Can we access legacy CSP with CNG?

sabrina hou 1 Reputation point
2020-10-21T09:01:21.937+00:00

Our product enables the user to login with Smart Card certificate and local stored certificate. We are enhancing our application to support the certificates which are issued from CNG Key Storage Provider.

For Smart Card minidriver, it can register on both legacy CSP and KSP. So we can sign/encrypt the data with Smart Card using CryptoAPI or CNG API.
But for the local installed certificate, we need to detect the certificate's credential provider and invoke CryptoAPI or CNG API to perform crypto-operation. For the certificate issued with legacy CSP, it needs to invoke the deprecated CryptoAPI to perform perform crypto-operation. For the certificate issued with KSP, it can invoke the NCG to perform perform crypto-operation. If we still want to support the certificate issued from legacy CSP, we still need to use the CryptoAPI. Because the customer may not migrate their issued certificate from legacy CSP to KSP. So what is best practice to handle this use case.

My question is whether the Microsoft provider the similar way for Smart Card to handle software certificate. In this case, we can invoke CNG API to perform crypto-operation for the certficate issued with legacy CSP.

My questions:

  1. Can we access legacy CSP with CNG?
  2. What's is the Microsoft's plan to remove the legacy CSP support?
  3. Why some CryptoAPI are deprecated? But we still allow the customer to issue certificate from the legacy CSP.
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,894 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sunny Qi 11,031 Reputation points Microsoft Vendor
    2020-10-22T08:51:29.933+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Please kindly note that you posted a new thread in windows 10 security forum. And it seems that your issue more related with CNG API, it is recommended to post a new thread in winapi-security Q&A platform for more help, the tag should be winapi-security:
    https://learn.microsoft.com/en-us/answers/topics/winapi-security.html

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.

    Thank you for your understanding.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.