Key type and cryptographic service provider type

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Key type and cryptographic service provider type

Certificates contain public key information that is used to encrypt or verify the digital signature of information. Clients store this certificate in their certificate store and also store data that indicates which cryptographic service provider (CSP) stores the associated private key. This CSP could store the private key in memory, on disk, or on a hardware key store, such as a smart card. This allows the client to perform any public-key cryptography action based on the key pair. However, keys are created differently, depending on their purpose. Some keys will work for encrypting data but not signing data and vice versa. This is why key type and cryptographic service provider type must be configured correctly.

Key type

When a public/private key pair is generated, several types of keys can be created. Keys can be created to allow their use with encryption, digital signatures, or both. Certificate templates can be configured for a key purpose of encryption, signature, signature and encryption, or signature and smartcard logon. This setting is labeled Purpose in the Certificate Templates console.

Cryptographic service provider type

Cryptographic service providers (CSPs) are hardware and software components of Windows operating systems that provide generic cryptographic functions. These CSPs can be written to provide a variety of encryption and signature algorithms. Each of the CSPs that are configured to be used by a certificate template can potentially support different cryptographic algorithms and, therefore, different key lengths. This means that certificate templates must be configured to support one or more CSPs. Selecting specific CSPs allows the administrator to control what algorithms and key lengths are used with this certificate. Windows ServerĀ 2003 family includes a number of CSPs, and others can be added for enhanced functionality.