Events
May 19, 6 PM - May 23, 12 AM
Calling all developers, creators, and AI innovators to join us in Seattle @Microsoft Build May 19-22.
Register todayCNG Algorithm Identifiers
The following identifiers are used to identify standard encryption algorithms in various CNG functions and structures, such as the CRYPT_INTERFACE_REG structure. Third party providers may have additional algorithms that they support.
| Constant/value | Description |
|---|---|
|
The triple data encryption standard symmetric encryption algorithm. Standard: SP800-67, SP800-38A |
|
The 112-bit triple data encryption standard symmetric encryption algorithm. Standard: SP800-67, SP800-38A |
|
The advanced encryption standard symmetric encryption algorithm. Standard: FIPS 197 |
|
The advanced encryption standard (AES) cipher based message authentication code (CMAC) symmetric encryption algorithm. Standard: SP 800-38B Windows 8: Support for this algorithm begins. |
|
The advanced encryption standard (AES) Galois message authentication code (GMAC) symmetric encryption algorithm. Standard: SP800-38D Windows Vista: This algorithm is supported beginning with Windows Vista with SP1. |
|
Crypto API (CAPI) key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. |
|
The data encryption standard symmetric encryption algorithm. Standard: FIPS 46-3, FIPS 81 |
|
The extended data encryption standard symmetric encryption algorithm. Standard: None |
|
The Diffie-Hellman key exchange algorithm. Standard: PKCS #3 |
|
The digital signature algorithm. Standard: FIPS 186-2 Windows 8: Beginning with Windows 8, this algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3. |
|
The 256-bit prime elliptic curve Diffie-Hellman key exchange algorithm. Standard: SP800-56A |
|
The 384-bit prime elliptic curve Diffie-Hellman key exchange algorithm. Standard: SP800-56A |
|
The 521-bit prime elliptic curve Diffie-Hellman key exchange algorithm. Standard: SP800-56A |
|
The 256-bit prime elliptic curve digital signature algorithm (FIPS 186-2). Standard: FIPS 186-2, X9.62 |
|
The 384-bit prime elliptic curve digital signature algorithm (FIPS 186-2). Standard: FIPS 186-2, X9.62 |
|
The 521-bit prime elliptic curve digital signature algorithm (FIPS 186-2). Standard: FIPS 186-2, X9.62 |
|
The MD2 hash algorithm. Standard: RFC 1319 |
|
The MD4 hash algorithm. Standard: RFC 1320 |
|
The MD5 hash algorithm. Standard: RFC 1321 |
|
The RC2 block symmetric encryption algorithm. Standard: RFC 2268 |
|
The RC4 symmetric encryption algorithm. Standard: Various |
| BCRYPT_RNG_ALGORITHM "RNG" |
The random-number generator algorithm. Standard: FIPS 186-2, FIPS 140-2, NIST SP 800-90 Note: Beginning with Windows Vista with SP1 and Windows Server 2008, the random number generator is based on the AES counter mode specified in the NIST SP 800-90 standard. Windows Vista: The random number generator is based on the hash-based random number generator specified in the FIPS 186-2 standard. Windows 8: Beginning with Windows 8, the RNG algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3. |
|
The dual elliptic curve random-number generator algorithm. Standard: SP800-90. Windows 8: Beginning with Windows 8, the EC RNG algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3. Windows 10: Beginning with Windows 10, the dual elliptic curve random number generator algorithm has been removed. Existing uses of this algorithm will continue to work; however, the random number generator is based on the AES counter mode specified in the NIST SP 800-90 standard. New code should use BCRYPT_RNG_ALGORITHM, and it is recommended that existing code be changed to use BCRYPT_RNG_ALGORITHM. |
|
The random-number generator algorithm suitable for DSA (Digital Signature Algorithm). Standard: FIPS 186-2. Windows 8: Support for FIPS 186-3 begins. |
|
The RSA public key algorithm. Standard: PKCS #1 v1.5 and v2.0. |
|
The RSA signature algorithm. This algorithm is not currently supported. You can use the BCRYPT_RSA_ALGORITHM algorithm to perform RSA signing operations. Standard: PKCS #1 v1.5 and v2.0. |
|
The 160-bit secure hash algorithm. Standard: FIPS 180-2, FIPS 198. |
|
The 256-bit secure hash algorithm. Standard: FIPS 180-2, FIPS 198. |
|
The 384-bit secure hash algorithm. Standard: FIPS 180-2, FIPS 198. |
|
The 512-bit secure hash algorithm. Standard: FIPS 180-2, FIPS 198. |
|
Counter mode, hash-based message authentication code (HMAC) key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. |
|
SP800-56A key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. |
|
Password-based key derivation function 2 (PBKDF2) algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. |
|
Generic prime elliptic curve digital signature algorithm (see Remarks for more information). Standard: ANSI X9.62. |
|
Generic prime elliptic curve Diffie-Hellman key exchange algorithm (see Remarks for more information). Standard: SP800-56A. |
|
The advanced encryption standard symmetric encryption algorithm in XTS mode. Standard: SP-800-38E, IEEE Std 1619-2007. Windows 10: Support for this algorithm begins. |
To use BCRYPT_ECDSA_ALGORITM or BCRYPT_ECDH_ALGORITHM, call BCryptOpenAlgorithmProvider with either BCRYPT_ECDSA_ALGORITHM or BCRYPT_ECDH_ALGORITHM as the pszAlgId. Then use BCryptSetProperty to set the BCRYPT_ECC_CURVE_NAME property to a named algorithm listed in CNG Named Curves.
To provide user-defined elliptic curve parameters directly, use BCryptSetProperty to set the BCRYPT_ECC_PARAMETERS property. Download the Windows 10 Cryptographic Provider Developer Kit (CPDK) for more information.
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Header |
|