CNG Algorithm Identifiers
The following identifiers are used to identify standard encryption algorithms in various CNG functions and structures, such as the CRYPT_INTERFACE_REG structure. Third party providers may have additional algorithms that they support.
Constant/value  Description 


The triple data encryption standard symmetric encryption algorithm. Standard: SP80067, SP80038A 

The 112bit triple data encryption standard symmetric encryption algorithm. Standard: SP80067, SP80038A 

The advanced encryption standard symmetric encryption algorithm. Standard: FIPS 197 

The advanced encryption standard (AES) cipher based message authentication code (CMAC) symmetric encryption algorithm. Standard: SP 80038B Windows 8: Support for this algorithm begins. 

The advanced encryption standard (AES) Galois message authentication code (GMAC) symmetric encryption algorithm. Standard: SP80038D Windows Vista: This algorithm is supported beginning with Windows Vista with SP1. 

Crypto API (CAPI) key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. 

The data encryption standard symmetric encryption algorithm. Standard: FIPS 463, FIPS 81 

The extended data encryption standard symmetric encryption algorithm. Standard: None 

The DiffieHellman key exchange algorithm. Standard: PKCS #3 

The digital signature algorithm. Standard: FIPS 1862 Windows 8: Beginning with Windows 8, this algorithm supports FIPS 1863. Keys less than or equal to 1024 bits adhere to FIPS 1862 and keys greater than 1024 to FIPS 1863. 

The 256bit prime elliptic curve DiffieHellman key exchange algorithm. Standard: SP80056A 

The 384bit prime elliptic curve DiffieHellman key exchange algorithm. Standard: SP80056A 

The 521bit prime elliptic curve DiffieHellman key exchange algorithm. Standard: SP80056A 

The 256bit prime elliptic curve digital signature algorithm (FIPS 1862). Standard: FIPS 1862, X9.62 

The 384bit prime elliptic curve digital signature algorithm (FIPS 1862). Standard: FIPS 1862, X9.62 

The 521bit prime elliptic curve digital signature algorithm (FIPS 1862). Standard: FIPS 1862, X9.62 

The MD2 hash algorithm. Standard: RFC 1319 

The MD4 hash algorithm. Standard: RFC 1320 

The MD5 hash algorithm. Standard: RFC 1321 

The RC2 block symmetric encryption algorithm. Standard: RFC 2268 

The RC4 symmetric encryption algorithm. Standard: Various 
BCRYPT_RNG_ALGORITHM "RNG" 
The randomnumber generator algorithm. Standard: FIPS 1862, FIPS 1402, NIST SP 80090 Note: Beginning with Windows Vista with SP1 and Windows Server 2008, the random number generator is based on the AES counter mode specified in the NIST SP 80090 standard. Windows Vista: The random number generator is based on the hashbased random number generator specified in the FIPS 1862 standard. Windows 8: Beginning with Windows 8, the RNG algorithm supports FIPS 1863. Keys less than or equal to 1024 bits adhere to FIPS 1862 and keys greater than 1024 to FIPS 1863. 

The dual elliptic curve randomnumber generator algorithm. Standard: SP80090. Windows 8: Beginning with Windows 8, the EC RNG algorithm supports FIPS 1863. Keys less than or equal to 1024 bits adhere to FIPS 1862 and keys greater than 1024 to FIPS 1863. Windows 10: Beginning with Windows 10, the dual elliptic curve random number generator algorithm has been removed. Existing uses of this algorithm will continue to work; however, the random number generator is based on the AES counter mode specified in the NIST SP 80090 standard. New code should use BCRYPT_RNG_ALGORITHM, and it is recommended that existing code be changed to use BCRYPT_RNG_ALGORITHM. 

The randomnumber generator algorithm suitable for DSA (Digital Signature Algorithm). Standard: FIPS 1862. Windows 8: Support for FIPS 1863 begins. 

The RSA public key algorithm. Standard: PKCS #1 v1.5 and v2.0. 

The RSA signature algorithm. This algorithm is not currently supported. You can use the BCRYPT_RSA_ALGORITHM algorithm to perform RSA signing operations. Standard: PKCS #1 v1.5 and v2.0. 

The 160bit secure hash algorithm. Standard: FIPS 1802, FIPS 198. 

The 256bit secure hash algorithm. Standard: FIPS 1802, FIPS 198. 

The 384bit secure hash algorithm. Standard: FIPS 1802, FIPS 198. 

The 512bit secure hash algorithm. Standard: FIPS 1802, FIPS 198. 

Counter mode, hashbased message authentication code (HMAC) key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. 

SP80056A key derivation function algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. 

Passwordbased key derivation function 2 (PBKDF2) algorithm. Used by the BCryptKeyDerivation and NCryptKeyDerivation functions. 

Generic prime elliptic curve digital signature algorithm (see Remarks for more information). Standard: ANSI X9.62. 

Generic prime elliptic curve DiffieHellman key exchange algorithm (see Remarks for more information). Standard: SP80056A. 

The advanced encryption standard symmetric encryption algorithm in XTS mode. Standard: SP80038E, IEEE Std 16192007. Windows 10: Support for this algorithm begins. 
Remarks
To use BCRYPT_ECDSA_ALGORITM or BCRYPT_ECDH_ALGORITHM, call BCryptOpenAlgorithmProvider with either BCRYPT_ECDSA_ALGORITHM or BCRYPT_ECDH_ALGORITHM as the pszAlgId. Then use BCryptSetProperty to set the BCRYPT_ECC_CURVE_NAME property to a named algorithm listed in CNG Named Curves.
To provide userdefined elliptic curve parameters directly, use BCryptSetProperty to set the BCRYPT_ECC_PARAMETERS property. Download the Windows 10 Cryptographic Provider Developer Kit (CPDK) for more information.
Requirements
Requirement  Value 

Minimum supported client 
Windows Vista [desktop apps only] 
Minimum supported server 
Windows Server 2008 [desktop apps only] 
Header 

See also
Feedback
Submit and view feedback for