Microsoft CryptoAPI

From Wikipedia, the free encyclopedia

The Microsoft Windows platform specific Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI) is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data. The Crypto API was first introduced in Windows NT 4.0[1] and enhanced in subsequent versions.

CryptoAPI supports both public-key and symmetric key cryptography, though persistent symmetric keys are not supported. It includes functionality for encrypting and decrypting data and for authentication using digital certificates. It also includes a cryptographically secure pseudorandom number generator function CryptGenRandom.

CryptoAPI works with a number of CSPs (Cryptographic Service Providers) installed on the machine. CSPs are the modules that do the actual work of encoding and decoding data by performing the cryptographic functions. Vendors of HSMs may supply a CSP which works with their hardware.

Cryptography API: Next Generation[edit]

Windows Vista features an update to the Crypto API known as Cryptography API: Next Generation (CNG). It has better API factoring to allow the same functions to work using a wide range of cryptographic algorithms, and includes a number of newer algorithms that are part of the National Security Agency (NSA) Suite B.[2] It is also flexible, featuring support for plugging custom cryptographic APIs into the CNG runtime. However, CNG Key Storage Providers still do not support symmetric keys.[3] CNG works in both user and kernel mode, and also supports all of the algorithms from the CryptoAPI. The Microsoft provider that implements CNG is housed in Bcrypt.dll.

CNG also supports elliptic curve cryptography which, because it uses shorter keys for the same expected level of security, is more efficient than RSA.[4] The CNG API integrates with the smart card subsystem by including a Base Smart Card Cryptographic Service Provider (Base CSP) module which encapsulates the smart card API. Smart card manufacturers just have to make their devices compatible with this, rather than provide a from-scratch solution.

CNG also adds support for Dual_EC_DRBG,[5] a pseudorandom number generator defined in NIST SP 800-90A that could expose the user to eavesdropping by the National Security Agency since it contains a kleptographic backdoor, unless the developer remembers to generate new base points with a different cryptographically secure pseudorandom number generator or a true random number generator and then publish the generated seed in order to remove the NSA backdoor. It is also very slow.[6] It is only used when called for explicitly.

CNG also replaces the default PRNG with CTR_DRBG using AES as the block cipher, because the earlier RNG which is defined in the now superseded FIPS 186-2 is based on either DES or SHA-1, both which have been broken.[7] CTR_DRBG is one of the two algorithms in NIST SP 800-90 endorsed by Schneier, the other being Hash_DRBG.[6]

See also[edit]


  1. ^ Poking Around Under the Hood: A Programmer's View of Windows NT 4.0
  2. ^ Suite B Archived 2009-02-07 at the Wayback Machine
  3. ^ Key Storage and Retrieval, Microsoft
  4. ^ The Case for Elliptic Curve Cryptography, NSA
  5. ^ Schneier, Bruce (December 17, 2007). "Dual_EC_DRBG Added to Windows Vista". Schneier on Security. Retrieved January 13, 2010.
  6. ^ a b Schneier, Bruce (November 15, 2007). "The Strange Story of Dual_EC_DRBG". Schneier on Security. Retrieved January 12, 2010.
  7. ^ "FIPS PUB 186-2" (PDF). Federal Information Processing Standards. National Institute of Standards and Technology. January 27, 2000. Retrieved January 13, 2010.

External links[edit]