Cryptography Registry Settings

The registry stores information necessary to configure the system for applications and hardware devices. The registry also contains information that the operating system continually references during operation.

Note   The default registry values vary depending on which features are included in your platform. For more information, see Default Registry Settings.

The HKEY_LOCAL_MACHINE\Comm\Security\Crypto\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0 registry key specifies the Base cryptographic service provider. The following table shows the named values.

Value : type Description
Image Path : REG_SZ Default setting is "\\Windows\\rsaenh.dll".

Specifies the path to the DLL.

Signature : REG_DWORD No default setting.

Specifies the digital signature. This signature is provided in the resource file. Each microprocessor has its own specific signature.

Type : REG_DWORD Default setting is 00000001.

Specifies the service provider type.

The HKEY_LOCAL_MACHINE\Comm\Security\Crypto\Defaults\Provider\Microsoft Enhanced Cryptographic Provider v1.0 registry key specifies the Enhanced cryptographic service provider. The following table shows the named values.

Value : type Description
Image Path : REG_SZ Default setting is "\\Windows\\rsaenh.dll".

Specifies the path to the DLL.

Signature : REG_DWORD No default setting.

Specifies the digital signature. This registry value is not required if the signature is provided in the resource file. Note that each microprocessor has its own specific signature.

Type : REG_DWORD Default setting is 00000001.

Specifies the service provider type.

The HKEY_LOCAL_MACHINE\Comm\Security\Crypto\Defaults\Provider Types\Type 001 registry key specifies the default service provider name of Type 1 (PROV_RSA_FULL). The following table shows the named value.

Value : type Description
Name : REG_SZ Default setting is "Microsoft Enhanced Cryptographic Provider v1.0".

Specifies the name of the provider of the type given in the registry key. To specify the Base provider as the default provider, you can set this value to "Microsoft Base Cryptographic Provider v1.0".

For Windows CE .NET 4.2 and later the HKEY_LOCAL_MACHINE\Comm\Security\SystemCertificates\Root subkey specifies the local machine system root store location. The following table shows the named value.

Value Description
InitFile : REG_SZ Default setting is "\windows\sysroots.p7b".

Specifies the local path and filename containing the list of certificate authority. The file is in PKCS #7 format.

To initialize the other local machine system stores, replace the last path in the registry subkey with the name of the system store. For example, to intialize the MY system store, you add the following code to the project.reg file:

[HKEY_LOCAL_MACHINE\Comm\Security\SystemCertificates\MY]
   "InitFile"="<Local Path><Filename>"

For more information about system stores, see System Store Locations.

See Also

Cryptography | Microsoft Cryptographic System | Using Basic Cryptography Services | About Cryptographic Service Provider | Protected Store | Cryptography Security | Certificates

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.