Events
Apr 8, 3 PM - May 28, 7 AM
Sharpen your AI skills and enter the sweepstakes to win a free Certification exam
Register now!Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following identifiers are used to identify standard encryption algorithms in various CNG functions and structures, such as the CRYPT_INTERFACE_REG structure. Third party providers may have additional algorithms that they support.
| Constant/value | Description |
|---|---|
| BCRYPT_3DES_ALGORITHM "3DES" |
The triple data encryption standard symmetric encryption algorithm. Standard: SP800-67, SP800-38A |
| BCRYPT_3DES_112_ALGORITHM "3DES_112" |
The 112-bit triple data encryption standard symmetric encryption algorithm. Standard: SP800-67, SP800-38A |
| BCRYPT_AES_ALGORITHM "AES" |
The advanced encryption standard symmetric encryption algorithm. Standard: FIPS 197 |
| BCRYPT_AES_CMAC_ALGORITHM "AES-CMAC" |
The advanced encryption standard (AES) cipher based message authentication code (CMAC) symmetric encryption algorithm. Standard: SP 800-38B Windows 8: Support for this algorithm begins. |
| BCRYPT_AES_GMAC_ALGORITHM "AES-GMAC" |
The advanced encryption standard (AES) Galois message authentication code (GMAC) symmetric encryption algorithm. Standard: SP800-38D Windows Vista: This algorithm is supported beginning with Windows Vista with SP1. |
| BCRYPT_CAPI_KDF_ALGORITHM L"CAPI_KDF" |
Crypto API (CAPI) key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. |
| BCRYPT_DES_ALGORITHM "DES" |
The data encryption standard symmetric encryption algorithm. Standard: FIPS 46-3, FIPS 81 |
| BCRYPT_DESX_ALGORITHM "DESX" |
The extended data encryption standard symmetric encryption algorithm. Standard: None |
| BCRYPT_DH_ALGORITHM "DH" |
The Diffie-Hellman key exchange algorithm. Standard: PKCS #3 |
| BCRYPT_DSA_ALGORITHM "DSA" |
The digital signature algorithm. Standard: FIPS 186-2 Windows 8: Beginning with Windows 8, this algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3. |
| BCRYPT_ECDH_P256_ALGORITHM "ECDH_P256" |
The 256-bit prime elliptic curve Diffie-Hellman key exchange algorithm. Standard: SP800-56A |
| BCRYPT_ECDH_P384_ALGORITHM "ECDH_P384" |
The 384-bit prime elliptic curve Diffie-Hellman key exchange algorithm. Standard: SP800-56A |
| BCRYPT_ECDH_P521_ALGORITHM "ECDH_P521" |
The 521-bit prime elliptic curve Diffie-Hellman key exchange algorithm. Standard: SP800-56A |
| BCRYPT_ECDSA_P256_ALGORITHM "ECDSA_P256" |
The 256-bit prime elliptic curve digital signature algorithm (FIPS 186-2). Standard: FIPS 186-2, X9.62 |
| BCRYPT_ECDSA_P384_ALGORITHM "ECDSA_P384" |
The 384-bit prime elliptic curve digital signature algorithm (FIPS 186-2). Standard: FIPS 186-2, X9.62 |
| BCRYPT_ECDSA_P521_ALGORITHM "ECDSA_P521" |
The 521-bit prime elliptic curve digital signature algorithm (FIPS 186-2). Standard: FIPS 186-2, X9.62 |
| BCRYPT_LMS_ALGORITHM L"LMS" |
Description should be Leighton-Micali Hash-Based Signature algorithm. Standard: RFC 8554. |
| BCRYPT_MD2_ALGORITHM "MD2" |
The MD2 hash algorithm. Standard: RFC 1319 |
| BCRYPT_MD4_ALGORITHM "MD4" |
The MD4 hash algorithm. Standard: RFC 1320 |
| BCRYPT_MD5_ALGORITHM "MD5" |
The MD5 hash algorithm. Standard: RFC 1321 |
| BCRYPT_MLDSA_44_ALGORITHM "ML-DSA-44" |
The ML-DSA-44 module-lattice digital signature algorithm. Standard: FIPS 204. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_MLDSA_65_ALGORITHM "ML-DSA-65" |
The ML-DSA-65 module-lattice digital signature algorithm. Standard: FIPS 204. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_MLDSA_87_ALGORITHM "ML-DSA-87" |
The ML-DSA-87 module-lattice digital signature algorithm. Standard: FIPS 204. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_MLKEM_ALGORITHM L"ML-KEM" |
The ML-KEM key encapsulization algorithm. Standard: FIPS 203. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_RC2_ALGORITHM "RC2" |
The RC2 block symmetric encryption algorithm. Standard: RFC 2268 |
| BCRYPT_RC4_ALGORITHM "RC4" |
The RC4 symmetric encryption algorithm. Standard: Various |
| BCRYPT_RNG_ALGORITHM "RNG" |
The random-number generator algorithm. Standard: FIPS 186-2, FIPS 140-2, NIST SP 800-90 Note: Beginning with Windows Vista with SP1 and Windows Server 2008, the random number generator is based on the AES counter mode specified in the NIST SP 800-90 standard. Windows Vista: The random number generator is based on the hash-based random number generator specified in the FIPS 186-2 standard. Windows 8: Beginning with Windows 8, the RNG algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3. |
| BCRYPT_RNG_DUAL_EC_ALGORITHM "DUALECRNG" |
The dual elliptic curve random-number generator algorithm. Standard: SP800-90. Windows 8: Beginning with Windows 8, the EC RNG algorithm supports FIPS 186-3. Keys less than or equal to 1024 bits adhere to FIPS 186-2 and keys greater than 1024 to FIPS 186-3. Windows 10: Beginning with Windows 10, the dual elliptic curve random number generator algorithm has been removed. Existing uses of this algorithm will continue to work; however, the random number generator is based on the AES counter mode specified in the NIST SP 800-90 standard. New code should use BCRYPT_RNG_ALGORITHM, and it is recommended that existing code be changed to use BCRYPT_RNG_ALGORITHM. |
| BCRYPT_RNG_FIPS186_DSA_ALGORITHM "FIPS186DSARNG" |
The random-number generator algorithm suitable for DSA (Digital Signature Algorithm). Standard: FIPS 186-2. Windows 8: Support for FIPS 186-3 begins. |
| BCRYPT_RSA_ALGORITHM "RSA" |
The RSA public key algorithm. Standard: PKCS #1 v1.5 and v2.0. |
| BCRYPT_RSA_SIGN_ALGORITHM "RSA_SIGN" |
The RSA signature algorithm. This algorithm is not currently supported. You can use the BCRYPT_RSA_ALGORITHM algorithm to perform RSA signing operations. Standard: PKCS #1 v1.5 and v2.0. |
| BCRYPT_SHA1_ALGORITHM "SHA1" |
The 160-bit secure hash algorithm. Standard: FIPS 180-2, FIPS 198. |
| BCRYPT_SHA256_ALGORITHM "SHA256" |
The 256-bit secure hash algorithm. Standard: FIPS 180-2, FIPS 198. |
| BCRYPT_SHA384_ALGORITHM "SHA384" |
The 384-bit secure hash algorithm. Standard: FIPS 180-2, FIPS 198. |
| BCRYPT_SHA512_ALGORITHM "SHA512" |
The 512-bit secure hash algorithm. Standard: FIPS 180-2, FIPS 198. |
| BCRYPT_SLHDSA_SHA2_128S_ALGORITHM L"SLH-DSA-SHA2-128s" |
The 128-bit stateless hash-based algorithm. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHAKE_128S_ALGORITHM L"SLH-DSA-SHAKE-128s" |
The 128-bit stateless hash-based algorithm with KECCAK. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHA2_128F_ALGORITHM L"SLH-DSA-SHA2-128f" |
The 128-bit stateless hash-based algorithm. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHAKE_128F_ALGORITHM L"SLH-DSA-SHAKE-128f" |
The 128-bit stateless hash-based algorithm with KECCAK. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHA2_192S_ALGORITHM L"SLH-DSA-SHA2-192s" |
The 192-bit stateless hash-based algorithm. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHAKE_192S_ALGORITHM L"SLH-DSA-SHAKE-192s" |
The 192-bit stateless hash-based algorithm with KECCAK. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHA2_192F_ALGORITHM L"SLH-DSA-SHA2-192f" |
The 192-bit stateless hash-based algorithm. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHAKE_192F_ALGORITHM L"SLH-DSA-SHAKE-192f" |
The 192-bit stateless hash-based algorithm with KECCAK. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHA2_256S_ALGORITHM L"SLH-DSA-SHA2-256s" |
The 256-bit stateless hash-based algorithm. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHAKE_256S_ALGORITHM L"SLH-DSA-SHAKE-256s" |
The 256-bit stateless hash-based algorithm with KECCAK. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHA2_256F_ALGORITHM L"SLH-DSA-SHA2-256f" |
The 256-bit stateless hash-based algorithm. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SLHDSA_SHAKE_256F_ALGORITHM L"SLH-DSA-SHAKE-256f" |
The 256-bit stateless hash-based algorithm with KECCAK. Standard: FIPS 205. Note: This identifier is part of a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. The identifier is available in pre-release versions of the Windows Insider Preview. |
| BCRYPT_SP800108_CTR_HMAC_ALGORITHM L"SP800_108_CTR_HMAC" |
Counter mode, hash-based message authentication code (HMAC) key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. |
| BCRYPT_SP80056A_CONCAT_ALGORITHM L"SP800_56A_CONCAT" |
SP800-56A key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. |
| BCRYPT_PBKDF2_ALGORITHM L"PBKDF2" |
Password-based key derivation function 2 (PBKDF2) algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. |
| BCRYPT_ECDSA_ALGORITHM "ECDSA" |
Generic prime elliptic curve digital signature algorithm (see the Remarks section for more information). Standard: ANSI X9.62. |
| BCRYPT_ECDH_ALGORITHM "ECDH" |
Generic prime elliptic curve Diffie-Hellman key exchange algorithm (see the Remarks section for more information). Standard: SP800-56A. |
| BCRYPT_XMSS_ALGORITHM L"XMSS" |
The eXtended Merkle Signature Scheme (XMSS) stateful hash-based signature algorithm. XMSS Standard: RFC 8391. |
| BCRYPT_XTS_AES_ALGORITHM "XTS-AES" |
The advanced encryption standard symmetric encryption algorithm in XTS mode. Standard: SP-800-38E, IEEE Std 1619-2007. Windows 10: Support for this algorithm begins. |
To use BCRYPT_ECDSA_ALGORITM or BCRYPT_ECDH_ALGORITHM, call BCryptOpenAlgorithmProvider with either BCRYPT_ECDSA_ALGORITHM or BCRYPT_ECDH_ALGORITHM as the pszAlgId. Then use BCryptSetProperty to set the BCRYPT_ECC_CURVE_NAME property to a named algorithm listed in CNG Named Curves.
To provide user-defined elliptic curve parameters directly, use BCryptSetProperty to set the BCRYPT_ECC_PARAMETERS property. Download the Windows 10 Cryptographic Provider Developer Kit (CPDK) for more information.
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Header |
|