Cryptographic Certificate Support for Applications and Devices

This article is meant to provide a quick reference for cryptographic support for application and devices, as opposed to a place that describes options or how to actually implement them. That type of information should be placed elsewhere and then linked to from this article.

Application or device	Cryptographic support	Certificate chains types supported	Additional notes and references
Microsoft certification authorities (CAs)	CryptoAPI (CAPI) Cryptographic Service Providers (CSPs) Version 1 templates starting with Windows 2000 Version 2 templates starting with Windows Server 2003 Cryptography API: Next Generation (CNG) Version 3 templates starting with Windows Server 2008, which support Suite B algorithms	CAPI CSPs starting with Windows 2000 CNGs starting with Windows Server 2008	Certificate Template Versions and Certificate Template Overview
Microsoft Encrypting File System (EFS)	CAPI CSPs starting in Windows 2000 Cryptography Next Generation (CNG) starting in Windows 7 and Windows Server 2008 R2	CAPI CSPs starting with Windows 2000 CNG starting with Windows 7 and Windows Server 2008 R2.	EFS will not be able to locate the user’s smart card reader from the LSA process in Fast User Switching or in a Terminal Services session. As a result, EFS will be unable to decrypt user files. Reference: Windows Vista Smart Card Infrastructure. EFS does not support the Rivest-Shamir-Adelman algorithm for CNG (version 3) templates.
Microsoft IPsec	CAPI CSPs starting in Windows 2000 CNG starting in Windows Vista and Windows Server 2008	CAPI CSPs starting with Windows 2000 CNG starting with Windows 7 and Windows Server 2008 R2.
Microsoft Kerberos	CAPI CSPs only	CAPI CSPs only	Cryptography Next Generation
Microsoft Smart Card Logins	CAPI CSPs only	CAPI CSPs only	Cryptography Next Generation
Microsoft SSL	CAPI CSPs starting in Windows 2000 CNG starting in Windows Vista and Windows Server 2008	CAPI CSPs starting in Windows 2000 CNG starting in Windows Vista and Windows Server 2008	Cryptography Next Generation
Outlook 2003	CAPI CSPs only	CAPI CSPs only	Cryptography Next Generation
Outlook 2007	CAPI CSPs and CNG	CAPI CSPs and CNG	Plan for e-mail messaging cryptography
Outlook 2010	CAPI CSPs and CNG	CAPI CSPs and CNG	Plan for e-mail messaging cryptography in Outlook 2010

 

Additional articles:

• Rob Green’s blog entry discussing how to get certificates on your iPad and iPhone
• iPad in Business
• Configuring FIM Certificate Management
• Installing and Configuring an nCipher Hardware Security Module (HSM) with FIM CM 2010
• Installing and Configuring a LunaSA Hardware Security Module (HSM) with FIM CM 2010
• Cryptography Next Generation (CNG)
• Cryptography Next Generation (CNG) Application Programming Interface (API) 
• CNG Features
• CryptoAPI Cryptographic Service Providers