Key Length Comparison

The Microsoft Enhanced Cryptographic Provider provides an application with stronger security than currently available with the Microsoft Base Cryptographic Provider. Greater key length gives users more protection for sensitive data.

The following table lists the default key lengths supported by the Base Provider and the Enhanced Provider for standard algorithms.

AlgorithmBase ProviderStrong and Enhanced Providers
RSA Key Exchange512-bit1,024-bit
RSA Signature512-bit1,024-bit
DESNot supported56-bit
Triple DES (2-key)Not supported112-bit
Triple DES (3-key)Not supported168-bit


DES and Triple DES algorithms are supported in the Enhanced Provider.

The Enhanced Provider is backward-compatible with the Base Provider distributed with earlier versions of CryptoAPI with the following exception. Both the base provider and the Enhanced Provider can only generate session keys of default key length. The default length of session keys for the Base Provider is 40 bits. The default key length for the Enhanced Provider is 128 bits. The Enhanced Provider cannot create keys with Base Provider-compatible key lengths. However, the Enhanced Provider can import key lengths of any size, up to 128 bits.