAS ECC:
    Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration

    Schemes:

    Full Unified:

  • Key Agreement Roles: Initiator, Responder
  • KDFs: Concatenation
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC
    Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733
  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149

    Version 10.0.16299

    KAS ECC:
    Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration

    Schemes:

    Ephemeral Unified:

  • Key Agreement Roles: Initiator, Responder
  • KDFs: Concatenation
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC

    One-Pass DH:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC

    Static Unified:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC
    Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732

    KAS FFC:
    Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation

    Schemes:

    dhEphem:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC:

  • SHA: SHA-256
  • MAC: HMAC

    dhOneFlow:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC

  • SHA: SHA-256
  • MAC: HMAC

    dhStatic:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC:

  • SHA: SHA-256
  • MAC: HMAC
    Prerequisite: SHS #4011, DSA #1303, DRBG #1732
  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #148

    Version 10.0.15063.674

    KAS ECC:
    Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration

    Schemes:

    Ephemeral Unified:

  • Key Agreement Roles: Initiator, Responder
  • KDFs: Concatenation
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMA

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC

    One-Pass DH:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC

    Static Unified:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC
    Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731

    KAS FFC:
    Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation

    Schemes:

    dhEphem:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC:

  • SHA: SHA-256
  • MAC: HMAC

    dhOneFlow:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC

  • SHA: SHA-256
  • MAC: HMAC

    dhStatic:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC:

  • SHA: SHA-256
  • MAC: HMAC
    Prerequisite: SHS #4010, DSA #1302, DRBG #1731
  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147

    Version 10.0.15254

    KAS ECC:


    Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration

    Schemes:

    Ephemeral Unified:

  • Key Agreement Roles: Initiator, Responder
  • KDFs: Concatenation
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC

    One-Pass DH:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:EC:
  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC

    Static Unified:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    EC:

  • Curve: P-256
  • SHA: SHA-256
  • MAC: HMAC

    ED:

  • Curve: P-384
  • SHA: SHA-384
  • MAC: HMAC

    EE:

  • Curve: P-521
  • SHA: SHA-512
  • MAC: HMAC
    Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730

    KAS FFC:
    Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation

    Schemes:

    dhEphem:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC:

  • SHA: SHA-256
  • MAC: HMAC

    dhOneFlow:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC:

  • SHA: SHA-256
  • MAC: HMAC

    dhStatic:

  • Key Agreement Roles: Initiator, Responder
  • Parameter Sets:

    FB:

  • SHA: SHA-256
  • MAC: HMAC

    FC:

  • SHA: SHA-256
  • MAC: HMAC
    Prerequisite: SHS #4009, DSA #1301, DRBG #1730
  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146

    Version 10.0.16299

    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration) SCHEMES [FullUnified (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC)]

    SHS validation number 3790

    DSA validation number 1135

    DRBG validation number 1556

    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128

    Version 10.0.15063

    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)

    SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]

    [dhOneFlow (FB: SHA256) (FC: SHA256)]

    [dhStatic (No_KC < KARole(s): Initiator / Responder>) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]

    SHS validation number 3790

    DSA validation number 1223

    DRBG validation number 1555ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]

    [OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

    [StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

    SHS validation number 3790

    ECDSA validation number 1133DRBG validation number 1555

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127

    Version 10.0.15063

    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)

    SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]

    [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder>) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]

    SHS validation number 3649

    DSA validation number 1188

    DRBG validation number 1430

    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration)

    SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]

    [OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

    [StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115

    Version 7.00.2872

    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)

    SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]

    [dhHybridOneFlow (No_KC < KARole(s): Initiator / Responder>) (**FB:**SHA256 HMAC) (FC: SHA256   HMAC)]

    [dhStatic (No_KC < KARole(s): Initiator / Responder>) (**FB:**SHA256 HMAC) (FC: SHA256   HMAC)]

    SHS validation number 3648

    DSA validation number 1187

    DRBG validation number 1429

    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration)

    SCHEMES [EphemeralUnified (No_KC) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]

    [OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

    [StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

    SHS validation number 3648

    ECDSA validation number 1072

    DRBG validation number 1429

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114

    Version 8.00.6246

    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)

    SCHEMES  [FullUnified  (No_KC  < KARole(s): Initiator / Responder > < KDF: CONCAT >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC)]

    SHS validation number 3347 ECDSA validation number 920 DRBG validation number 1222

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93

    Version 10.0.14393

    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)

    SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]

    [dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  < KARole(s): Initiator / Responder >) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]

    SHS validation number 3347 DSA validation number 1098 DRBG validation number 1217

    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]

    [OnePassDH  (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

    [StaticUnified (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

    SHS validation number 3347 DSA validation number 1098 ECDSA validation number 911 DRBG validation number 1217 HMAC validation number 2651

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92

    Version 10.0.14393

    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]

    [dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  < KARole(s): Initiator / Responder >) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]

    SHS validation number 3047 DSA validation number 1024 DRBG validation number 955

    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]

    [OnePassDH  (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

    [StaticUnified (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

    SHS validation number 3047 ECDSA validation number 760 DRBG validation number 955

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72

    Version 10.0.10586

    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]

    [dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  < KARole(s): Initiator / Responder >) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]

    SHS validation number 2886 DSA validation number 983 DRBG validation number 868

    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]

    [OnePassDH  (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

    [StaticUnified (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

    SHS validation number 2886 ECDSA validation number 706 DRBG validation number 868

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64

    Version 10.0.10240

    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]

    [dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  < KARole(s): Initiator / Responder >) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]

    SHS validation number 2373 DSA validation number 855 DRBG validation number 489

    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]

    [OnePassDH  (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

    [StaticUnified (No_KC  < KARole(s): Initiator / Responder >) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

    SHS validation number 2373 ECDSA validation number 505 DRBG validation number 489

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47

    Version 6.3.9600

    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)

    (FA: SHA256) (FB: SHA256) (FC: SHA256)]

    [dhOneFlow (KARole(s): Initiator / Responder) (FA: SHA256) (FB: SHA256) (FC: SHA256)]

    [dhStatic (No_KC < KARole(s): Initiator / Responder>) (FA: SHA256 HMAC) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]

    SHS #1903 DSA validation number 687 DRBG #258

    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES

    [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]

    [OnePassDH(No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))]

    [StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]

    SHS #1903

    ECDSA validation number 341 DRBG #258

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36
    KAS (SP 800–56A)
  • Key Agreement: Key establishment methodology provides 80 bits to 256 bits of encryption strength
  • Windows 7 and SP1, vendor-affirmed

    Windows Server 2008 R2 and SP1, vendor-affirmed

    SP 800-108 Key-Based Key Derivation Functions (KBKDF)

    Modes / States / Key Sizes Algorithm Implementation and Certificate #
    Counter:

    MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384

    MAC prerequisite: HMAC #3271

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

    K prerequisite: DRBG #1734, KAS #150

  • Microsoft Surface Hub Virtual TPM Implementations #161

    Version 10.0.15063.674

    Counter:

    MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384

    MAC prerequisite: HMAC #3270

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

    K prerequisite: DRBG #1733, KAS #149

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160

    Version 10.0.16299

    Counter:

    MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

    MAC prerequisite: AES #4902, HMAC #3269

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

    K prerequisite: KAS #148

  • Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159

    Version 10.0.15063.674

    Counter:

    MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

    MAC prerequisite: AES #4901, HMAC #3268

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

    K prerequisite: KAS #147

  • Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158

    Version 10.0.15254

    Counter:

    MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

    MAC prerequisite: AES #4897, HMAC #3267

  • Counter Location: Before Fixed Data
  • R Length: 32 (bits)
  • SPs used to generate K: SP 800-56A, SP 800-90A

    K prerequisite: KAS #146

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157

    Version 10.0.16299

    CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256][HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))

    KAS validation number 128

    DRBG validation number 1556

    MAC validation number 3062

    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141

    Version 10.0.15063

    CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

    KAS validation number 127

    AES validation number 4624

    DRBG validation number 1555

    MAC validation number 3061

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140

    Version 10.0.15063

    CTR_Mode:  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))

    KAS validation number 93 DRBG validation number 1222 MAC validation number 2661

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102

    Version 10.0.14393

    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

    KAS validation number 92 AES validation number 4064 DRBG validation number 1217 MAC validation number 2651

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101

    Version 10.0.14393

    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

    KAS validation number 72 AES validation number 3629 DRBG validation number 955 MAC validation number 2381

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72

    Version 10.0.10586

    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

    KAS validation number 64 AES validation number 3497 RBG validation number 868 MAC validation number 2233

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66

    Version 10.0.10240

    CTR_Mode:  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

    DRBG validation number 489 MAC validation number 1773

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30

    Version 6.3.9600

    CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

    DRBG #258 HMAC validation number 1345

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3

    Random Number Generator (RNG)

    Modes / States / Key Sizes Algorithm Implementation and Certificate #
    FIPS 186-2 General Purpose
    [(x-Original); (SHA-1)]
    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
    FIPS 186-2
    [(x-Original); (SHA-1)]
    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060

    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292

    Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286

    Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66

    FIPS 186-2
    [(x-Change Notice); (SHA-1)]
    ; FIPS 186-2 General Purpose
    [(x-Change Notice); (SHA-1)]
    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649

    Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435

    Windows Vista RNG implementation #321

    FIPS 186-2 General Purpose
    [(x-Change Notice); (SHA-1)]
    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470

    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449

    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447

    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316

    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313

    FIPS 186-2
    [(x-Change Notice); (SHA-1)]
    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448

    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314

    RSA

    Modes / States / Key Sizes Algorithm Implementation and Certificate #
    RSA:

    186-4:

    Signature Generation PKCS1.5:

    Mod 2048 SHA: SHA-1,

  • SHA-256,
  • SHA-384

    Signature Generation PSS:

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)

    Signature Verification PKCS1.5:

    Mod 1024 SHA: SHA-1,

  • SHA-256,
  • SHA-384

    Mod 2048 SHA: SHA-1,

  • SHA-256,
  • SHA-384

    Signature Verification PSS:

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)

    Prerequisite: SHS #4011, DRBG #1734

  • Microsoft Surface Hub Virtual TPM Implementations #2677

    Version 10.0.15063.674

    RSA:

    186-4:

    Signature Generation PKCS1.5:

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384

    Signature Generation PSS:

    Mod 2048:

  • SHA-1: Salt Length: 240 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)

    Signature Verification PKCS1.5:

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384

    Signature Verification PSS:

    Mod 1024

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)

    Prerequisite: SHS #4009, DRBG #1733

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (

    Version 1709); Virtual TPM Implementations #2676

    Version 10.0.16299

    RSA:

    186-4:

    Key Generation:

    Signature Verification PKCS1.5:

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Prerequisite: SHS #4011, DRBG #1732

  • Microsoft Surface Hub RSA32 Algorithm Implementations #2675

    Version 10.0.15063.674

    RSA:

    186-4:

    Signature Verification PKCS1.5:

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Prerequisite: SHS #4009, DRBG #1730

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674

    Version 10.0.16299

    RSA:

    186-4:

    Signature Verification PKCS1.5:

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Prerequisite: SHS #4010, DRBG #1731

  • Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673

    Version 10.0.15254

    RSA:

    186-4:

    Key Generation:

  • Public Key Exponent: Fixed (10001)
  • Provable Primes with Conditions:

    Mod lengths: 2048, 3072 (bits)

    Primality Tests: C.3

    Signature Generation PKCS1.5:

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Generation PSS:

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Signature Verification PKCS1.5

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Verification PSS

    Mod 1024

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 496 (bits

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Prerequisite: SHS #4011, DRBG #1732

  • Microsoft Surface Hub MsBignum Cryptographic Implementations #2672

    Version 10.0.15063.674

    RSA:

    186-4:

    Key Generation:

    Probable Random Primes:

    Mod lengths: 2048, 3072 (bits)

    Primality Tests: C 2

    Signature Generation PKCS1.5:

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Generation PSS:

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Signature Verification PKCS1.5:

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Verification PSS:

    Mod 1024:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 496 (bits

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Prerequisite: SHS #4011, DRBG #1732

  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671

    Version 10.0.15063.674

    RSA:

    186-4:

    Key Generation:

    Probable Random Primes:

    Mod lengths: 2048, 3072 (bits)

    Primality Tests: C.2

    Signature Generation PKCS1.5:

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Generation PSS:

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Signature Verification PKCS1.5:

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Verification PSS:

    Mod 1024:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 496 (bits)

    Mod 2048

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Prerequisite: SHS #4010, DRBG #1731

  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670

    Version 10.0.15254

    RSA:

    186-4:

    Key Generation:

    Public Key Exponent: Fixed (10001)

    Provable Primes with Conditions:

    Mod lengths: 2048, 3072 (bits)

    Primality Tests: C.3

    Signature Generation PKCS1.5:

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Generation PSS:

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Signature Verification PKCS1.5

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Verification PSS:

    Mod 1024

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 496 (bits)

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Prerequisite: SHS #4010, DRBG #1731

  • Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669

    Version 10.0.15254

    186-4:

    Key Generation:

    Public Key Exponent: Fixed (10001)

    Provable Primes with Conditions:

    Mod lengths: 2048, 3072 (bits)

    Primality Tests: C.3

    Signature Generation PKCS1.5:

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Generation PSS:

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Signature Verification PKCS1.5

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Verification PSS:

    Mod 1024

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 496 (bits)

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Prerequisite: SHS #4009, DRBG #1730

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668

    Version 10.0.16299

    186-4:

    Key Generation

    Probable Random Primes:

    Mod lengths: 2048, 3072 (bits)

    Primality Tests: C.2

    Signature Generation PKCS1.5:

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-51

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Generation PSS:

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Signature Verification PKCS1.5:

    Mod 1024 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 2048 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Mod 3072 SHA:

  • SHA-1,
  • SHA-256,
  • SHA-384,
  • SHA-512

    Signature Verification PSS:

    Mod 1024:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 496 (bits)

    Mod 2048:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Mod 3072:

  • SHA-1: Salt Length: 160 (bits)
  • SHA-256: Salt Length: 256 (bits)
  • SHA-384: Salt Length: 384 (bits)
  • SHA-512: Salt Length: 512 (bits)

    Prerequisite: SHS #4009, DRBG #1730

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667

    Version 10.0.16299

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.

    SIG(ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))

    [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) **SIG(gen) with SHA-1 affirmed for use with protocols only.

    **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))

    SHA validation number 3790

    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524

    Version 10.0.15063

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3790

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523

    Version 10.0.15063

    FIPS186-4:

    186-4KEY(gen): FIPS186-4_Fixed_e (10001);

    PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))SIG(gen) with SHA-1 affirmed for use with protocols only.

    SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only.

    **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64

    SHA validation number 3790

    DRBG: validation number 1555

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522

    Version 10.0.15063

    FIPS186-4:

    186-4KEY(gen):PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.

    SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only.

    **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

    SHA validation number 3790

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521

    Version 10.0.15063

    FIPS186-2:
    ALG[ANSIX9.31]:
    SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 4096, SHS:

  • SHA-256validation number 3652,
  • SHA-384validation number 3652,
  • SHA-512validation number 3652, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652,
  • SHA-256validation number 3652,
  • SHA-384validation number 3652,
  • SHA-512validation number 3652

    FIPS186-4:
    ALG[ANSIX9.31]
    Sig(Gen): (2048 SHA(1)) (3072 SHA(1))SIG(gen) with SHA-1 affirmed for use with protocols only.SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only

    **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3652

  • Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415

    Version 7.00.2872

    FIPS186-2:
    ALG[ANSIX9.31]:
    SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 4096, SHS:

  • SHA-256validation number 3651,
  • SHA-384validation number 3651,
  • SHA-512validation number 3651SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651,
  • SHA-256validation number 3651,
  • SHA-384validation number 3651,
  • SHA-512validation number 3651

    FIPS186-4:
    ALG[ANSIX9.31]
    Sig(Gen): (2048 SHA(1)) (3072 SHA(1))SIG(gen) with SHA-1 affirmed for use with protocols only. SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.

    **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3651

  • Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414

    Version 8.00.6246

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 4096, SHS:

  • SHA-256validation number 3649,
  • SHA-384validation number 3649,
  • SHA-512validation number 3649SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3649,
  • SHA-256validation number 3649,
  • SHA-384validation number 3649,
  • SHA-512validation number 3649

    FIPS186-4:

    186-4KEY(gen): FIPS186-4_Fixed_e (10001);

    PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.

    **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3649

    DRBG: validation number 1430

  • Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412

    Version 7.00.2872

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 4096, SHS:

  • SHA-256validation number 3648,
  • SHA-384validation number 3648,
  • SHA-512validation number 3648, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3648,
  • SHA-256validation number 3648,
  • SHA-384validation number 3648,
  • SHA-512validation number 3648

    FIPS186-4:

    186-4KEY(gen): FIPS186-4_Fixed_e (10001);

    PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.

    **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3648

    DRBG: validation number 1429

  • Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411

    Version 8.00.6246

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))

    [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))

    SHA validation number 3347

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206

    Version 10.0.14393

    FIPS186-4:

    186-4KEY(gen): FIPS186-4_Fixed_e (10001

    PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

    SHA validation number 3347 DRBG: validation number 1217

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195

    Version 10.0.14393

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3346

    soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194

    Version 10.0.14393

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))

    SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3347 DRBG: validation number 1217

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193

    Version 10.0.14393

    FIPS186-4:
    [RSASSA-PSS]: Sig(Gen):
    (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))

    Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

    SHA validation number 3347 DRBG: validation number 1217

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192

    Version 10.0.14393

    FIPS186-4:

    186-4KEY(gen):  FIPS186-4_Fixed_e (10001);

    PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

    SHA validation number 3047 DRBG: validation number 955

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889

    Version 10.0.10586

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3048

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871

    Version 10.0.10586

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))

    SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 3047

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888

    Version 10.0.10586

    FIPS186-4:
    [RSASSA-PSS]: Sig(Gen)
    : (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

    Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

    SHA validation number 3047

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887

    Version 10.0.10586

    FIPS186-4:

    186-4KEY(gen): FIPS186-4_Fixed_e (10001);PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

    SHA validation number 2886 DRBG: validation number 868

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798

    Version 10.0.10240

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 2871

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784

    Version 10.0.10240

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 2871

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783

    Version 10.0.10240

    FIPS186-4:
    [RSASSA-PSS]:
    Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

    SHA validation number 2886

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802

    Version 10.0.10240

    FIPS186-4:

    186-4KEY(gen): FIPS186-4_Fixed_e;

    PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

    SHA validation number 2373 DRBG: validation number 489

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487

    Version 6.3.9600

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 2373

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494

    Version 6.3.9600

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

    SHA validation number 2373

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493

    Version 6.3.9600

    FIPS186-4:
    [RSASSA-PSS]:
    Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

    SHA validation number 2373

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519

    Version 6.3.9600

    FIPS186-4:
    ALG[RSASSA-PKCS1_V1_5]
    SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256)), SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))

    [RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512)), SHA #1903

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1134.

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134

    FIPS186-4:

    186-4KEY(gen): FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value

    PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

    SHA #1903 DRBG: #258

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133

    FIPS186-2:
    ALG[ANSIX9.31]:
    Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: #258
    ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256#1902,
  • SHA-384#1902,
  • SHA-512#1902,, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902,
  • SHA-256#1902, SHA-#1902,
  • SHA-512#1902,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1132.

  • Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132

    FIPS186-2:ALG[ANSIX9.31]: SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774
    ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 1774,
  • SHA-384validation number 1774,
  • SHA-512validation number 1774,SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774,
  • SHA-256validation number 1774,
  • SHA-384validation number 1774,
  • SHA-512validation number 1774,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1052.

  • Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052

    FIPS186-2:
    ALG[ANSIX9.31]:
    Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number 193
    ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 1773,
  • SHA-384validation number 1773,
  • SHA-512validation number 1773,SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1773,
  • SHA-256validation number 1773,
  • SHA-384validation number 1773,
  • SHA-512validation number 1773,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1051.

  • Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 1081,
  • SHA-384validation number 1081,
  • SHA-512validation number 1081,SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081,
  • SHA-256validation number 1081,
  • SHA-384validation number 1081,
  • SHA-512validation number 1081,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 568.

  • Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 1081,
  • SHA-384validation number 1081,
  • SHA-512validation number 1081, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081,
  • SHA-256validation number 1081,
  • SHA-384validation number 1081,
  • SHA-512validation number 1081,
    ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS:
  • SHA-256validation number 1081,
  • SHA-384validation number 1081,
  • SHA-512validation number 1081, SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081,
  • SHA-256validation number 1081,
  • SHA-384validation number 1081,
  • SHA-512validation number 1081

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 567. See Historical RSA List validation number 560.

  • Windows Server 2008 R2 and SP1 CNG algorithms #567

    Windows 7 and SP1 CNG algorithms #560

    FIPS186-2:
    ALG[ANSIX9.31]:
    Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number 23

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 559.

    Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 1081,
  • SHA-384validation number 1081,
  • SHA-512validation number 1081, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081,
  • SHA-256validation number 1081,
  • SHA-384validation number 1081,
  • SHA-512validation number 1081,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 557.

  • Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557

    FIPS186-2:
    ALG[ANSIX9.31]:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 816,
  • SHA-384validation number 816,
  • SHA-512validation number 816,SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 816,
  • SHA-256validation number 816,
  • SHA-384validation number 816,
  • SHA-512validation number 816,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 395.

  • Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395

    FIPS186-2:
    ALG[ANSIX9.31]:
    SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 783
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 783,
  • SHA-384validation number 783,
  • SHA-512validation number 783,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 371.

  • Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 753,
  • SHA-384validation number 753,
  • SHA-512validation number 753, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753,
  • SHA-256validation number 753,
  • SHA-384validation number 753,
  • SHA-512validation number 753,
    ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS:
  • SHA-256validation number 753,
  • SHA-384validation number 753,
  • SHA-512validation number 753, SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753,
  • SHA-256validation number 753,
  • SHA-384validation number 753,
  • SHA-512validation number 753

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 358. See Historical RSA List validation number 357.

  • Windows Server 2008 CNG algorithms #358

    Windows Vista SP1 CNG algorithms #357

    FIPS186-2:
    ALG[ANSIX9.31]:
    SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753
    ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 753,
  • SHA-384validation number 753,
  • SHA-512validation number 753, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753,
  • SHA-256validation number 753,
  • SHA-384validation number 753,
  • SHA-512validation number 753,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 355. See Historical RSA List validation number 354.

  • Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355

    Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354

    FIPS186-2:
    ALG[ANSIX9.31]:
    Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 353.

    Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353

    FIPS186-2:
    ALG[ANSIX9.31]:
    Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: validation number 321

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 258.

    Windows Vista RSA key generation implementation #258

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 618,
  • SHA-384validation number 618,
  • SHA-512validation number 618,SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618,
  • SHA-256validation number 618,
  • SHA-384validation number 618,
  • SHA-512validation number 618,
    ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS:
  • SHA-256validation number 618,
  • SHA-384validation number 618,
  • SHA-512validation number 618, SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618,
  • SHA-256validation number 618,
  • SHA-384validation number 618,
  • SHA-512validation number 618

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 257.

  • Windows Vista CNG algorithms #257

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:
    SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 618,
  • SHA-384validation number 618,
  • SHA-512validation number 618,, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618,
  • SHA-256validation number 618,
  • SHA-384validation number 618,
  • SHA-512validation number 618,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 255.

  • Windows Vista Enhanced Cryptographic Provider (RSAENH) #255

    FIPS186-2:
    ALG[ANSIX9.31]:
    SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613
    ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 613,
  • SHA-384validation number 613,
  • SHA-512validation number 613, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613,
  • SHA-256validation number 613,
  • SHA-384validation number 613,
  • SHA-512validation number 613,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 245.

  • Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245

    FIPS186-2:
    ALG[ANSIX9.31]:
    SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589
    ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 589,
  • SHA-384validation number 589,
  • SHA-512validation number 589,, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589,
  • SHA-256validation number 589,
  • SHA-384validation number 589,
  • SHA-512validation number 589,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 230.

  • Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230

    FIPS186-2:
    ALG[ANSIX9.31]:
    SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578
    ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 578,
  • SHA-384validation number 578,
  • SHA-512validation number 578,, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578,
  • SHA-256validation number 578,
  • SHA-384validation number 578,
  • SHA-512validation number 578,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 222.

  • Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222

    FIPS186-2:
    ALG[RSASSA-PKCS1_V1_5]:

    SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 364

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 81.

    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81

    FIPS186-2:
    ALG[ANSIX9.31]:
    SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305
    ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS:

  • SHA-256validation number 305,
  • SHA-384validation number 305,
  • SHA-512validation number 305,, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305,
  • SHA-256validation number 305,
  • SHA-384validation number 305,
  • SHA-512validation number 305,

    Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 52.

  • Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52

    FIPS186-2::

  • PKCS#1 v1.5, Signature generation, and verification
  • Mod sizes: 1024, 1536, 2048, 3072, 4096
  • SHS: SHA–1/256/384/512
  • Windows XP, vendor-affirmed

    Windows 2000, vendor-affirmed

    Secure Hash Standard (SHS)

    Modes / States / Key Sizes Algorithm Implementation and Certificate #

    SHA-1:
    Supports Empty Message

    SHA-256:
    Supports Empty Message

    SHA-384:
    Supports Empty Message

    SHA-512:
    Supports Empty Message

    Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011

    Version 10.0.15063.674

    SHA-1:
    Supports Empty Message

    SHA-256:
    Supports Empty Message

    SHA-384:
    Supports Empty Message

    SHA-512:
    Supports Empty Message

    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010

    Version 10.0.15254

    SHA-1:
    Supports Empty Message

    SHA-256:
    Supports Empty Message

    SHA-384:
    Supports Empty Message

    SHA-512:
    Supports Empty Message

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009

    Version 10.0.16299

  • SHA-1      (BYTE-only)
  • SHA-256  (BYTE-only)
  • SHA-384  (BYTE-only)
  • SHA-512  (BYTE-only)
  • Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790

    Version 10.0.15063

  • SHA-1      (BYTE-only)
  • SHA-256  (BYTE-only)
  • SHA-384  (BYTE-only)
  • SHA-512  (BYTE-only)
  • Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652

    Version 7.00.2872

  • SHA-1      (BYTE-only)
  • SHA-256  (BYTE-only)
  • SHA-384  (BYTE-only
  • SHA-512  (BYTE-only)
  • Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651

    Version 8.00.6246

  • SHA-1      (BYTE-only)
  • SHA-256  (BYTE-only)
  • SHA-384  (BYTE-only)
  • SHA-512  (BYTE-only)
  • Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649

    Version 7.00.2872

  • SHA-1      (BYTE-only)
  • SHA-256  (BYTE-only)
  • SHA-384  (BYTE-only)
  • SHA-512  (BYTE-only)
  • Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648

    Version 8.00.6246

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347

    Version 10.0.14393

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346

    Version 10.0.14393

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048

    Version 10.0.10586

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047

    Version 10.0.10586

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886

    Version 10.0.10240

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871

    Version 10.0.10240

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396

    Version 6.3.9600

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373

    Version 6.3.9600

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)

    Implementation does not support zero-length (null) messages.

  • Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774

    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081

    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816

  • SHA-1 (BYTE-only)
  • Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785

    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783
  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753

    Windows Vista Symmetric Algorithm Implementation #618

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • Windows Vista BitLocker Drive Encryption #737

    Windows Vista Beta 2 BitLocker Drive Encryption #495

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613

    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364

  • SHA-1 (BYTE-only)
  • Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611

    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610

    Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385

    Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371

    Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181

    Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177

    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176

  • SHA-1 (BYTE-only)
  • SHA-256 (BYTE-only)
  • SHA-384 (BYTE-only)
  • SHA-512 (BYTE-only)
  • Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589

    Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578

    Windows CE 5.00 and Windows CE 5.01 Enhanced

    Cryptographic Provider (RSAENH) #305

  • SHA-1 (BYTE-only)
  • Windows XP Microsoft Enhanced Cryptographic Provider #83

    Crypto Driver for Windows 2000 (fips.sys) #35

    Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32

    Windows 2000 RSAENH.DLL #24

    Windows 2000 RSABASE.DLL #23

    Windows NT 4 SP6 RSAENH.DLL #21

    Windows NT 4 SP6 RSABASE.DLL #20

    Triple DES

    Modes / States / Key Sizes Algorithm Implementation and Certificate #

    TDES-CBC:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-CFB64:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-CFB8:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-ECB:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1
  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558

    Version 10.0.15063.674

    TDES-CBC:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-CFB64:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-CFB8:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-ECB:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1
  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557

    Version 10.0.15254

    TDES-CBC:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-CFB64:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-CFB8:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1

    TDES-ECB:

  • Modes: Decrypt, Encrypt
  • Keying Option: 1
  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556

    Version 10.0.16299

    TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d) Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459

    Version 10.0.15063

    TECB(KO 1 e/d);TCBC(KO 1 e/d) Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384

    Version 8.00.6246

    TECB(KO 1 e/d);TCBC(KO 1 e/d) Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383

    Version 8.00.6246

    TECB(KO 1 e/d);TCBC(KO 1 e/d);CTR (int only) Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382

    Version 7.00.2872

    TECB(KO 1 e/d);TCBC(KO 1 e/d) Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381

    Version 8.00.6246

    TECB(KO 1 e/d);TCBC(KO 1 e/d);TCFB8(KO 1 e/d);TCFB64(KO 1 e/d) Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227

    Version 10.0.14393

    TECB(KO 1 e/d);TCBC(KO 1 e/d);TCFB8(KO 1 e/d);TCFB64(KO 1 e/d) Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024

    Version 10.0.10586

    TECB(KO 1 e/d);TCBC(KO 1 e/d);TCFB8(KO 1 e/d);TCFB64(KO 1 e/d) Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969

    Version 10.0.10240

    TECB(KO 1 e/d);TCBC(KO 1 e/d);TCFB8(KO 1 e/d);TCFB64(KO 1 e/d) Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692

    Version 6.3.9600

    TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2);TCFB64(e/d; KO 1, 2) Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387
    TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2) Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386
    TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2) Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846
    TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2) Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656
    TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2) Windows Vista Symmetric Algorithm Implementation #549
    Triple DES MAC Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmedWindows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed
    TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2) Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307

    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691

    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677

    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676

    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675

    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544

    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543

    Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526

    Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517

    Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381

    Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370

    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315

    Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201

    Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199

    Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192Windows XP Microsoft Enhanced Cryptographic Provider #81

    Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18Crypto Driver for Windows 2000 (fips.sys) #16

    SP 800-132 Password-Based Key Derivation Function (PBKDF)

    Modes / States / Key Sizes Algorithm Implementation and Certificate #
    PBKDF (vendor affirmed) Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
    (Software Version: 10.0.14393)

    Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
    (Software Version: 10.0.14393)

    Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
    (Software Version: 10.0.14393)
    PBKDF (vendor affirmed) Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
    (Software Version: 10.0.14393)

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed

    Component Validation List

    Publication / Component Validated / Description Implementation and Certificate #

    ECDSA SigGen:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: DRBG #489

  • Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540

    Version 6.3.9600

    RSASP1:

    Modulus Size: 2048 (bits)
    Padding Algorithms: PKCS 1.5

    Microsoft Surface Hub Virtual TPM Implementations #1519

    Version 10.0.15063.674

    RSASP1:

    Modulus Size: 2048 (bits)
    Padding Algorithms: PKCS 1.5

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518

    Version 10.0.16299

    RSADP:

    Modulus Size: 2048 (bits)

    Microsoft Surface Hub MsBignum Cryptographic Implementations #1517

    Version 10.0.15063.674

    RSASP1:

    Modulus Size: 2048 (bits)
    Padding Algorithms: PKCS 1.5

    Microsoft Surface Hub MsBignum Cryptographic Implementations #1516

    Version 10.0.15063.674

    ECDSA SigGen:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: DRBG #1732

  • Microsoft Surface Hub MsBignum Cryptographic Implementations #1515

    Version 10.0.15063.674

    ECDSA SigGen:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: DRBG #1732

  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514

    Version 10.0.15063.674

    RSADP:

    Modulus Size: 2048 (bits)

    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513

    Version 10.0.15063.674

    RSASP1:

    Modulus Size: 2048 (bits)
    Padding Algorithms: PKCS 1.5

    Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512

    Version 10.0.15063.674

    IKEv1:

  • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
  • Pre-shared Key Length: 64-2048

    Diffie-Hellman shared secrets:

  • Length: 2048 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 256 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 384 (bits)
  • SHA Functions: SHA-384

    Prerequisite: SHS #4011, HMAC #3269

    IKEv2:

  • Derived Keying Material length: 192-1792

    Diffie-Hellman shared secret:

  • Length: 2048 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 256 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 384 (bits)
  • SHA Functions: SHA-384

    Prerequisite: SHS #4011, HMAC #3269

    TLS:

  • Supports TLS 1.0/1.1
  • Supports TLS 1.2:

    SHA Functions: SHA-256, SHA-384

    Prerequisite: SHS #4011, HMAC #3269

  • Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511

    Version 10.0.15063.674

    ECDSA SigGen:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: DRBG #1731

  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510

    Version 10.0.15254

    RSADP:

    Modulus Size: 2048 (bits)

    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509

    Version 10.0.15254

    RSASP1:

    Modulus Size: 2048 (bits)
    Padding Algorithms: PKCS 1.5

    Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508

    Version 10.0.15254

    IKEv1:

  • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
  • Pre-shared Key Length: 64-2048

    Diffie-Hellman shared secret:

  • Length: 2048 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 256 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 384 (bits)
  • SHA Functions: SHA-384

    Prerequisite: SHS #4010, HMAC #3268

    IKEv2:

  • Derived Keying Material length: 192-1792

    Diffie-Hellman shared secret:

  • Length: 2048 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 256 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 384 (bits)
  • SHA Functions: SHA-384

    Prerequisite: SHS #4010, HMAC #3268

    TLS:

  • Supports TLS 1.0/1.1
  • Supports TLS 1.2:

    SHA Functions: SHA-256, SHA-384

    Prerequisite: SHS #4010, HMAC #3268

  • Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507

    Version 10.0.15254

    ECDSA SigGen:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: DRBG #1731

  • Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506

    Version 10.0.15254

    RSADP:

    Modulus Size: 2048 (bits)

    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505

    Version 10.0.15254

    RSASP1:

    Modulus Size: 2048 (bits)
    Padding Algorithms: PKCS 1.5

    Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504

    Version 10.0.15254

    ECDSA SigGen:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: DRBG #1730

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503

    Version 10.0.16299

    RSADP:

    Modulus Size: 2048 (bits)

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502

    Version 10.0.16299

    RSASP1:

    Modulus Size: 2048 (bits)
    Padding Algorithms: PKCS 1.5

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501

    Version 10.0.16299

    ECDSA SigGen:

  • P-256 SHA: SHA-256
  • P-384 SHA: SHA-384
  • P-521 SHA: SHA-512

    Prerequisite: DRBG #1730

  • Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499

    Version 10.0.16299

    RSADP:

    Modulus Size: 2048 (bits)

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498

    Version 10.0.16299

    RSASP1:

    Modulus Size: 2048 (bits)
    Padding Algorithms: PKCS 1.5

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497

    Version 10.0.16299

    IKEv1:

  • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
  • Pre-shared Key Length: 64-2048

    Diffie-Hellman shared secret:

  • Length: 2048 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 256 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 384 (bits)
  • SHA Functions: SHA-384

    Prerequisite: SHS #4009, HMAC #3267

    IKEv2:

  • Derived Keying Material length: 192-1792

    Diffie-Hellman shared secret:

  • Length: 2048 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 256 (bits)
  • SHA Functions: SHA-256

    Diffie-Hellman shared secret:

  • Length: 384 (bits)
  • SHA Functions: SHA-384

    Prerequisite: SHS #4009, HMAC #3267

    TLS:

  • Supports TLS 1.0/1.1
  • Supports TLS 1.2:

    SHA Functions: SHA-256, SHA-384

    Prerequisite: SHS #4009, HMAC #3267

  • Windows 10 Home, Pro, Enterprise, Education,Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

    Version 10.0.16299

    FIPS186-4 ECDSA

    Signature Generation of hash sized messages

    ECDSA SigGen Component: CURVES(P-256 P-384 P-521)

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284

    Version 10.0. 15063

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279

    Version 10.0. 15063

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922

    Version 10.0.14393

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894

    Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666

    Version 10.0.10586

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288

    Version 6.3.9600

    FIPS186-4 RSA; PKCS#1 v2.1

    RSASP1 Signature Primitive

    RSASP1: (Mod2048: PKCS1.5 PKCSPSS)

    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285

    Version 10.0.15063

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282

    Version 10.0.15063

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280

    Version 10.0.15063

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893

    Version 10.0.14393

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888

    Version 10.0.14393

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665

    Version 10.0.10586

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572

    Version  10.0.10240

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289

    Version 6.3.9600

    FIPS186-4 RSA; RSADP

    RSADP Primitive

    RSADP: (Mod2048)

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283

    Version 10.0.15063

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281

    Version 10.0.15063

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895

    Version 10.0.14393

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887

    Version 10.0.14393

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663

    Version 10.0.10586

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576

    Version  10.0.10240

    SP800-135

    Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

    Version 10.0.16299

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278

    Version 10.0.15063

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140

    Version 7.00.2872

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139

    Version 8.00.6246

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886

    Version 10.0.14393

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664

    Version 10.0.10586

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575

    Version  10.0.10240

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323

    Version 6.3.9600

    Contact

    fips@microsoft.com

    References