Resources For IT Professionals
Post an article
Wikis - Page Details
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  Cryptographic Certificate Support for Applications and Devices

Cryptographic Certificate Support for Applications and Devices

Cryptographic Certificate Support for Applications and Devices

This article is meant to provide a quick reference for cryptographic support for application and devices, as opposed to a place that describes options or how to actually implement them. That type of information should be placed elsewhere and then linked to from this article.

Application or device

Cryptographic support

Certificate chains types supported  

Additional notes and references

Microsoft certification authorities (CAs)

  •  CryptoAPI (CAPI) Cryptographic Service Providers (CSPs)

    • Version 1 templates starting with Windows 2000
    • Version 2 templates starting with Windows Server 2003
  • Cryptogrphy API: Next Generation (CNG)

    • Version 3 templates starting with Windows Server 2008, which support Suite B alorithms

  • CAPI CSPs starting with Windows 2000

  • CNGs starting with Windows Server 2008 

 Certificate Template Versions and Certificate Template Overview
Microsoft Encrypting File System (EFS)
  • CAPI CSPs starting in Windows 2000
  • Cryptography Next Generation (CNG) starting in Windows 7 and Windows Server 2008 R2 
  • CAPI CSPs starting with Windows 2000
  • CNG starting with Windows 7 and Windows Server 2008 R2.
  • EFS will not be able to locate the user’s smart card reader from the LSA process in Fast User Switching or in a Terminal Services session. As a result, EFS will be unable to decrypt user files. Reference: Windows Vista Smart Card Infrastructure.
  • EFS does not support the Rivest-Shamir-Adelman algorithm for CNG (version 3) templates.
 Microsoft IPsec
  • CAPI CSPs starting in Windows 2000
  • CNG starting in Windows Vista and Windows Server 2008
 
  • CAPI CSPs starting with Windows 2000
  • CNG starting with Windows 7 and Windows Server 2008 R2.
 
Microsoft Kerberos  CAPI CSPs only CAPI CSPs only   Cryptography Next Generation
Microsoft Smart Card Logins  CAPI CSPs only CAPI CSPs only  Cryptography Next Generation
 Microsoft SSL
  • CAPI CSPs starting in Windows 2000
  • CNG starting in Windows Vista and Windows Server 2008
  • CAPI CSPs starting in Windows 2000
  • CNG starting in Windows Vista and Windows Server 2008
 Cryptography Next Generation
 Outlook 2003  CAPI CSPs only CAPI CSPs only Cryptography Next Generation
 Outlook 2007  CAPI CSPs and CNG CAPI CSPs and CNG Plan for e-mail messaging cryptography
 Outlook 2010  CAPI CSPs and CNG CAPI CSPs and CNG Plan for e-mail messaging cryptography in Outlook 2010

 

Additional articles:

, , , , , , , , , , , , , , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 7 and 2 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 30 May 2012 9:54 AM

    Fernando Lugão Veltem edited Revision 10. Comment: correct font style and links colors

  • 30 Nov 2010 10:40 PM

    Kurt Hudson MSFT edited Revision 9. Comment: Found another resource that mentions support limits regarding Smart Cards with EFS.

  • 30 Nov 2010 10:09 PM

    Kurt Hudson MSFT edited Revision 8. Comment: Accidentally used No and Yes instead of listing supported items. Fixed that.

  • 30 Nov 2010 10:06 PM

    Kurt Hudson MSFT edited Revision 7. Comment: Updated to include information from Cryptography Next Generation article and Outlook articles. Need to seek input from additional people.

  • 30 Nov 2010 9:42 PM

    Kurt Hudson MSFT edited Revision 6. Comment: Removed bogus table formatting - hoping for a better result

  • 30 Nov 2010 9:37 PM

    Kurt Hudson MSFT edited Revision 5. Comment: Testing the formatting

  • 30 Nov 2010 9:21 PM

    Kurt Hudson MSFT edited Revision 4. Comment: Updated the table and references - still working on the topic

  • 30 Nov 2010 8:22 PM

    Kurt Hudson MSFT edited Revision 3. Comment: added intended purpose of this article and reference table - work in progress

  • 23 Nov 2010 2:55 PM

    Kurt Hudson MSFT edited Revision 2. Comment: Updated missing link to CryptoAPI NG

  • 23 Nov 2010 2:51 PM

    Kurt Hudson MSFT edited Revision 1. Comment: Updated the article title and clarified article goals.

Page 1 of 2 (11 items) 12
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 23 Nov 2010 12:34 PM

    Kurt Hudson MSFT edited Original. Comment: Created this article in response to questions I was seeing around cryptography. I would like to create a reference for people looking to integrate certificates with their applications and devices. The goal is to show what is and is not supported and link to locations where they can learn how to appropriately deploy certificates for their specific applications and devices.

  • Posted by
    on 23 Nov 2010 2:51 PM

    Kurt Hudson MSFT edited Revision 1. Comment: Updated the article title and clarified article goals.

  • Posted by
    on 23 Nov 2010 2:55 PM

    Kurt Hudson MSFT edited Revision 2. Comment: Updated missing link to CryptoAPI NG

  • Posted by
    on 30 Nov 2010 8:22 PM

    Kurt Hudson MSFT edited Revision 3. Comment: added intended purpose of this article and reference table - work in progress

  • Posted by
    on 30 Nov 2010 9:21 PM

    Kurt Hudson MSFT edited Revision 4. Comment: Updated the table and references - still working on the topic

  • Posted by
    on 30 Nov 2010 9:37 PM

    Kurt Hudson MSFT edited Revision 5. Comment: Testing the formatting

  • Posted by
    on 30 Nov 2010 9:42 PM

    Kurt Hudson MSFT edited Revision 6. Comment: Removed bogus table formatting - hoping for a better result

  • Posted by
    on 30 Nov 2010 10:06 PM

    Kurt Hudson MSFT edited Revision 7. Comment: Updated to include information from Cryptography Next Generation article and Outlook articles. Need to seek input from additional people.

  • Posted by
    on 30 Nov 2010 10:09 PM

    Kurt Hudson MSFT edited Revision 8. Comment: Accidentally used No and Yes instead of listing supported items. Fixed that.

  • Posted by
    on 30 Nov 2010 10:40 PM

    Kurt Hudson MSFT edited Revision 9. Comment: Found another resource that mentions support limits regarding Smart Cards with EFS.

  • Posted by
    on 30 May 2012 9:54 AM

    Fernando Lugão Veltem edited Revision 10. Comment: correct font style and links colors

Page 1 of 1 (11 items)