Writing a CSP (Windows Embedded CE 6.0)
1/6/2010
Once you have decided which cryptographic algorithms and data formats to include in your CSP and you have obtained implementations for each of them, putting together a CSP is relatively straightforward.
To create a CSP
Create a DLL that exports all of the CSPI functions.
If your CSP has hardware elements, this might also involve writing a smart-card device driver and/or the embedded code that runs on the card.
Optionally insert a space for the digital signature in the CSP DLL as a resource. See Embedding the Digital Signature as a Resource.
Write a setup application for the CSP that creates the appropriate registry entries.
A CSP setup application must copy the CSP DLL to the \Windows\ directory and must create the appropriate registry entries.
Note
To test and debug the CSP prior to obtaining a digital signature, you can run the Platform Builder Kernel Debugger. This tool automatically disables signature verification. For more information, see Testing the CSP.
Have the CSP signed by Microsoft.
Your CSP must be signed by Microsoft in order to be loaded by CryptoAPI. The signature must be placed appropriately in the registry or a resource section of the DLL. This enables the CSP to be used with the released versions of Windows Embedded CE-based and Windows-based desktop run-time images. This procedure is described in Getting a CSP Signed.
Test the CSP, as described in Testing the CSP.
To add the CSP to the OS design, make sure that the module is reflected in the FILES section of the DLL. If it is in the MODULES section, CryptoAPI cannot verify the signature on the file. Additionally, if the OEM adaptation layer (OAL) has enabled signature checking on all executable files, additional steps might be needed to exempt the CSP from those checks.
See Also
Concepts
About Cryptographic Service Provider
Microsoft Cryptographic System
Embedding the Digital Signature as a Resource
Testing the CSP
Getting a CSP Signed