Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
CNG Reference
CNG Constants
 CNG Algorithm Identifiers
CNG Algorithm Identifiers

The following identifiers are used to identify standard encryption algorithms in various CNG functions and structures, such as the CRYPT_INTERFACE_REG structure. Third party providers may have additional algorithms that they support.

Constant/value Description

BCRYPT_3DES_ALGORITHM
"3DES"

The triple data encryption standard symmetric encryption algorithm.

Standard: FIPS 46-3, FIPS 81, SP800-38A

BCRYPT_3DES_112_ALGORITHM
"3DES_112"

The 112-bit triple data encryption standard symmetric encryption algorithm.

Standard: FIPS 46-3, FIPS 81, SP800-38A

BCRYPT_AES_ALGORITHM
"AES"

The advanced encryption standard symmetric encryption algorithm.

Standard: FIPS 197

BCRYPT_AES_GMAC_ALGORITHM
"AES-GMAC"

The advanced encryption standard (AES) Galois message authentication code (GMAC) symmetric encryption algorithm.

Standard: SP800-38D

Note  Only Windows Vista SP1 and Windows Server 2008 support this algorithm.

BCRYPT_DES_ALGORITHM
"DES"

The data encryption standard symmetric encryption algorithm.

Standard: FIPS 46-3, FIPS 81

BCRYPT_DESX_ALGORITHM
"DESX"

The extended data encryption standard symmetric encryption algorithm.

Standard: None

BCRYPT_DH_ALGORITHM
"DH"

The Diffie-Hellman key exchange algorithm.

Standard: PKCS #3

BCRYPT_DSA_ALGORITHM
"DSA"

The digital signature algorithm.

Standard: FIPS 186-2

BCRYPT_ECDH_P256_ALGORITHM
"ECDH_P256"

The 256-bit prime elliptic curve Diffie-Hellman key exchange algorithm.

Standard: SP800-56A

BCRYPT_ECDH_P384_ALGORITHM
"ECDH_P384"

The 384-bit prime elliptic curve Diffie-Hellman key exchange algorithm.

Standard: SP800-56A

BCRYPT_ECDH_P521_ALGORITHM
"ECDH_P521"

The 521-bit prime elliptic curve Diffie-Hellman key exchange algorithm.

Standard: SP800-56A

BCRYPT_ECDSA_P256_ALGORITHM
"ECDSA_P256"

The 256-bit prime elliptic curve digital signature algorithm (FIPS 186-2).

Standard: FIPS 186-2, X9.62

BCRYPT_ECDSA_P384_ALGORITHM
"ECDSA_P384"

The 384-bit prime elliptic curve digital signature algorithm (FIPS 186-2).

Standard: FIPS 186-2, X9.62

BCRYPT_ECDSA_P521_ALGORITHM
"ECDSA_P521"

The 521-bit prime elliptic curve digital signature algorithm (FIPS 186-2).

Standard: FIPS 186-2, X9.62

BCRYPT_MD2_ALGORITHM
"MD2"

The MD2 hash algorithm.

Standard: RFC 1319

BCRYPT_MD4_ALGORITHM
"MD4"

The MD4 hash algorithm.

Standard: RFC 1320

BCRYPT_MD5_ALGORITHM
"MD5"

The MD5 hash algorithm.

Standard: RFC 1321

BCRYPT_RC2_ALGORITHM
"RC2"

The RC2 block symmetric encryption algorithm.

Standard: RFC 2268

BCRYPT_RC4_ALGORITHM
"RC4"

The RC4 symmetric encryption algorithm.

Standard: Various

BCRYPT_RNG_ALGORITHM
"RNG"

The random-number generator algorithm.

Standard: FIPS 186-2, FIPS 140-2, NIST SP 800-90

Note  On Windows Vista SP1 and Windows Server 2008, the random number generator is based on the AES counter mode specified in the NIST SP 800-90 standard. On Windows Vista the random number generator is based on the hash-based random number generator specified in the FIPS 186-2 standard.

BCRYPT_RNG_DUAL_EC_ALGORITHM
"DUALECRNG"

The dual elliptic curve random-number generator algorithm.

Standard: SP800-90

Note  Only Windows Vista SP1 and Windows Server 2008 support this algorithm.

BCRYPT_RNG_FIPS186_DSA_ALGORITHM
"FIPS186DSARNG"

The random-number generator algorithm suitable for DSA (Digital Signature Algorithm).

Standard: FIPS 186-2

BCRYPT_RSA_ALGORITHM
"RSA"

The RSA public key algorithm.

Standard: PKCS#1 v1.5 and v2.0.

BCRYPT_RSA_SIGN_ALGORITHM
"RSA_SIGN"

The RSA signature algorithm. This algorithm is not currently supported. You can use the BCRYPT_RSA_ALGORITHM algorithm to perform RSA signing operations.

Standard: PKCS#1 v1.5 and v2.0.

BCRYPT_SHA1_ALGORITHM
"SHA1"

The 160-bit secure hash algorithm.

Standard: FIPS 180-2, FIPS 198

BCRYPT_SHA256_ALGORITHM
"SHA256"

The 256-bit secure hash algorithm.

Standard: FIPS 180-2, FIPS 198

BCRYPT_SHA384_ALGORITHM
"SHA384"

The 384-bit secure hash algorithm.

Standard: FIPS 180-2, FIPS 198

BCRYPT_SHA512_ALGORITHM
"SHA512"

The 512-bit secure hash algorithm.

Standard: FIPS 180-2, FIPS 198

Requirements

Client Requires Windows Vista.
Server Requires Windows Server 2008.
Header

Declared in Bcrypt.h.

Send comments about this topic to Microsoft

Build date: 5/22/2008

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Before chosing your algorithm      PaulB   |   Edit   |  
Please read Bruce Schneier's analysis of the BCRYPT_RNG_DUAL_EC_ALGORITHM "DUALECRNG" algorithm @ http://www.schneier.com/essay-198.html it could contain a weakness.
Tags What's this?: Add a tag
Flag as ContentBug
Windows usage of DUAL_EC_RNG      Don A. Glover   |   Edit   |  
DUAL_EC_RNG is an implementation of a NIST standard specified in Special Publication 800-90(http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf). It is never used by default in operating systems manufactured by Microsoft. Some theoretical concerns have been raised about it; however, to date, no one has shown a way to break the security of a cryptographic application that uses this PRNG. Specifically, no one has shown that a computer running Windows Server 2008 or Windows Vista and configured to use DUAL_EC_DRBG is easier to compromise in any way than one that uses the default settings. Nevertheless, we encourage each application programmer to do their own analysis before using this optional feature.
Tags What's this?: Add a tag
Flag as ContentBug
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker