Encryption Support
Encrypting data allows it to be stored on nonsecure media or transmitted on a nonsecure network without compromising the data. The encryption function of CryptoAPI encrypts data by using an encryption key. To decrypt the data, the corresponding decryption key must be used.
The following list shows the two methods of encrypting data with the encryption function:
- Symmetric encryption, in which the same key is used for both encryption and decryption of data.
- Public-key encryption., in which two separate keys are used.
Symmetric Encryption
Using the same key makes this encryption method very fast; however, to maintain tight security, the keys must be changed frequently.
CryptoAPI supports block cipher or stream-based symmetric encryption. The following table shows the algorithms that it supports.
| Supported stream-based encryption algorithms | Supported cipher encryption algorithms |
|---|---|
| RC2, key strength 128 bit
RC4, key strength 128 bit |
DES, key strength 56 bit
3DES, key strength 112 bit and 168 bit |
Symmetric encryption requires exchanging a shared secret. When two parties are exchanging information while they are not within physical proximity to each other, this exchange can be accomplished through the use of Diffie-Hellman key exchange or through public-key encryption.
Public-Key Encryption
With public-key encryption, two separate keys are used. A public key is used for encrypting data and the corresponding private key is used for decrypting data.
Because the algorithms for this encryption method are very slow, public-key encryption is usually used in combination with symmetric encryption to encrypt other keys or to digitally sign files.
See Also
Send feedback on this topic to the authors.
© 2005 Microsoft Corporation. All rights reserved.