Share via


Key Length Comparison

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

When it is used, the Microsoft Enhanced Cryptographic Provider provides an application with stronger security than is currently available with the Microsoft RSA Base Cryptographic Provider. This provides users more protection for sensitive data .

The following table shows the minimum, default, and maximum key lengths by algorithm and provider.

Provider Algorithms Minimum key length Default key length Maximum key length

MS Base

RC4 and RC2

40

40

56

MS Base

DES

56

56

56

MS Enhanced

RC4 and RC2

40

128

128

MS Enhanced

DES

56

56

56

MS Enhanced

3DES 112

112

112

112

MS Enhanced

3DES

168

168

168

DSS/DH Base

RC4 and

40

40

56

DSS/DH Base

DES

56

56

56

DSS/DH Enh

RC4 and

40

128

128

DSS/DH Enh

DES

56

56

56

DSS/DH Enh

3DES

168

168

168

The Enhanced Provider is backward compatible with the Base Provider distributed with CryptoAPI 1.0, with the following exception. For session keys, both cryptographic service providers (CSP) are limited to generating and deriving keys of default key length: 40 bit for the Base Provider, and 128 bit for the Enhanced Provider, which precludes the Enhanced Provider from creating keys with Base Provider–compatible key lengths. However, the Enhanced Provider can import key lengths of any size, up to 128 bits.

Note

If you use the Microsoft RSA Base Provider to create a certification authority, your license to issue certificates is limited to certificates intended for use in the context of your particular application or service.

See Also

Concepts

Microsoft Cryptographic System
Microsoft RSA Base Provider
Microsoft Enhanced Cryptographic Provider

Other Resources

Cryptography
Certificates