140 SP 1894

EnhancedCryptographicProvider
SecurityPolicy
forFIPS1402Validation
MicrosoftWindows8
MicrosoftWindowsServer2012
MicrosoftWindowsRT
MicrosoftSurfaceWindowsRT
MicrosoftSurfaceWindows8Pro
MicrosoftWindowsPhone8
MicrosoftWindowsStorageServer2012

Enhanced Cryptographic Provider

(RSAENH.DLL)
DOCUMENTINFORMATION

VersionNumber 1.2
UpdatedOn December17,2014

2014Microsoft.AllRightsReserved Page1of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
The information contained in this document

represents the current view of Microsoft Corporation
on the issues discussed as of the date of publication.
Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft
cannot guarantee the accuracy of any information
presented after the date of publication.
This document is for informational purposes only.

MICROSOFT MAKES NO WARRANTIES, EXPRESS
OR IMPLIED, AS TO THE INFORMATION IN THIS
DOCUMENT.
Complying with all applicable copyright laws is the

responsibility of the user. This work is licensed under
the Creative Commons Attribution-NoDerivs-
NonCommercial License (which allows redistribution
of the work). To view a copy of this license, visit
http://creativecommons.org/licenses/by-nd-nc/1.0/ or
send a letter to Creative Commons, 559 Nathan
Abbott Way, Stanford, California 94305, USA.
Microsoft may have patents, patent applications,

trademarks, copyrights, or other intellectual property
rights covering subject matter in this document.
Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this
document does not give you any license to these
patents, trademarks, copyrights, or other intellectual
property.
2014 Microsoft Corporation. All rights reserved.
Microsoft, Windows, the Windows logo, Windows

Server, and BitLocker are either registered
trademarks or trademarks of Microsoft Corporation in
the United States and/or other countries.
The names of actual companies and products

mentioned herein may be the trademarks of their
respective owners.
TABLEOFCONTENTS
1 INTRODUCTION....................................................................................................................6
1.1 LISTOFCRYPTOGRAPHICMODULEBINARYEXECUTABLES...................................................................6
1.2 BRIEFMODULEDESCRIPTION.......................................................................................................6
1.3 VALIDATEDPLATFORMS.............................................................................................................6
1.4 CRYPTOGRAPHICBOUNDARY.......................................................................................................7
2 SECURITYPOLICY..................................................................................................................7
2.1 FIPS1402APPROVEDALGORITHMS............................................................................................9
2.2 NONAPPROVEDALGORITHMS....................................................................................................9
2.3 CRYPTOGRAPHICBYPASS..........................................................................................................10
2.4 MACHINECONFIGURATIONS......................................................................................................10
3 OPERATIONALENVIRONMENT............................................................................................10
4 INTEGRITYCHAINOFTRUST................................................................................................10
5 PORTSANDINTERFACES.....................................................................................................11
5.1 CONTROLINPUTINTERFACE.......................................................................................................11
5.2 STATUSOUTPUTINTERFACE......................................................................................................11
5.3 DATAOUTPUTINTERFACE.........................................................................................................11
5.4 DATAINPUTINTERFACE............................................................................................................11
6 SPECIFICATIONOFROLES....................................................................................................11
6.1 MAINTENANCEROLES..............................................................................................................11
6.2 MULTIPLECONCURRENTINTERACTIVEOPERATORS.........................................................................12
6.3 DATAACCESS.........................................................................................................................12
6.4 SHOWSTATUSSERVICES...........................................................................................................12
6.5 SELFTESTSERVICES.................................................................................................................12
6.6 SERVICEINPUTS/OUTPUTS......................................................................................................12
7 SERVICES.............................................................................................................................12
7.1 KEYSTORAGESERVICES............................................................................................................12
7.1.1 CRYPTACQUIRECONTEXT..................................................................................................................12
7.1.2 CRYPTGETPROVPARAM....................................................................................................................13
7.1.3 CRYPTSETPROVPARAM....................................................................................................................13
7.1.4 CRYPTRELEASECONTEXT...................................................................................................................13
7.2 KEYGENERATIONANDEXCHANGESERVICES.................................................................................13
7.2.1 CRYPTDERIVEKEY............................................................................................................................13
7.2.2 CRYPTDESTROYKEY..........................................................................................................................14
7.2.3 CRYPTEXPORTKEY............................................................................................................................14
7.2.4 CRYPTGENKEY................................................................................................................................14
7.2.5 CRYPTGENRANDOM........................................................................................................................14
7.2.6 CRYPTGETKEYPARAM......................................................................................................................15
7.2.7 CRYPTGETUSERKEY.........................................................................................................................15
7.2.8 CRYPTIMPORTKEY...........................................................................................................................15
7.2.9 CRYPTSETKEYPARAM.......................................................................................................................15
7.2.10 CRYPTDUPLICATEKEY.......................................................................................................................15
7.3 DATAENCRYPTIONANDDECRYPTIONSERVICES.............................................................................15
7.3.1 CRYPTDECRYPT...............................................................................................................................16
7.3.2 CRYPTENCRYPT...............................................................................................................................16
7.4 HASHINGANDDIGITALSIGNATURESERVICES................................................................................16
7.4.1 CRYPTCREATEHASH.........................................................................................................................16
7.4.2 CRYPTDESTROYHASH.......................................................................................................................16
7.4.3 CRYPTGETHASHPARAM....................................................................................................................17
7.4.4 CRYPTHASHDATA............................................................................................................................17
7.4.5 CRYPTHASHSESSIONKEY...................................................................................................................17
7.4.6 CRYPTSETHASHPARAM....................................................................................................................17
7.4.7 CRYPTSIGNHASH.............................................................................................................................17
7.4.8 CRYPTVERIFYSIGNATURE..................................................................................................................18
7.4.9 CRYPTDUPLICATEHASH.....................................................................................................................18
8 AUTHENTICATION...............................................................................................................18
9 SECURITYRELEVANTDATAITEMS.......................................................................................18
9.1 ACCESSCONTROLPOLICY.........................................................................................................19
9.2 KEYMATERIAL.......................................................................................................................19
9.3 KEYGENERATION....................................................................................................................19
9.4 KEYENTRYANDOUTPUT..........................................................................................................20
9.5 KEYSTORAGE.........................................................................................................................20
9.6 KEYARCHIVAL........................................................................................................................21
9.7 KEYDESTRUCTION...................................................................................................................21
10 SELFTESTS..........................................................................................................................21
10.1 POWERONSELFTESTS............................................................................................................21
10.2 CONDITIONALSELFTESTS.........................................................................................................21
11 DESIGNASSURANCE............................................................................................................21
12 MISCELLANEOUS.................................................................................................................23
12.1 OPERATORAUTHENTICATION....................................................................................................23
12.2 MODULAREXPOFFLOAD...........................................................................................................23
13 MITIGATIONOFOTHERATTACKS........................................................................................24
14 ADDITIONALDETAILS..........................................................................................................24
15 APPENDIXAHOWTOVERIFYWINDOWSVERSIONSANDDIGITALSIGNATURES...............25
15.1 HOWTOVERIFYWINDOWSVERSIONS.........................................................................................25
15.2 HOWTOVERIFYWINDOWSDIGITALSIGNATURES..........................................................................25
1 Introduction
TheMicrosoftCorporationsWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer
2012,andWindowsPhone8EnhancedCryptographicProviderisaFIPS1402Level1compliant,
softwarebased,cryptographicserviceprovider.Likeothercryptographicprovidersthatshipwith
MicrosoftWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer2012,andWindows
Phone8,EnhancedCryptographicProviderencapsulatesseveraldifferentcryptographicalgorithmsinan
easytousecryptographicmoduleaccessibleviatheMicrosoftCryptoAPI.Softwaredeveloperscan
dynamicallylinktheMicrosoftEnhancedCryptographicProvidermoduleintotheirapplicationsto
provideFIPS1402compliantcryptographicsupport.
1.1 List of Cryptographic Module Binary Executables

RSAENH.DLLVersion6.2.9200forWindows8,WindowsRT,WindowsServer2012,WindowsStorage
Server2012,andWindowsPhone8
1.2 Brief Module Description

RSAENH.DLLisadynamicallylinkedlibrary(DLL)thatprovidescryptographicalgorithmsviaCryptoAPI.
1.3 Validated Platforms

TheEnhancedCryptographicProvidercomponentlistedinSection1.1wasvalidatedusingthefollowing
machineconfigurations:
x86MicrosoftWindows8EnterpriseDellDimensionC521(AMDAthlon64X2DualCore)
x64MicrosoftWindows8EnterpriseDellPowerEdgeSC430(IntelPentiumDwithoutAESNI)
x64AESNIMicrosoftWindows8EnterpriseIntelClientDesktop(IntelCorei7withAESNI)
x64MicrosoftWindowsServer2012DellPowerEdgeSC430(IntelPentiumDwithoutAESNI)
x64AESNIMicrosoftWindowsServer2012IntelClientDesktop(IntelCorei7withAESNI)
ARMv7Thumb2MicrosoftWindowsRTNVIDIATegra3Tablet(NVIDIATegra3QuadCore)
ARMv7Thumb2MicrosoftWindowsRTQualcommTablet(QualcommSnapdragonS4)
ARMv7Thumb2MicrosoftWindowsRTMicrosoftSurfaceWindowsRT(NVIDIATegra3Quad
Core)
x64AESNIMicrosoftWindows8ProMicrosoftSurfaceWindows8Pro(Intelx64Processor
withAESNI)
ARMv7Thumb2MicrosoftWindowsPhone8WindowsPhone8(QualcommSnapdragonS4)
x64MicrosoftWindowsStorageServer2012IntelMahoBay(IntelCorei7withoutAESNI)
x64AESNIMicrosoftWindowsStorageServer2012IntelMahoBay(IntelCorei7withAESNI)
TheEnhancedCryptographicProvidermaintainsFIPS1402validationcompliance(accordingtoFIPS
1402PUBImplementationGuidanceG.5)onthefollowingplatforms:
x86MicrosoftWindows8
x86MicrosoftWindows8Pro

x64MicrosoftWindows8
x64MicrosoftWindows8Pro
x64MicrosoftWindowsServer2012Datacenter
x64AESNIMicrosoftWindows8
x64AESNIMicrosoftWindows8Pro
x64AESNIMicrosoftWindowsServer2012Datacenter
1.4 Cryptographic Boundary

ThesoftwarefilethatmakeupthecryptographicboundaryforEnhancedCryptographicProvideris
RSAENH.DLL.TheCryptoboundaryisalsoisdefinedastheenclosureofthecomputersystem,onwhich
EnhancedCryptographicProvideristobeexecuted.ThephysicalconfigurationofEnhanced
CryptographicProvider,asdefinedinFIPS1402,ismultichipstandalone.
ItshouldbenotedthattheDataProtectionAPIofMicrosoftWindows8,WindowsRT,WindowsServer
2012,WindowsStorageServer2012,andWindowsPhone8isnotpartofthemoduleandshouldbe
consideredtobeoutsidetheboundary.
2 Security Policy
EnhancedCryptographicProvideroperatesunderseveralrulesthatencapsulateitssecuritypolicy.
EnhancedCryptographicProviderissupportedonWindows8,WindowsRT,WindowsServer
2012,WindowsStorageServer2012,andWindowsPhone8(inasingleuserenvironment).
EnhancedCryptographicProvideroperatesinFIPSmodeofoperationonlywhenusedwith
Windows8,WindowsRT,WindowsServer2012,WindowsStorageServer2012,andWindows
Phone8CodeIntegrity(ci.dll)validatedtoFIPS1402underCert.#1897forWindows8
operatinginFIPSmode,MicrosoftWindows8,WindowsRT,WindowsServer2012,Windows
StorageServer2012,andWindowsPhone8CryptographicPrimitivesLibrary
(bcryptprimitives.dll)validatedtoFIPS1402underCert.#1892forWindows8operatinginFIPS
mode,andMicrosoftWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer
2012,andWindowsPhone8KernelModeCryptographicPrimitivesLibrary(cng.sys)validatedto
FIPS1402underCert.#1891forWindows8operatinginFIPSmode.
EnhancedCryptographicProviderprovidesnouserauthentication.Rolesareassumedimplicitly.
TheauthenticationprovidedbytheWindows8,WindowsRT,WindowsServer2012,Windows
StorageServer2012,andWindowsPhone8operatingsystemisnotinthescopeofthe
validation.
EnhancedCryptographicProviderisonlyinitsApprovedmodeofoperationwhenFIPSapproved
securityfunctionsareusedandWindowsisbootednormally,meaningDebugmodeisdisabled
andDriverSigningenforcementisenabled.
EnhancedCryptographicProvideroperatesinitsFIPSmodeofoperationonlywhenoneofthe
followingDWORDregistryvaluesissetto1:
o HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
o HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration\SelfT
estAlgorithms
Theregistrysecuritypolicysettingscanbeobservedwiththeregedittooltodeterminewhether
themoduleisinFIPSmode.
AlltheservicesprovidedbytheEnhancedCryptographicProviderareavailabletotheUserand
Cryptoofficerroles.
KeyscreatedwithinEnhancedCryptographicProviderbyoneuserarenotaccessibletoany
otheruserviaEnhancedCryptographicProvider.
ThefollowingdiagramillustratesthemastercomponentsoftheEnhancedCryptographicProvider
module:
Figure1MastercomponentsofEnhancedCryptographicProvidermodule
Application
CryptoAPI
CryptoAPIrouter
(cryptsp.dll)
CryptoSPI
RSAENH DSSENH OtherCryptographic

ServiceProvider
Module(CSPM)

Figure2RelationshiptoothercomponentsinWindowsCryptoAPIsystemcryptographicmodule
showningold
2.1 FIPS 1402 Approved Algorithms

WhenoperatingthismoduleunderWindows8,WindowsRT,WindowsServer2012,WindowsStorage
Server2012,andWindowsPhone8,thefollowingalgorithmsareApprovedsecurityfunctionsandcan
beusedinFIPSmode:
TripleDES1(Cert.#1386)
AES(Cert.#2196)
SHA12,SHA256,SHA384,SHA512(SHSCert.#1902)
HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512(HMACCert.#1346)
RSA(Cert.#1132)
2.2 NonApproved Algorithms

EnhancedCryptographicProviderimplementsthefollowingnonApprovedalgorithmallowedinFIPS
mode:
RSAKeyTransport(keywrapping;keyestablishmentmethodologyprovidesbetween80and150
bitsofencryptionstrength)
AES(Cert.#2196,keywrapping;keyestablishmentmethodologyprovidesbetween128and256
bitsofencryptionstrength)
TripleDES(Cert.#1386,keywrapping;keyestablishmentmethodologyprovides80or112bits
ofencryptionstrength)
1
Two-key Triple-DES is restricted and legacy-use according to NIST SP 800-131A. Users should start
transitioning away from this algorithm to better, stronger choices.
2
According to NIST SP 800-131A, SHA-1 is disallowed after the end of 2013. SHA-1 is currently legacy-
use for digital signature verification. Users should start transitioning away from this algorithm to better,
stronger choices.
EnhancedCryptographicProvidersupportsthefollowingnonFIPSapprovedalgorithms:
DES
RC4
RC2
MD2
MD4
MD5
ThesealgorithmsmaynotbeusedwhenoperatingthemoduleinaFIPSmode.Tooperatethemodulein
aFIPSmode,applicationsmustonlyuseFIPSapprovedalgorithms.
2.3 Cryptographic Bypass

CryptographicbypassisnotsupportedbyEnhancedCryptographicProvider.
2.4 Machine Configurations

EnhancedCryptographicProviderwastestedusingthemachineconfigurationslistedinSection1.3
ValidatedPlatforms.
3 Operational Environment
TheoperationalenvironmentforEnhancedCryptographicProviderisWindows8,WindowsRT,
WindowsServer2012,WindowsStorageServer2012,andWindowsPhone8runningonthehardware
listedinSection1.3ValidatedPlatforms.
TheEnhancedCryptographicProvidercryptomoduleisintendedtorunonWindows8,WindowsRT,
WindowsServer2012,WindowsStorageServer2012,andWindowsPhone8inSingleUserMode,
wherethereisonlyoneinteractiveuserduringalogonsession.Eachoperatingsystemprocesscreatesa
uniqueinstanceofthecryptomodulethatiswhollydedicatedtothatprocess.Thecryptomoduleisnot
sharedbetweenprocesses,andRSAENHreliesontheoperationalenvironmenttomaintainthis
isolation.
Eachprocessrequestingaccessisprovideditsowninstanceofthemodule.Assuch,eachprocesshasfull
accesstoallinformationandkeyswithinthemodule.Notethatnokeysorotherinformationare
maintainedupondetachmentfromtheDLL,thusaninstantiationofthemodulewillonlycontainkeysor
informationthattheprocesshasplacedinthemodule.
4 Integrity Chain of Trust

TheWindowsCodeIntegritymodule(CI.DLL,certificate#1897)validatestheintegrityofEnhanced
CryptographicProviderbeforeloadingthelatterintomemory.AnRSAsignaturewitha2048bitkeyand
SHA256messagedigestareused.
5 Ports and Interfaces

AsdepictedinFigure2,RSAENHisaCryptographicServiceProviderModule(CSPM)andimplementsa
setofexportfunctionsknownastheCryptoSPI.TheseCryptoSPIfunctionscorresponddirectly,inaone
toonemanner,tofunctionsintheCryptoAPI,whichistheprogramminginterfaceusedbyWindows
applicationstoaccessRSAENHandothersuchcryptographicproviders.Moreinformationaboutthe
CryptoSPIisavailableintheWindowsCryptographicProviderDevelopmentKit,availablefrom
http://www.microsoft.com/download
5.1 Control Input Interface

TheControlInputInterfaceforEnhancedCryptographicProviderconsistsoftheEnhancedCryptographic
ProviderCryptoSPIexportfunctions.Optionsforcontroloperationsarepassedasinputparametersto
thesefunctions.DataInputiskeptseparatefromControlInputbypassingDataInputinseparate
parametersfromControlInput.
5.2 Status Output Interface

TheStatusOutputInterfaceforEnhancedCryptographicProviderconsistsoftheCryptoSPIexport
functions.Foreachfunction,thestatusinformationisreturnedtothecallerasthereturnvaluefromthe
function.
5.3 Data Output Interface

TheDataOutputInterfaceforEnhancedCryptographicProviderconsistsoftheEnhancedCryptographic
ProviderCryptoSPIexportfunctions.
5.4 Data Input Interface

TheDataInputInterfaceforEnhancedCryptographicProviderconsistsoftheEnhancedCryptographic
ProviderCryptoSPIexportfunctions.Dataandoptionsarepassedtotheinterfaceasinputparameters
tothesefunctions.DataInputiskeptseparatefromControlInputbypassingDataInputinseparate
parametersfromControlInput.
6 Specification of Roles
EnhancedCryptographicProvidersupportsbothUserandCryptographicOfficerroles(asdefinedinFIPS
1402).BothroleshaveaccesstoallservicesimplementedinEnhancedCryptographicProvider.
Whenanapplicationrequeststhecryptomoduletogeneratekeysforauser,thekeysaregenerated,
used,anddeletedasrequestedbyapplications.Therearenoimplicitkeysassociatedwithauser,and
eachusermayhavenumerouskeys,bothsignatureandkeyexchange,andthesekeysareseparatefrom
otheruserskeys.
6.1 Maintenance Roles

Maintenancerolesarenotsupported.
6.2 Multiple Concurrent Interactive Operators

ThereisonlyoneinteractiveoperatorinSingleUserMode.Whenruninthisconfiguration,multiple
concurrentinteractiveoperatorsarenotsupported.
Eachinteractiveoperatormayrunanumberofconcurrentprocesses,andmultiplesuchprocessesmay
accessRSAENH.Eachsuchprocessisprovidedaseparateinstanceofthemodule.Eachsuchinstancewill
onlycontainkeysorinformationthattheprocesshasplacedwithinthemodule,andtheprocesswill
havefullaccesstoallkeysandinformationwithinitsmoduleinstance.
6.3 Data Access

Becauseanoperatorisprovidedaseparateinstanceofthemodule(aseparateinstantiationoftheDLL),
theoperatorhascompleteaccesstoallofthesecuritydataitemswithinthemodule.
6.4 Show Status Services

TheUserandCryptographicOfficerroleshavethesameShowStatusfunctionality,whichis,foreach
function,thestatusinformationisreturnedtothecallerasthereturnvaluefromthefunction.
6.5 SelfTest Services

TheUserandCryptographicOfficerroleshavethesameSelfTestfunctionality,whichisdescribedin
Section10SelfTests.
6.6 Service Inputs / Outputs

TheUserandCryptographicOfficerroleshaveserviceinputsandoutputsasspecifiedinSection5Ports
andInterfacesandSection7Services.
7 Services
Thefollowinglistcontainsallservicesavailabletoanoperator.Allservicesareaccessiblebyallroles.
NotethatthefunctionsnamedinthissectionareCryptoAPIfunctions;asmentionedinSection5,these
arecalledbytheapplicationandcorresponddirectlytotheCryptoSPIfunctionsimplementedby
RSAENH.
7.1 Key Storage Services

Thefollowingfunctionsprovideinterfacestothecryptomoduleskeycontainerfunctions.Pleasesee
theKeyStoragedescriptionunderSection9SecurityRelevantDataItemsformoreinformation.
7.1.1 CryptAcquireContext
TheCryptAcquireContextfunctionisusedtoacquireaprogrammaticcontexthandletoaparticularkey
containerviaaparticularcryptographicserviceprovidermodule(CSPM).Thisreturnedhandlecanthen
beusedtomakecallstotheselectedCSPM.Anysubsequentcallstoacryptographicfunctionneedto
referencetheacquiredcontexthandle.
Thisfunctionperformstwooperations.ItfirstattemptstofindaCSPMwiththecharacteristicsdescribed
inthedwProvTypeandpszProviderparameters.IftheCSPMisfound,thefunctionattemptstofindakey
containermatchingthenamespecifiedbythepszContainerparameter.
WiththeappropriatesettingofdwFlags,thisfunctioncanalsocreateanddestroykeycontainers.
IfdwFlagsissettoCRYPT_NEWKEYSET,anewkeycontaineriscreatedwiththenamespecifiedby
pszContainer.IfpszContainerisNULL,akeycontainerwiththedefaultnameiscreated.
IfdwFlagsissettoCRYPT_DELETEKEYSET,ThekeycontainerspecifiedbypszContainerisdeleted.If
pszContainerisNULL,thekeycontainerwiththedefaultnameisdeleted.Allkeypairsinthekey
containerarealsodestroyedandmemoryiszeroized.
Whenthisflagisset,thevaluereturnedinphProvisundefined,andthus,theCryptReleaseContext
functionneednotbecalledafterwards.
7.1.2 CryptGetProvParam
TheCryptGetProvParamfunctionretrievesdatathatgovernstheoperationsoftheprovider.This
functionmaybeusedtoenumeratekeycontainers,enumeratesupportedalgorithms,andgenerally
determinecapabilitiesoftheCSPM.
7.1.3 CryptSetProvParam
TheCryptSetProvParamfunctioncustomizesvariousaspectsofaprovidersoperations.Thisfunctionis
maybeusedtosetasecuritydescriptoronakeycontainer.
7.1.4 CryptReleaseContext
TheCryptReleaseContextfunctionreleasesthehandlereferencedbythehProvparameter.Aftera
providerhandlehasbeenreleased,itbecomesinvalidandcannotbeusedagain.Inaddition,keyand
hashhandlesassociatedwiththatproviderhandlemaynotbeusedafterCryptReleaseContexthasbeen
called.
7.2 Key Generation and Exchange Services

ApprovedRandomNumberGeneratorsareusedforallKeyGeneration.Thefollowingfunctionsprovide
interfacestothecryptomoduleskeygenerationandexchangefunctions.
7.2.1 CryptDeriveKey
TheCryptDeriveKeyfunctioncreatescryptographicsessionkeysfromahashvalue.Thisfunction
guaranteesthatwhenthesameCSPMandalgorithmsareused,thekeyscreatedfromthesamehash
valueareidentical.Thehashvalueistypicallyacryptographichashofapasswordorsimilarsecretuser
data.
ThisfunctionisthesameasCryptGenKey,exceptthatthegeneratedsessionkeysarecreatedfromthe
hashvalueinsteadofbeingrandomandCryptDeriveKeycanonlybeusedtocreatesessionkeys.This
functioncannotbeusedtocreatepublic/privatekeypairs.Thisfunctioncanbeusedbyacalling
applicationasthepseudorandomfunction(PRF)ofTLS1.0;however,theuseofthisfunctionasa
standalonekeyderivationfunctionisnotallowedinFIPSmode.
IfkeysarebeingderivedfromaCALG_SCHANNEL_MASTER_HASH,thentheappropriatekeyderivation
processisusedtoderivethekey.InthiscasetheprocessusedisfromtheSSL2.0,SSL3.0orTLS
specificationofderivingclientandserversideencryptionandMACkeys.Thisfunctionwillcausethekey
blocktobederivedfromthemastersecretandtherequestedkeyisthenderivedfromthekeyblock.
Whichprocessisusedisdeterminedbywhichprotocolisassociatedwiththehashobject.TLSmustbe
usedinFIPSmode.FormoreinformationseetheSSL2.0,SSL3.0andTLSspecifications.
7.2.2 CryptDestroyKey
TheCryptDestroyKeyfunctionreleasesthehandlereferencedbythehKeyparameter.Afterakeyhandle
hasbeenreleased,itbecomesinvalidandcannotbeusedagain.
Ifthehandlereferstoasessionkey,ortoapublickeythathasbeenimportedintotheCSPMthrough
CryptImportKey,thisfunctionzeroizesthekeyinmemoryandfreesthememorythatthekeyoccupied.
Theunderlyingpublic/privatekeypair(whichresidesoutsidethecryptomodule)isnotdestroyedbythis
function.Onlythehandleisdestroyed.
7.2.3 CryptExportKey
TheCryptExportKeyfunctionexportscryptographickeysfromacryptographicserviceprovidermodule
(CSPM)inasecuremannerforkeyarchivalpurposes.
PublicRSAkeysarealsoexportedusingthisfunction.AhandletotheRSApublickeyispassedtothe
functionandthepublickeyisexported,alwaysinplaintextasablob.Thisblobmaythenbeimported
usingtheCryptImportKeyfunction.
SymmetrickeysmayalsobeexportedandwrappedwithanRSAkeyusingtheCryptExportKeyfunction.
AhandletothesymmetrickeyandahandletothepublicRSAkeytowrapwitharepassedtothe
function.Thefunctionreturnsablob(SIMPLEBLOB)whichisthewrappedsymmetrickey.
Symmetrickeysmayalsobeexportedbyencryptingthekeyswithanothersymmetrickey(AESorTriple
DES).TheencryptedkeyisthenexportedasablobandmaybeimportedusingtheCryptImportKey
function.
7.2.4 CryptGenKey
TheCryptGenKeyfunctiongeneratesarandomcryptographickey.Ahandletothekeyisreturnedin
phKey.ThishandlecanthenbeusedasneededwithanyCryptoAPIfunctionrequiringakeyhandle.
Thecallingapplicationmustspecifythealgorithmwhencallingthisfunction.Becausethisalgorithmtype
iskeptbundledwiththekey,theapplicationdoesnotneedtospecifythealgorithmlaterwhenthe
actualcryptographicoperationsareperformed.
7.2.5 CryptGenRandom
TheCryptGenRandomfunctionfillsabufferwithrandombytes.Thisfunctionmerelyforwardsthecallto
aFIPSapprovedRNGfromtheCryptographicPrimitivesLibrary(bcryptprimitives.dll)withDRBG(Cert.
#258).
7.2.6 CryptGetKeyParam
TheCryptGetKeyParamfunctionretrievesdatathatgovernstheoperationsofakey.
7.2.7 CryptGetUserKey
TheCryptGetUserKeyfunctionretrievesahandleofoneofauser'spublic/privatekeypairs.
7.2.8 CryptImportKey
TheCryptImportKeyfunctiontransfersacryptographickeyfromakeyblobintoacryptographicservice
providermodule(CSPM).
Privatekeysmaybeimportedasblobsandthefunctionwillreturnahandletotheimportedkey.
AsymmetrickeywrappedwithanRSApublickeyisimportedintotheCryptoImportKeyfunction.The
functionusestheRSAprivatekeyexchangekeytounwraptheblobandreturnsahandletothe
symmetrickey.
Symmetrickeysencryptedwithothersymmetrickeys(AESorTripleDES)mayalsobeimportedusing
thisfunction.Theencryptedkeyblobispassedinalongwithahandletoasymmetrickey,whichthe
moduleissupposedtousetodecrypttheblob.Ifthefunctionissuccessfulthenahandletothe
decryptedsymmetrickeyisreturned.
TheCryptImportKeyfunctionrecognizesanewflagCRYPT_IPSEC_HMAC_KEY.Theflagallowsthecaller
tosupplytheHMACkeymaterialofsizegreaterthan16bytes.WithouttheCRYPT_IPSEC_HMAC_KEY
flag,theCryptImportKeyfunctionwouldfailwithNTE_BAD_DATAifthecallersuppliestheHMACkey
materialofsizegreater16bytes.ForimportingaHMACkey,thecallershouldidentifytheimportedkey
blobasthePLAINTEXTKEYBLOBtypeanduseCALG_RC2asthekeyAlgorithmidentifier.
7.2.9 CryptSetKeyParam
TheCryptSetKeyParamfunctioncustomizesvariousaspectsofakey'soperations.Thisfunctionisusedto
setsessionspecificvaluesforsymmetrickeys.
7.2.10 CryptDuplicateKey
TheCryptDuplicateKeyfunctionisusedtoduplicate,makeacopyof,thestateofakeyandreturnsa
handletothisnewkey.TheCryptDestroyKeyfunctionmustbeusedonboththehandletotheoriginal
keyandthenewlyduplicatedkey.
7.3 Data Encryption and Decryption Services

Thefollowingfunctionsprovideinterfacestothecryptomodulesdataencryptionanddecryption
functions.
7.3.1 CryptDecrypt
TheCryptDecryptfunctiondecryptsdatapreviouslyencryptedusingCryptEncryptfunction.
7.3.2 CryptEncrypt
TheCryptEncryptfunctionencryptsdata.Thealgorithmusedtoencryptthedataisdesignatedbythe
keyheldbytheCSPMandisreferencedbythehKeyparameter.
7.4 Hashing and Digital Signature Services

Thefollowingfunctionsprovideinterfacestothecryptomoduleshashinganddigitalsignaturefunctions.
7.4.1 CryptCreateHash
TheCryptCreateHashfunctioninitiatesthehashingofastreamofdata.Itreturnstothecalling
applicationahandletoaCSPMhashobject.ThishandleisusedinsubsequentcallstoCryptHashData
andCryptHashSessionKeyinordertohashstreamsofdataandsessionkeys.SHA1andMD5arethe
cryptographichashingalgorithmssupported.Inaddition,aMACusingasymmetrickeyiscreatedwith
thiscallandmaybeusedwithanyofthesymmetricblockcipherssupportbythemodule(DES,Triple
DES,AES,RC4orRC2).ForcreatingaHMAChashvalue,thecallerspecifiestheCALG_HMACflaginthe
Algidparameter,andtheHMACkeyusingahKeyhandleobtainedfromcallingCryptImportKey.
ACALG_SCHANNEL_MASTER_HASHmaybecreatedwiththiscall.Ifthisisthecasethenahandletoone
ofthefollowingtypesofkeysmustbepassedinthehKeyparameter,CALG_SSL2_MASTER,
CALG_SSL3_MASTER,orCALG_TLS1_MASTER.ThisfunctionwithCALG_SCHANNEL_MASTER_HASHin
theALGIDparameterwillcausethederivationofthemastersecretfromthepremastersecret
associatedwiththepassedinkeyhandle.Thiskeyderivationprocessisdoneinthemethodspecifiedin
theappropriateprotocolspecification,SSL2.0,SSL3.0,orTLS.Themastersecretisthenassociatedwith
theresultinghashhandleandsessionkeysandMACkeysmaybederivedfromthishashhandle.The
mastersecretmaynotbeexportedorimportedfromthemodule.Thekeydataassociatedwiththehash
handleiszeroizedwhenCryptDestroyHashiscalled.
7.4.2 CryptDestroyHash
TheCryptDestroyHashfunctiondestroysthehashobjectreferencedbythehHashparameter.Aftera
hashobjecthasbeendestroyed,itcannolongerbeused.Whenahashobjectisdestroyed,thecrypto
modulezeroizesthememorywithinthemodulewherethehashobjectwasheld.Thememoryisthen
freed.
IfthehashhandlereferencesaCALG_SCHANNEL_MASTER_HASHkeythen,whenCryptDestroyHashis
called,theassociatedkeymaterialiszeroizedalso.
AllhashobjectsshouldbedestroyedwiththeCryptDestroyHashfunctionwhentheapplicationis
finishedwiththem.
7.4.3 CryptGetHashParam
TheCryptGetHashParamfunctionretrievesdatathatgovernstheoperationsofahashobject.Theactual
hashvaluecanalsoberetrievedbyusingthisfunction.
7.4.4 CryptHashData
TheCryptHashDatafunctionaddsdatatoaspecifiedhashobject.Thisfunctionand
CryptHashSessionKeycanbecalledmultipletimestocomputethehashonlongdatastreamsor
discontinuousdatastreams.Beforecallingthisfunction,theCryptCreateHashfunctionmustbecalledto
createahandleofahashobject.
7.4.5 CryptHashSessionKey
TheCryptHashSessionKeyfunctioncomputesthecryptographichashofakeyobject.Thisfunctioncan
becalledmultipletimeswiththesamehashhandletocomputethehashofmultiplekeys.Callsto
CryptHashSessionKeycanbeinterspersedwithcallstoCryptHashData.Beforecallingthisfunction,the
CryptCreateHashfunctionmustbecalledtocreatethehandleofahashobject.
7.4.6 CryptSetHashParam
TheCryptSetHashParamfunctioncustomizestheoperationsofahashobject.ForcreatingaHMAChash
associatedwithahashobjectidentifiedthehHashhandle,thecallerusestheCryptSetHashParam
functionwiththeHP_HMAC_INFOflagtospecifythenecessarySHA1algorithmusingtheCALG_SHA1
flagintheinputHMAC_INFOstructure.ThereisnoneedforthecallertospecifytheHMACinneror
outerstringsastheCSPMisusingtheinnerandouterstringvaluesasdocumentedintheDraftFIPSfor
HMACasitsdefaultvalues.
7.4.7 CryptSignHash
TheCryptSignHashfunctionsignsdata.Becauseallsignaturealgorithmsareasymmetricandthusslow,
theCryptoAPIdoesnotallowdatabesigneddirectly.Instead,dataisfirsthashedandCryptSignHashis
usedtosignthehash.ThecryptomodulesupportssigningwithRSA.TheX9.31formatmaybespecified
byaflag.
Note:thisfunctionacceptsSHA1hashes,whichaccordingtoNISTSP800131Aiscurrentlydeprecated
fordigitalsignaturegenerationandwillbedisallowedaftertheendof2013.SimilarlyforRSAwithkeys
shorterthan2048bits.SHA1andRSAwithkeysshorterthan2048bitsarecurrentlylegacyusefor
digitalsignatureverification.
7.4.8 CryptVerifySignature
TheCryptVerifySignaturefunctionverifiesthesignatureofahashobject.Beforecallingthisfunction,the
CryptCreateHashfunctionmustbecalledtocreatethehandleofahashobject.CryptHashDataor
CryptHashSessionKeyisthenusedtoadddataorsessionkeystothehashobject.Thecryptomodule
supportsverifyingRSAsignatures.TheX9.31formatmaybespecifiedbyaflag.
Afterthisfunctionhasbeencompleted,onlyCryptDestroyHashcanbecalledusingthehHashhandle.
Note:thisfunctionacceptsSHA1hashes,whichaccordingtoNISTSP800131Aiscurrentlydeprecated
fordigitalsignaturegenerationandwillbedisallowedaftertheendof2013.SimilarlyforRSAwithkeys
shorterthan2048bits.SHA1andRSAwithkeysshorterthan2048bitsarecurrentlylegacyusefor
digitalsignatureverification.
7.4.9 CryptDuplicateHash
TheCryptDuplicateHashfunctionisusedtoduplicate,makeacopyof,thestateofahashandreturnsa
handletothisnewhash.TheCryptDestroyHashfunctionmustbeusedonboththehandletotheoriginal
hashandthenewlyduplicatedhash.
8 Authentication
TheEnhancedCryptographicProvidercryptomoduledoesnotprovideauthentication.Rolesare
implicitlyassumedbasedontheservicesthatareexecuted.
9 Security Relevant Data Items

TheEnhancedCryptographicProvidercryptomoduleusesthefollowingsecurityrelevantdataitems:
SecurityRelevantDataItem Description
Symmetricencryption/decryptionkeys KeysusedforAESorTDEAencryption/decryption
HMACkeys KeysusedforHMACSHA1,HMACSHA256,
HMACSHA384,andHMACSHA512

RSAPublicKeys KeysusedfortheverificationofRSAdigital
signaturesorkeytransport

RSAPrivateKeys KeysusedforthecalculationofRSAdigital
signaturesorkeytransport

9.1 Access Control Policy

TheEnhancedCryptographicProvidercryptomoduleallowscontrolledaccesstothesecurityrelevant
dataitemscontainedwithinit.Thefollowingtabledefinestheaccessthataservicehastoeach.The
permissionsarecategorizedasasetoffourseparatepermissions:read(r),write(w),execute(x),delete
(d).Ifnopermissionislisted,theservicehasnoaccesstotheitem.TheUserandCryptographicOfficer
roleshavethesameaccesstokeyssorolesarenotdistinguishedinthetable.
Symmetricencryption/decryption
EnhancedCryptographicProvidercryptomodule
RSAPrivateKeys
RSAPublicKeys
ServiceAccessPolicy
HMACkeys
keys
KeyStorageServices r/x r/x r/x r/x
KeyGenerationandExchangeServices r/w/ d r/w/d r/w/d r/w/d
DataEncryptionandDecryptionServices x
HashingandDigitalSignatureServices x x X
9.2 Key Material

EnhancedCryptographicProvidercancreateandusekeysforthefollowingalgorithms:RSASignature,
RSAKeyExchange,RC2,RC4,DES,TripleDES,andAES.EachtimeanapplicationlinkswithRSAENH,the
DLLisinstantiatedandnokeysexistwithin.Theuserapplicationisresponsibleforimportingkeysinto
EnhancedCryptographicProviderorusingRSAENHsfunctionstogeneratekeys.
SeetheMSDNLibraryformoreinformationaboutkeyformatsandstructures.(DevCenterDesktop>
Docs>Desktopappdevelopmentdocumentation>SecurityandIdentity>CryptographyAPI:Next
Generation>CNGReference>CNGStructures)
9.3 Key Generation

RandomkeyscanbegeneratedbycallingtheCryptGenKey()function.CryptGenKey()provideskey
generationforsymmetrickeys(suchasAESandTripleDES)andasymmetrickeys(suchasRSA).Random
keysaregeneratedfollowingthestandardthatdefineseachalgorithm.
SeetheMSDNLibrary.(DevCenterDesktop>Docs>Desktopappdevelopmentdocumentation>
SecurityandIdentity>Cryptography>CryptographyReference>CryptographyFunctions>CSPKey
GenerationandExchangeFunctions)
9.4 Key Entry and Output

KeyscanbebothexportedandimportedoutofandintoEnhancedCryptographicProvidervia
CryptExportKey()andCryptImportKey().Exportedprivatekeysmaybeencryptedwithasymmetrickey
passedintotheCryptExportKeyfunction.Anyofthesymmetricalgorithmssupportedbythecrypto
modulemaybeusedtoencryptprivatekeysforexport(AES,DES,TripleDES,RC4orRC2).Whenprivate
keysaregeneratedorimportedfromarchival,theyareencryptedwiththeMicrosoftWindows8,
WindowsRT,WindowsServer2012,WindowsStorageServer2012,andWindowsPhone8Data
ProtectionAPI(DPAPI)andthenoutputtothefilesystemintheencryptedform.
Symmetrickeyentryandoutputisdonebyexchangingkeysusingtherecipientsasymmetricpublickey.
Symmetrickeyentryandoutputmayalsobedonebyexportingasymmetrickeywrappedwithanother
symmetrickeyorkeysmaybeoutputinplaintext.
ExportingtheRSAprivatekeybysupplyingPRIVATEKEYBLOBtotheBlobTypeparameterof
CryptExportKey()isnotallowedinFIPSmode.
See the MSDN Library. (DevCenterDesktop>Docs>Desktopappdevelopmentdocumentation>
SecurityandIdentity>Cryptography>CryptographyReference>CryptographyFunctions>CSPKey
GenerationandExchangeFunctions)e
9.5 Key Storage

EnhancedCryptographicProviderdoesnotprovidepersistentstorageofkeys.While,itispossibleto
storekeysinthefilesystem,thisfunctionalityisoutsidethescopeofthisvalidation.Thetaskof
protecting(orencrypting)thekeyspriortostorageinthefilesystemisdelegatedtotheDataProtection
API(DPAPI)ofMicrosoftWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer2012,
andWindowsPhone8.TheDPAPIisaseparatecomponentoftheoperatingsystemthatisoutsidethe
boundariesofthecryptomodule.Thissectiondescribesthisfunctionalityforinformationpurposesonly.
Whenakeycontainerisdeleted,thefileiszeroizedbeforebeingdeleted.EnhancedCryptographic
ProvideroffloadsthekeystorageoperationstotheMicrosoftWindows8,WindowsRT,WindowsServer
2012,WindowsStorageServer2012,andWindowsPhone8operatingsystem,whichisoutsidethe
cryptographicboundary.Becausekeysarenotpersistentlystoredinsidethecryptographicmodule,
privatekeysareinsteadencryptedbytheMicrosoftDataProtectionAPI(DPAPI)serviceandstoredin
theMicrosoftWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer2012,and
WindowsPhone8filesystem.Keysarezeroizedfrommemoryafteruse.Asanexception,thekeyused
forpowerupselftestingisstoredinthecryptographicmodule.
WhenanoperatorrequestsakeyedcryptographicoperationfromRSAENH,his/herkeysareretrieved
fromthefilesystembyEnhancedCryptographicProviderwiththesupportofDPAPI.
PleaserefertothetechnicalpaperWindowsDataProtection(http://msdn.microsoft.com/en
us/library/ms995355.aspx)forfurtherdetailofDPAPI.
9.6 Key Archival

EnhancedCryptographicProviderdoesnotdirectlyarchivecryptographickeys.Theoperatormaychoose
toexportacryptographickeylabeledasexportable(cf.KeyInputandOutputabove),but
managementofthesecurearchivalofthatkeyistheresponsibilityoftheuser.
9.7 Key Destruction

AllkeysaredestroyedandtheirmemorylocationzeroizedwhentheoperatorcallsCryptDestroyKeyon
thatkeyhandle.Privatekeysthatresideoutsidethecryptographicboundary(onesstoredbythe
operatingsysteminencryptedformatintheWindows8,WindowsRT,WindowsServer2012,Windows
StorageServer2012,andWindowsPhone8DPAPIsystemportionoftheOS)aredestroyedwhenthe
operatorcallsCryptAcquireContextwiththeCRYPT_DELETE_KEYSETflag.
10 SelfTests
EnhancedCryptographicProviderprovidesalloftheFIPS1402requiredselftests.Asrequired,the
moduleexecutesitsselftestsuponpoweron(startup)withoutoperatorinterventionandotherself
testsuponencounteringaspecificcondition(keypairorrandomnumbergeneration).Finally,itshould
benotedthatnonFIPSapprovedalgorithmsshouldnotbeusedifoperatingEnhancedCryptographic
ProviderinaFIPSmode.
10.1 PowerOn SelfTests

ThefollowingFIPSapprovedalgorithmtestsareinitiateduponpoweron(startup)withoutoperator
intervention:
TripleDESECBencrypt/decryptKAT
SHA384KAT
SHA512KAT
SHA1HMACKAT
SHA256HMACKAT
SHA512HMACKAT
RSAsign/verifypoweruptest
AES128ECBencrypt/decryptKAT
Iftheselftestfails,themodulewillnotloadandstatuswillbereturned.Ifthestatusisnot
STATUS_SUCCESS,thenthatistheindicatoraselftestfailed.
10.2 Conditional SelfTests

Thefollowingselftestisinitiatedatkeygeneration:
RSApairwiseconsistencytest
11 Design Assurance
Thesecureinstallation,generation,andstartupproceduresofthiscryptographicmodulearepartofthe
overallWindows8,WindowsRT,WindowsServer2012,andWindowsStorageServer2012operating
systemsecureinstallation,configuration,andstartupprocedures.Aftertheoperatingsystemhasbeen
installed,itmustbeconfiguredbyenablingthe"Systemcryptography:UseFIPScompliantalgorithmsfor
encryption,hashing,andsigning"policysettingfollowedbyrestartingthesystem.Thisprocedureisall
thecryptoofficeranduserbehaviornecessaryforthesecureoperationofthiscryptographicmodule.
WindowsPhone8doesnotusethesameinstallation,configuration,andstartupproceduresasthe
Windowsoperatingsystemonacomputer,butrather,issecurelyinstalledandconfiguredbythe
cellulartelephonecarrier.
Theproceduresrequiredformaintainingsecuritywhiledistributinganddeliveringversionsofa
cryptographicmoduletoauthorizedoperatorsare:
1. Thesecuredistributionmethodisviathephysicalmediumforproductinstallationdeliveredby
MicrosoftCorporation,whichisaDVDinthecaseofWindows8andWindowsServer2012.In
thecaseofWindowsRT,SurfaceWindowsRT,SurfaceWindows8Pro,WindowsPhone8,and
WindowsStorageServer2012,thecryptographicmoduleisalreadyinstalledatthefactoryand
isonlydistributedwiththehardware.
2. Aninspectionofauthenticityofthephysicalmediumcanbemadebyfollowingtheguidanceat
thisMicrosoftwebsite:http://www.microsoft.com/enus/howtotell/default.aspx
3. TheinstalledversionofWindows8,WindowsRT,WindowsServer2012,andWindowsStorage
Server2012mustbeverifiedtomatchtheversionthatwasvalidated.SeeAppendixAfordetails
onhowtodothis.
ForWindowsUpdates,theclientonlyacceptsbinariessignedbyMicrosoftcertificates.TheWindows
UpdateclientonlyacceptscontentwhoseSHA2hashmatchestheSHA2hashspecifiedinthe
metadata.AllmetadatacommunicationisdoneoveraSecureSocketsLayer(SSL)port.UsingSSL
ensuresthattheclientiscommunicatingwiththerealserverandsopreventsaspoofserverfrom
sendingtheclientharmfulrequests.Theversionanddigitalsignatureofnewcryptographicmodule
releasesmustbeverifiedtomatchtheversionthatwasvalidated.SeeAppendixAfordetailsonhowto
dothis.
12 Miscellaneous
Thefollowingitemsaddressrequirementsnotaddressedabove.
12.1 Operator Authentication

EnhancedCryptographicProviderprovidesnoauthenticationofoperators.TheMicrosoftWindows8,
WindowsRT,WindowsServer2012,WindowsStorageServer2012,andWindowsPhone8operating
systemuponwhichitrunsdoesprovideauthentication,butthisisoutsideofthescopeofRSAENHsFIPS
validation.TheinformationabouttheauthenticationprovidedbyMicrosoftWindows8,WindowsRT,
WindowsServer2012,WindowsStorageServer2012,andWindowsPhone8isforinformational
purposesonly.MicrosoftWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer
2012,andWindowsPhone8requiresauthenticationfroma Trusted Computing Base (TCB)beforeauser
isabletoaccesssystemservices.OnceauserisauthenticatedfromtheTCB,aprocessiscreatedbearing
theoperatorssecuritytoken.Allsubsequentprocessesandthreadscreatedbythatoperatorare
implicitlyassignedtheparents(thustheoperators)securitytoken.Everyuserthathasbeen
authenticatedbyMicrosoftWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer
2012,andWindowsPhone8isnaturallyassignedtheoperatorrolewhenhe/sheaccessesRSAENH.
12.2 ModularExpOffload
TheModularExpOffloadfunctionoffloadsmodularexponentiationfromaCSPMtoahardware
accelerator.TheCSPMwillcheckintheregistryforthevalue
HKLM\Software\Microsoft\Cryptography\ExpoOffloadthatcanbethenameofaDLL.TheCSPMuses
LoadLibrarytoloadthatDLLandcallsGetProcAddresstogettheOffloadModExpoentrypointintheDLL
specifiedintheregistry.TheCSPMusestheentrypointtoperformallmodularexponentiationsforboth
publicandprivatekeyoperations.Twochecksaremadebeforeaprivatekeyisoffloaded.Notethatto
useEnhancedCryptographicProviderinaFIPScompliantmanner,thisfunctionshouldonlybeusedif
thehardwareacceleratorisFIPSvalidated.

13 Mitigation of Other Attacks

Thefollowingtableliststhemitigationsofotherattacksforthiscryptographicmodule:
Algorithm Protected Mitigation Comments

Against
SHA1 Timing ConstantTimeImplementation

Analysis
Attack
CacheAttack MemoryAccesspatternis
independentofany
confidentialdata
SHA2 Timing ConstantTimeImplementation

Analysis
Attack
CacheAttack MemoryAccesspatternis
independentofany
confidentialdata
AES Timing ConstantTimeImplementation

Analysis
Attack
CacheAttack MemoryAccesspatternis ProtectedAgainstCache

independentofany attacksonlywhenusedwith
confidentialdata AESNI
14 Additional Details
ForthelatestinformationonMicrosoftWindows,checkouttheMicrosoftwebsiteat:
http://windows.microsoft.com
FormoreinformationaboutFIPS140validationsofMicrosoftproducts,pleasesee:
http://technet.microsoft.com/enus/library/cc750357.aspx
15 Appendix A How to Verify Windows Versions and Digital Signatures
15.1 How to Verify Windows Versions

TheinstalledversionofWindows8,WindowsRT,WindowsServer2012,andWindowsStorageServer
2012mustbeverifiedtomatchtheversionthatwasvalidatedusingoneofthefollowingmethods:
1. Thevercommand
a. FromStart,opentheSearchcharm.
b. Inthesearchfieldtype"cmd"andpresstheEnterkey.
c. Thecommandwindowwillopenwitha"C:\>"prompt.
d. Attheprompt,type"ver"andpresstheEnterkey.
e. Youshouldseetheanswer"Microsoft Windows [Version 6.2.9200]".
2. Thesysteminfocommand
a. FromStart,opentheSearchcharm.
b. Inthesearchfieldtype"cmd"andpresstheEnterkey.
c. Thecommandwindowwillopenwitha"C:\>"prompt.
d. Attheprompt,type"systeminfo"andpresstheEnterkey.
e. Waitfortheinformationtobeloadedbythetool.
f. Nearthetopoftheoutput,youshouldsee:
OS Name: Microsoft Windows 8 Enterprise
OS Version: 6.2.9200 N/A Build 9200
OS Manufacturer: Microsoft Corporation
Iftheversionnumberreportedbytheutilitymatchestheexpectedoutput,thentheinstalledversion
hasbeenvalidatedtobecorrect.
15.2 How to Verify Windows Digital Signatures

AfterperformingaWindowsUpdatethatincludeschangestoacryptographicmodule,thedigital
signatureandfileversionofthebinaryexecutablefilemustbeverified.Thisisdonelikeso:
1. OpenanewwindowinWindowsExplorer.
2. TypeC:\Windows\inthefilepathfieldatthetopofthewindow.
3. Typethecryptographicmodulebinaryexecutablefilename(forexample,CNG.SYS)inthe
searchfieldatthetoprightofthewindow,thenpresstheEnterkey.
4. Thefilewillappearinthewindow.
5. Rightclickonthefilesicon.
6. SelectPropertiesfromthemenuandthePropertieswindowopens.
7. SelecttheDetailstab.
8. NotetheFileversionPropertyanditsvalue,whichhasanumberinthisformat:x.x.xxxx.xxxxx.
9. Ifthefileversionnumbermatchesoneoftheversionnumbersthatappearatthestartofthis
securitypolicydocument,thentheversionnumberhasbeenverified.
10. SelecttheDigitalSignaturestab.
11. IntheSignaturelist,selecttheMicrosoftWindowssigner.
12. ClicktheDetailsbutton.
13. UndertheDigitalSignatureInformation,youshouldsee:ThisdigitalsignatureisOK.Ifthat
conditionistruethenthedigitalsignaturehasbeenverified.

140 SP 1894

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

140 SP 1894

Hochgeladen von

Copyright:

Verfügbare Formate

EnhancedCryptographicProvider

Enhanced Cryptographic Provider

The information contained in this document

This document is for informational purposes only.

Complying with all applicable copyright laws is the

Microsoft may have patents, patent applications,

2014 Microsoft Corporation. All rights reserved.

Microsoft, Windows, the Windows logo, Windows

The names of actual companies and products

1.1 List of Cryptographic Module Binary Executables

1.2 Brief Module Description

1.3 Validated Platforms

1.4 Cryptographic Boundary

RSAENH DSSENH OtherCryptographic

2.1 FIPS 1402 Approved Algorithms

2.2 NonApproved Algorithms

2.3 Cryptographic Bypass

2.4 Machine Configurations

4 Integrity Chain of Trust

5 Ports and Interfaces

5.1 Control Input Interface

5.2 Status Output Interface

5.3 Data Output Interface

5.4 Data Input Interface

6.1 Maintenance Roles

6.2 Multiple Concurrent Interactive Operators

6.3 Data Access

6.4 Show Status Services

6.5 SelfTest Services

6.6 Service Inputs / Outputs

7.1 Key Storage Services

7.2 Key Generation and Exchange Services

7.3 Data Encryption and Decryption Services

7.4 Hashing and Digital Signature Services

9 Security Relevant Data Items

9.1 Access Control Policy

9.2 Key Material

9.3 Key Generation

9.4 Key Entry and Output

9.5 Key Storage

9.6 Key Archival

9.7 Key Destruction

10.1 PowerOn SelfTests

10.2 Conditional SelfTests

12.1 Operator Authentication

13 Mitigation of Other Attacks

Algorithm Protected Mitigation Comments

SHA1 Timing ConstantTimeImplementation

SHA2 Timing ConstantTimeImplementation

AES Timing ConstantTimeImplementation

CacheAttack MemoryAccesspatternis ProtectedAgainstCache

15 Appendix A How to Verify Windows Versions and Digital Signatures

15.1 How to Verify Windows Versions

15.2 How to Verify Windows Digital Signatures

Das könnte Ihnen auch gefallen