3 out of 14 rated this helpful Rate this topic

Microsoft Enhanced Cryptographic Provider

The Microsoft Enhanced Cryptographic Provider, called the Enhanced Provider, supports the same capabilities as the Microsoft Base Cryptographic Provider, called the Base Provider. The Enhanced Provider supports stronger security through longer keys and additional algorithms. It can be used with all versions of CryptoAPI.

To maintain backward compatibility with earlier provider versions, the provider name, as defined in the Wincrypt.h header file, retains the version 1.0 designation. However, version 2.0 of this provider is currently shipping. To determine the version of the provider in use, call CryptGetProvParam with the dwParam argument set to PP_VERSION. Version 2.0 is in use if 0x0200 is returned.

Provider type:	PROV_RSA_FULL
Provider name:	MS_ENHANCED_PROV

The following table highlights differences between the Base Provider, Strong Provider, and Enhanced Provider. The key lengths shown are the default key lengths.

Algorithm	Base Provider key length	Strong Provider key length	Enhanced Provider key length
RSA public key signature algorithm	512 bits	1,024 bits	1,024 bits
RSA public key exchange algorithm	512 bits	1,024 bits	1,024 bits
RC2 block encryption algorithm	40 bits	128 bits	128 bits Salt length can be set.
RC4 stream encryption algorithm	40 bits	128 bits	128 bits Salt length can be set.
DES	56 bits	56 bits	56 bits
Triple DES (2 key)	Not supported	112 bits	112 bits
Triple DES (3 key)	Not supported	168 bits	168 bits

The Strong Provider and the Enhanced Provider are backward-compatible with the Base Provider except that the providers can only generate RC2 or RC4 keys of default key length. The default length for the Base Provider is 40 bits. The default length for the Enhanced Provider is 128 bits. Thus the Enhanced Provider cannot create keys with Base Provider-compatible key lengths. However, the Enhanced Provider can import RC2 and RC4 keys of up to 128 bits. Therefore, the Enhanced Provider can import and use 40 bit keys generated using the Base Provider.

Send comments about this topic to Microsoft

Build date: 9/7/2011

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ

Maximum keyLengths

The table presented in the article compares the default key lengths employed by the different versions of the CSP but fails to note the more important aspect of Maximum key lenghts accepted :
- RSA public key signature algorithm : 16,384 for all versions
- RSA public key exchange algorithm : 1024 for Base CSP and 16,384 for Strong and Enhanced CSP

History

5/24/2009
AlexDrenea

8/12/2009
Thomas Lee

Please direct documentation feedback to Microsoft by using the feedback link

To submit feedback on the documentation, please use the feedback link on this page (see the "Send comments about this topic to Microsoft" link). Using the link notifies the writer who is responsible for this topic.

Thank you for your interest in improving Microsoft content.

History

8/12/2009
Jo Lines - MSFT