Writing a CSP
A version of this page is also available for
4/8/2010
After you have decided which cryptographic algorithms and data formats to include in your CSP and you have obtained implementations for each of them, putting together a CSP is relatively straightforward.
To create a CSP
Create a DLL that exports all of the CSPI functions.
If your CSP has hardware elements, this might also involve writing a smart-card device driver and/or the embedded code that runs on the card.
Write a setup application for the CSP that creates the appropriate registry entries.
A CSP setup application must copy the CSP DLL to the \Windows\ directory and must create the appropriate registry entries.
Note
To test and debug the CSP prior to obtaining a digital signature, you can run the Platform Builder Kernel Debugger. This tool automatically disables signature verification. For more information, see Testing the CSP.
Have the CSP signed by Microsoft.
Your CSP must be signed by Microsoft in order to be loaded by CryptoAPI. This procedure is described in Getting a CSP Signed.
Test the CSP, as described in Testing the CSP.
To add the CSP to the OS design, make sure that the module is reflected in the FILES section of the DLL. If it is in the MODULES section, CryptoAPI cannot verify the signature on the file. Additionally, if the OEM adaptation layer (OAL) has enabled signature checking on all executable files, additional steps might be needed to exempt the CSP from those checks.
See Also
Reference
Concepts
About Cryptographic Service Provider
Microsoft Cryptographic System
Testing the CSP
Getting a CSP Signed