Introducing Compliance to Suite B Cryptography

Suite B is a group of cryptographic algorithms that is approved by the United States National Security Agency (NSA). Whereas Suite A is intended for highly sensitive communication and critical authentication systems, Suite B is a publicly available set of algorithms that establish a cryptographic standard for software encryption. Suite B's components are:

• Advanced Encryption Standard (AES-128 and AES-256)
  
  
• Elliptic Curve Digital Signature Algorithm (ECDSA)
  
  
• Elliptic Curve Diffie-Hellman (ECDH)
  
  
• Secure Hash Algorithm (SHA-256 and SHA-384)
  
  

Support for Suite B cryptographic algorithms was added in Windows Vista Service Pack 1 (SP1) and in Windows Server 2008 with the introduction of Cryptography Next Generation (CNG). For Windows 7 and Windows Server 2008 R2, several security technologies use Suite B algorithms, including:

• Transport Security Layer (TLS) authentication protocol (implemented in the Schannel authentication package)
  
  For more information about what's new in TLS, see Introducing TLS v1.2.
  
  
• Encrypting File System (EFS)
  
  

For additional resources about Suite B and CNG, see:

• Cryptography Next Generation
  
  
• CNG Features
  
  
• Description of the support for Suite B cryptographic algorithms that was added in Windows Vista Service Pack 1 and in Windows Server 2008
  
  
• Fact Sheet NSA Suite B Cryptography