Can we access legacy CSP with CNG?

Question

Our product enables the user to login with Smart Card certificate and local stored certificate. We are enhancing our application to support the certificates which are issued from CNG Key Storage Provider.
I want to know whether we can access the legacy CSP with CNG API. Else wise we need to maintain the logics to handle the legacy CSP and KSP. From my current understanding, we need to handle it with CryptoAPI for legacy CSP. For KSP, we need to handle it with CNG.
My questions:

1. Can we access legacy CSP with CNG?
2. What's is the Microsoft's plan to remove the legacy CSP support?
3. Why some CryptoAPI are deprecated? But we still allow the customer to issue certificate from the legacy CSP.

Answer 1

@sabrina hou
Hi,

You could find some info below:
https://social.msdn.microsoft.com/Forums/en-US/ccbcb840-011f-4e10-be31-4ec8a46739b5/what-is-the-replacement-for-custom-csp-since-cryptoapi-is-being-deprecated-as-announced-?forum=windowssecurity

Also, according to your description, your issue seems more related with CNG API. To help you better, I suggest you submit a new case on the following Q&A as they will be more professional on your issue:
https://learn.microsoft.com/en-us/answers/topics/winapi-security.html

The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.

Thank you for your understanding.

Hope above information can help you.

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.