About Cryptographic Service Provider (Windows Embedded CE 6.0)

  • Article

1/6/2010

A cryptographic service provider (CSP) contains implementations of cryptographic standards and algorithms. At a minimum, a CSP consists of a dynamic-link library (DLL) that implements the functions in CryptoSPI. Most CSPs contain the implementation of all of their own functions; however, some CSPs implement their functions mainly in a service program based on Microsoft Win32 and managed by the Win32 service control manager. Others implement functions in hardware, such as a smart card or secure coprocessor. If a CSP does not implement its own functions, the DLL acts as a pass-through layer, facilitating the communication between the operating system and the actual CSP implementation.

Applications do not communicate directly with a CSP. Instead, applications call the CryptoAPI functions exposed by the operating system's Coredll.dll and Crypt32.dll files. The operating system filters these functions calls and passes them on to the appropriate CSP functions through CryptoSPI.

All custom CSPs must support all of the following DLL entry points. Each function in the table corresponds directly to a CryptoAPI function with the prefix of Crypt instead of CP. For example, CPCreateHash is the same as CryptCreateHash.

Function Description

CPAcquireContext

Acquires a handle to a particular key container within the CSP.

CPCreateHash

Creates a hash object and returns a handle to it.

CPDecrypt

Decrypts a section of ciphertext using the specified encryption key.

CPDeriveKey

Creates a key from a password.

CPDestroyHash

Destroys a hash object.

CPDestroyKey

Destroys a key.

CPDuplicateHash

Makes an exact copy of a hash object and the state the hash is in.

CPDuplicateKey

Makes an exact copy of a key, including the state of a key.

CPEncrypt

Encrypts a section of plaintext using the specified encryption key.

CPExportKey

Transfers a key from the CSP into a key BLOB in the application's memory.

CPGenKey

Creates a random key.

CPGenRandom

Generates random data.

CPGetHashParam

Retrieves a hash object parameter.

CPGetKeyParam

Retrieves a key's parameters.

CPGetProvParam

Retrieves attributes of the CSP.

CPGetUserKey

Gets a handle to the key exchange or signature key.

CPHashData

Hashes a block of data and adds it to the specified hash object.

CPHashSessionKey

Hashes a session key and adds it to the specified hash object.

CPImportKey

Transfers a key from a key BLOB to a CSP.

CPReleaseContext

Frees the handle acquired by CPAcquireContext.

CPSetHashParam

Sets a hash object parameter.

CPSetKeyParam

Specifies a key's parameters.

CPSetProvParam

Sets specific attributes of a CSP.

CPSignHash

Signs the specified hash object.

CPVerifySignature

Verifies a digital signature.

See Also

Concepts

Microsoft Cryptographic System
Using Basic Cryptography Services
Protected Store
Cryptography Security
Cryptography Registry Settings

Other Resources

Cryptography Application Development
Cryptography
Certificates