Investigating the Advanced Cryptographic Algorithms
Applies To: Windows Server 2008
The Certificate Enrollment control includes support for the CNG algorithms including ECC, AES, and SHA2. The CCspInformations collection provides access to all the supported Cryptographic Support Providers (CSPs) on a computer that allows enumeration of each supported algorithm.
The following code snippet shows how to dump all the different providers to a delimited text file together with supported algorithms and key sizes.
C#:
CCspInformations CspInformations = new CCspInformations();
CspInformations.AddAvailableCsps();
Console.WriteLine("CSP Name,CSP Type,Algorithm Name,Algorithm Long Name,Min Len,Max Len,Increment,Algorithm Operations,Algorithm Type");
for (int i = 0; i < CspInformations.Count; i++)
{
CCspInformation csp = CspInformations[i];
foreach (ICspAlgorithm alg in csp.CspAlgorithms)
{
for (uint j = 1; j < 0x80000000; j *= 2)
{
if (((uint)alg.Operations & j) != 0)
{
Console.WriteLine(csp.Name + "," + csp.Type + "," + alg.Name + "," + alg.LongName + "," + alg.MinLength + "," + alg.MaxLength + "," + alg.IncrementLength + "," + (AlgorithmOperationFlags)j + "," + alg.Type);
}
}
}
}
C++:
ICspInformations* pCspInformations = NULL;
HRESULT hr = S_OK;
// Create IX509CertificateRequestCmc
hr = CoCreateInstance(
__uuidof(CCspInformations),
NULL, // pUnkOuter
CLSCTX_INPROC_SERVER,
__uuidof(ICspInformations),
(void **) &pCspInformations);
_JumpIfError(hr, error, _T("CoCreateInstance CCspInformations"));
hr = pCspInformations->AddAvailableCsps();
_JumpIfError(hr, error, _T("pCspInformations->AddAvailableCsps"));
_tprintf( _T("CSP Name,CSP Type,Algorithm Name,Algorithm Long Name,Min Len,Max Len,Increment,Algorithm Type,Operations\n"));
long CSPCount = 0;
hr = pCspInformations->get_Count( &CSPCount );
_JumpIfError(hr, error, _T("pCspInformations->get_Count"));
ICspInformation* pCspInformation = NULL;
ICspAlgorithms* pCspAlgorithms = NULL;
ICspAlgorithm* pCspAlgorithm = NULL;
BSTR CspName = NULL;
X509ProviderType ProviderType;
BSTR AlgName = NULL;
AlgorithmType AlgType;
AlgorithmOperationFlags Operations;
long MinLength, MaxLength, IncrementLength;
for (int i = 0; i < CSPCount; i++)
{
hr = pCspInformations->get_ItemByIndex(i, &pCspInformation );
_JumpIfError(hr, error, _T("pCspInformations->get_ItemByIndex"));
hr = pCspInformation->get_CspAlgorithms( &pCspAlgorithms );
_JumpIfError(hr, error, _T("pCspInformation->get_CspAlgorithms"));
long AlgCount = 0;
hr = pCspAlgorithms->get_Count( &AlgCount );
_JumpIfError(hr, error, _T("pCspAlgorithms->get_Count"));
hr = pCspInformation->get_Name( &CspName );
_JumpIfError(hr, error, _T("pCspInformation->get_Name"));
hr = pCspInformation->get_Type( &ProviderType );
_JumpIfError(hr, error, _T("pCspInformation->get_Type"));
for ( int alg=0; alg < AlgCount; alg++ )
{
_tprintf( _T("%s,"), CspName );
_tprintf( _T("%d,"), ProviderType );
hr = pCspAlgorithms->get_ItemByIndex( alg, &pCspAlgorithm );
_JumpIfError(hr, error, _T("pCspAlgorithms->get_ItemByIndex"));
hr = pCspAlgorithm->get_Name( &AlgName );
_JumpIfError(hr, error, _T("pCspAlgorithm->get_Name"));
_tprintf( _T("%s,"), AlgName );
SysFreeString(AlgName);
AlgName = NULL;
hr = pCspAlgorithm->get_LongName( &AlgName );
_JumpIfError(hr, error, _T("pCspAlgorithm->get_LongName"));
_tprintf( _T("%s,"), AlgName );
SysFreeString(AlgName);
AlgName = NULL;
hr = pCspAlgorithm->get_MinLength( &MinLength );
_JumpIfError(hr, error, _T("pCspAlgorithm->get_MinLength"));
_tprintf( _T("%d,"), MinLength );
hr = pCspAlgorithm->get_MaxLength( &MaxLength );
_JumpIfError(hr, error, _T("pCspAlgorithm->get_MaxLength"));
_tprintf( _T("%d,"), MaxLength );
hr = pCspAlgorithm->get_IncrementLength( &IncrementLength );
_JumpIfError(hr, error, _T("pCspAlgorithm->get_IncrementLength"));
_tprintf( _T("%d,"), IncrementLength );
hr = pCspAlgorithm->get_Type( &AlgType );
_JumpIfError(hr, error, _T("pCspAlgorithm->get_Type"));
_tprintf( _T("%d,"), AlgType );
hr = pCspAlgorithm->get_Operations( &Operations );
_JumpIfError(hr, error, _T("pCspAlgorithm->get_Operations"));
_tprintf( _T("0x%x\n"), Operations );
}
SysFreeString(CspName);
CspName = NULL;
}
error:
SysFreeString(CspName);
SysFreeString(AlgName);
if ( pCspAlgorithm != NULL ) pCspAlgorithm->Release();
if ( pCspAlgorithms != NULL ) pCspAlgorithms->Release();
if ( pCspInformation != NULL ) pCspInformation->Release();
if (NULL != pCspInformations) pCspInformations->Release();
return;
VBScript:
Dim CspInformations, i, csp, alg
Set CspInformations = CreateObject( "X509Enrollment.CCspInformations" )
CspInformations.AddAvailableCsps
WScript.echo "CSP Name,CSP Type,Algorithm Name,Algorithm Long Name,Min Len,Max Len,Increment,Algorithm Operations,Algorithm Type"
For i = 0 To CspInformations.Count-1
Set csp = CspInformations(i)
For Each alg In csp.CspAlgorithms
WScript.echo csp.Name + "," + CStr(csp.Type) + "," + alg.Name + "," + alg.LongName + "," + CStr(alg.MinLength) + "," + CStr(alg.MaxLength) + "," + CStr(alg.IncrementLength) + "," + CStr(alg.Operations) + "," + CStr(alg.Type)
Next
Next
VB.NET:
Dim CspInformations As CCspInformations = New CCspInformationsClass
CspInformations.AddAvailableCsps()
Console.WriteLine("CSP Name,CSP Type,Algorithm Name,Algorithm Long Name,Min Len,Max Len,Increment,Algorithm Operations,Algorithm Type")
Dim i As Integer = 0
Do While (i < CspInformations.Count)
Dim csp As CCspInformation = CspInformations.ItemByIndex(i)
Dim alg As ICspAlgorithm
For Each alg In csp.CspAlgorithms
Dim j As AlgorithmOperationFlags = AlgorithmOperationFlags.XCN_NCRYPT_CIPHER_OPERATION
Do While j <= AlgorithmOperationFlags.XCN_NCRYPT_PREFERENCE_MASK_OPERATION
If alg.Operations And j Then
Console.WriteLine(String.Concat(New Object() {csp.Name, ",", csp.Type, ",", alg.Name, ",", alg.LongName, ",", alg.MinLength, ",", alg.MaxLength, ",", alg.IncrementLength, ",", alg.Operations And j, ",", alg.Type}))
End If
j = j * 2
Loop
Next
i += 1
Loop
The Microsoft Software Key Storage Provider supports the following algorithms and minimum and maximum key sizes.
Algorithm Name | Minimum Length | Maximum Length |
---|---|---|
RSA |
512 |
16384 |
DH |
384 |
4096 |
DSA |
512 |
1024 |
ECDH_P256 |
256 |
256 |
ECDH_P384 |
384 |
384 |
ECDH_P521 |
521 |
521 |
ECDSA_P256 |
256 |
256 |
ECDSA_P384 |
384 |
384 |
ECDSA_P521 |
521 |
521 |
AES |
128 |
256 |
RC2 |
40 |
128 |
RC4 |
40 |
512 |
DES |
64 |
64 |
3DES |
192 |
192 |
SHA1 |
0 |
0 |
MD2 |
0 |
0 |
MD4 |
0 |
0 |
MD5 |
0 |
0 |
SHA256 |
0 |
0 |
SHA384 |
0 |
0 |
SHA512 |
0 |
0 |