Cryptographic Certificate Support for Applications and Devices

Cryptographic Certificate Support for Applications and Devices

This article is meant to provide a quick reference for cryptographic support for application and devices, as opposed to a place that describes options or how to actually implement them. That type of information should be placed elsewhere and then linked to from this article.

Application or device

Cryptographic support

Certificate chains types supported  

Additional notes and references

Microsoft certification authorities (CAs)

  •  CryptoAPI (CAPI) Cryptographic Service Providers (CSPs)

    • Version 1 templates starting with Windows 2000
    • Version 2 templates starting with Windows Server 2003
  • Cryptogrphy API: Next Generation (CNG)
    • Version 3 templates starting with Windows Server 2008, which support Suite B alorithms

  • CAPI CSPs starting with Windows 2000

  • CNGs starting with Windows Server 2008 

Certificate Template Versions and Certificate Template Overview
Microsoft Encrypting File System (EFS)
  • CAPI CSPs starting in Windows 2000
  • Cryptography Next Generation (CNG) starting in Windows 7 and Windows Server 2008 R2 
  • CAPI CSPs starting with Windows 2000
  • CNG starting with Windows 7 and Windows Server 2008 R2.
  • EFS will not be able to locate the user’s smart card reader from the LSA process in Fast User Switching or in a Terminal Services session. As a result, EFS will be unable to decrypt user files. Reference: Windows Vista Smart Card Infrastructure.
  • EFS does not support the Rivest-Shamir-Adelman algorithm for CNG (version 3) templates.

 Microsoft IPsec
  • CAPI CSPs starting in Windows 2000
  • CNG starting in Windows Vista and Windows Server 2008
 
  • CAPI CSPs starting with Windows 2000
  • CNG starting with Windows 7 and Windows Server 2008 R2.
 
Microsoft Kerberos  CAPI CSPs only CAPI CSPs only   Cryptography Next Generation
Microsoft Smart Card Logins  CAPI CSPs only CAPI CSPs only  Cryptography Next Generation
 Microsoft SSL
  • CAPI CSPs starting in Windows 2000
  • CNG starting in Windows Vista and Windows Server 2008
  • CAPI CSPs starting in Windows 2000
  • CNG starting in Windows Vista and Windows Server 2008
 Cryptography Next Generation
 Outlook 2003  CAPI CSPs only CAPI CSPs only Cryptography Next Generation
 Outlook 2007  CAPI CSPs and CNG CAPI CSPs and CNG Plan for e-mail messaging cryptography
 Outlook 2010  CAPI CSPs and CNG CAPI CSPs and CNG Plan for e-mail messaging cryptography in Outlook 2010

 

Additional articles:

Leave a Comment
  • Please add 7 and 2 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Fernando Lugão Veltem edited Revision 10. Comment: correct font style and links colors

  • Kurt Hudson MSFT edited Revision 9. Comment: Found another resource that mentions support limits regarding Smart Cards with EFS.

  • Kurt Hudson MSFT edited Revision 8. Comment: Accidentally used No and Yes instead of listing supported items. Fixed that.

  • Kurt Hudson MSFT edited Revision 7. Comment: Updated to include information from Cryptography Next Generation article and Outlook articles. Need to seek input from additional people.

  • Kurt Hudson MSFT edited Revision 6. Comment: Removed bogus table formatting - hoping for a better result

  • Kurt Hudson MSFT edited Revision 5. Comment: Testing the formatting

  • Kurt Hudson MSFT edited Revision 4. Comment: Updated the table and references - still working on the topic

  • Kurt Hudson MSFT edited Revision 3. Comment: added intended purpose of this article and reference table - work in progress

  • Kurt Hudson MSFT edited Revision 2. Comment: Updated missing link to CryptoAPI NG

  • Kurt Hudson MSFT edited Revision 1. Comment: Updated the article title and clarified article goals.

Page 1 of 2 (11 items) 12
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Kurt Hudson MSFT edited Original. Comment: Created this article in response to questions I was seeing around cryptography. I would like to create a reference for people looking to integrate certificates with their applications and devices. The goal is to show what is and is not supported and link to locations where they can learn how to appropriately deploy certificates for their specific applications and devices.

  • Kurt Hudson MSFT edited Revision 1. Comment: Updated the article title and clarified article goals.

  • Kurt Hudson MSFT edited Revision 2. Comment: Updated missing link to CryptoAPI NG

  • Kurt Hudson MSFT edited Revision 3. Comment: added intended purpose of this article and reference table - work in progress

  • Kurt Hudson MSFT edited Revision 4. Comment: Updated the table and references - still working on the topic

  • Kurt Hudson MSFT edited Revision 5. Comment: Testing the formatting

  • Kurt Hudson MSFT edited Revision 6. Comment: Removed bogus table formatting - hoping for a better result

  • Kurt Hudson MSFT edited Revision 7. Comment: Updated to include information from Cryptography Next Generation article and Outlook articles. Need to seek input from additional people.

  • Kurt Hudson MSFT edited Revision 8. Comment: Accidentally used No and Yes instead of listing supported items. Fixed that.

  • Kurt Hudson MSFT edited Revision 9. Comment: Found another resource that mentions support limits regarding Smart Cards with EFS.

  • Fernando Lugão Veltem edited Revision 10. Comment: correct font style and links colors

Page 1 of 1 (11 items)