Cryptographic Key Lengths (Compact 2013)
3/28/2014
The Microsoft Enhanced Cryptographic Provider (Enhanced Provider) provides an application with stronger security than was available with the Microsoft RSA Base Cryptographic Provider (Base Provider). This provides users more protection for sensitive data.
The following table shows the minimum, default, and maximum key lengths by algorithm and provider.
Provider |
Algorithms |
Minimum key length |
Default key length |
Maximum key length |
|---|---|---|---|---|
MS Enhanced |
RC4 and RC2 |
40 |
128 |
128 |
MS Enhanced |
DES |
56 |
56 |
56 |
MS Enhanced |
3DES 112 |
112 |
112 |
112 |
MS Enhanced |
3DES |
168 |
168 |
168 |
DSS/DH Base |
RC4 and |
40 |
40 |
56 |
DSS/DH Base |
DES |
56 |
56 |
56 |
DSS/DH Enh |
RC4 and |
40 |
128 |
128 |
DSS/DH Enh |
DES |
56 |
56 |
56 |
DSS/DH Enh |
3DES |
168 |
168 |
168 |
Note
Although the RC2/40 algorithm is included in Windows Embedded Compact 2013, it will not be supported in later versions. Until then, it can be used in CE operating systems for legacy purposes, except where it was removed from the S/MIME feature.
The Enhanced Provider is backward compatible with the Base Provider distributed with Cryptographic API (CryptoAPI) 1.0, with the following exception. For session keys, both cryptographic service providers (CSP) are limited to generating and deriving keys of default key length: 40 bit for the Base Provider, and 128 bit for the Enhanced Provider, which precludes the Enhanced Provider from creating keys with Base Provider-compatible key lengths. However, the Enhanced Provider can import key lengths of any size, up to 128 bits.