An important feature of CNG is the support of suite B algorithms. In February 2005, the U.S. National Security Agency (NSA) announced a coordinated set of symmetrical encryption, asymmetrical secret agreement (also known as key exchange), digital signature and harbour features for future U.S. government use, called Suite B. The NSA has announced that Suite B-certified implementations can and will be used to protect information called Top Secret, Secret and Private Information, described in the past as sensitive-But-Unclassified. That`s why Suite B support is very important for application software providers and system integrators, as well as for Microsoft. I spent a few days looking for which ECDH structure has a secret agreement, but no success. I found in MSDN that the NCryptSecretAgreement function fixes a pointer on a variable NCRYPT_SECRET_HANDLE that receives a handle representing the value of secret chords. I`m not at all familiar with WinAPI, so I can`t do anything but read documents. Unlike Cryptography API (CryptoAPI), Cryptography API: Next Generation (CNG) separates cryptography providers from major memory providers (KSPs). KSPs can be used to create, delete, export, import, open and save keys. Depending on their implementation, they can also be used for asymmetric encryption, secret agreement and signature. Microsoft installs the following KSPs from Windows Vista and Windows Server 2008.
Lenders can create and install other suppliers. I have to exchange keys between a windows desktop application and a web application. What I need to know is exactly how CNG uses KDF (hashs in my case) secret agreement value. I use the SHA-256 algorithm as kDF and I try to get X and Y from the secret agreement, but the result doesn`t match that of CNG. Any ideas? All functions that simultaneously change the same memory range (critical sections) when called by separate threads are not thread-resistant. If a key does not have a name, it is usually a volatile key. A volatile key is not retained, and Microsoft`s PCS does not generate surveillance data for volatile keys. Microsoft KSP generates surveillance data only in user mode in the LSA process.
No monitoring data is generated by the CNG core mode. Administrators must set up the surveillance policy to recover all security protocol SSP monitoring protocols. An administrator must run the following command line to set up additional audits generated by PCCs: Application Programmer; Security personnel Responsible Management of Security Policy and Implementation In addition, CNG provides support for all necessary Suite B algorithms, including elliptical curve cryptography (ECC). Existing CryptoAPI applications will continue to work as soon as the CNG is available. I can`t endorse what Microsoft thought was capable of implementing, but there is a standard on ECDH called X9.63. In this standard, ECDH works as follows: Suite B-cryptography recommends the use of Diffie-Hellman elliptical curves (ECDH) in many existing protocols, such as Internet Exchange (IKE, mainly in IPsec), transport berth security (TLS) and secure MIME (S/MIME). CNG supports Suite B, which covers all necessary algorithms: AES (all key sizes), the SHA-2 family (SHA-256, SHA-384 and SHA-512) of heroin algorithms, ECDH and DSA elliptical curves (ECDSA) via the P-256, P-384 and P-521 elliptical curves.