CNG Named Elliptic Curves

Beginning in Windows 10, CNG provides support for the following named elliptic curves (ANSI X9.62, X9.63, FIPS 186-2).

**BCRYPT\_ECC\_CURVE\_25519**
Requirement Value
Name curve25519
Standard Curve 25519
Key size (bits) 255
TLS capable
Object identifier None
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP160R1**
Requirement Value
Name brainpoolP160r1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 160
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.1
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP160T1**
Requirement Value
Name brainpoolP160t1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 160
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.2
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP192R1**
Requirement Value
Name brainpoolP192r1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 192
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.3
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP192T1**
Requirement Value
Name brainpoolP192t1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 192
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.4
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP224R1**
Requirement Value
Name brainpoolP224r1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 224
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.5
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP224T1**
Requirement Value
Name brainpoolP224t1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 224
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.6
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP256R1**
Requirement Value
Name brainpoolP256r1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 256
TLS capable Yes
Object identifier 1.3.36.3.3.2.8.1.1.7
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP256T1**
Requirement Value
Name brainpoolP256t1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 256
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.8
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP320R1**
Requirement Value
Name brainpoolP320r1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 320
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.9
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP32 0T1**
Requirement Value
Name brainpoolP320t1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 320
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.10
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP384R1**
Requirement Value
Name brainpoolP384r1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 384
TLS capable Yes
Object identifier 1.3.36.3.3.2.8.1.1.11
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP384T1**
Requirement Value
Name brainpoolP384t1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 384
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.12
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP512R1**
Requirement Value
Name brainpoolP512r1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 512
TLS capable Yes
Object identifier 1.3.36.3.3.2.8.1.1.13
**BCRYPT\_ECC\_CURVE\_BRAINPOOLP512T1**
Requirement Value
Name brainpoolP512t1
Standard ECC Brainpool Standard Curves and Curve Generation
Key size (bits) 512
TLS capable No
Object identifier 1.3.36.3.3.2.8.1.1.14
**BCRYPT\_ECC\_CURVE\_EC192WAPI**
Requirement Value
Name ec192wapi
Standard Chinese National Standard for Wireless LANs (GB 15629.11-2003)
Key size (bits) 192
TLS capable No
Object identifier 1.2.156.11235.1.1.2.1
**BCRYPT\_ECC\_CURVE\_NISTP192**
Requirement Value
Name nistP192
Standard Recommended Elliptic Curves for Federal Government Use
Key size (bits) 192
TLS capable Yes
Object identifier 1.2.840.10045.3.1.1
**BCRYPT\_ECC\_CURVE\_NISTP224**
Requirement Value
Name nistP224
Standard Recommended Elliptic Curves for Federal Government Use
Key size (bits) 224
TLS capable Yes
Object identifier 1.3.132.0.33
**BCRYPT\_ECC\_CURVE\_NISTP256**
Requirement Value
Name nistP256
Standard Recommended Elliptic Curves for Federal Government Use
Key size (bits) 256
TLS capable Yes
Object identifier 1.2.840.10045.3.1.7
**BCRYPT\_ECC\_CURVE\_NISTP384**
Requirement Value
Name nistP384
Standard Recommended Elliptic Curves for Federal Government Use
Key size (bits) 384
TLS capable Yes
Object identifier 1.3.132.0.34
**BCRYPT\_ECC\_CURVE\_NISTP521**
Requirement Value
Name nistP521
Standard Recommended Elliptic Curves for Federal Government Use
Key size (bits) 521
TLS capable Yes
Object identifier 1.3.132.0.35
**BCRYPT\_ECC\_CURVE\_NUMSP256T1**
Requirement Value
Name numsP256t1
Standard Specification of Curve Selection and Supported Curve Parameters in MSR ECCLib
Key size (bits) 256
TLS capable No
Object identifier None
**BCRYPT\_ECC\_CURVE\_NUMSP384T1**
Requirement Value
Name numsP384t1
Standard Specification of Curve Selection and Supported Curve Parameters in MSR ECCLib
Key size (bits) 384
TLS capable No
Object identifier None
**BCRYPT\_ECC\_CURVE\_NUMSP512T1**
Requirement Value
Name numsP512t1
Standard Specification of Curve Selection and Supported Curve Parameters in MSR ECCLib
Key size (bits) 512
TLS capable No
Object identifier None
**BCRYPT\_ECC\_CURVE\_SECP160K1**
Requirement Value
Name secP160k1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 160
TLS capable Yes
Object identifier 1.3.132.0.9
**BCRYPT\_ECC\_CURVE\_SECP160R1**
Requirement Value
Name secP160r1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 160
TLS capable Yes
Object identifier 1.3.132.0.8
**BCRYPT\_ECC\_CURVE\_SECP160R1**
Requirement Value
Name secP160r2
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 160
TLS capable Yes
Object identifier 1.3.132.0.30
**BCRYPT\_ECC\_CURVE\_SECP192K1**
Requirement Value
Name secP192k1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 192
TLS capable Yes
Object identifier 1.3.132.0.31
**BCRYPT\_ECC\_CURVE\_SECP192R1**
Requirement Value
Name secP192r1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 192
TLS capable Yes
Object identifier 1.2.840.10045.3.1.1
**BCRYPT\_ECC\_CURVE\_SECP224K1**
Requirement Value
Name secP224k1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 224
TLS capable Yes
Object identifier 1.3.132.0.32
**BCRYPT\_ECC\_CURVE\_SECP224R1**
Requirement Value
Name secP224r1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 224
TLS capable Yes
Object identifier 1.3.132.0.33
**BCRYPT\_ECC\_CURVE\_SECP256K1**
Requirement Value
Name secP256k1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 256
TLS capable Yes
Object identifier 1.3.132.0.10
**BCRYPT\_ECC\_CURVE\_SECP256R1**
Requirement Value
Name secP256r1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 256
TLS capable Yes
Object identifier 1.2.840.10045.3.1.7
**BCRYPT\_ECC\_CURVE\_SECP384R1**
Requirement Value
Name secP384r1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 384
TLS capable Yes
Object identifier 1.3.132.0.34
**BCRYPT\_ECC\_CURVE\_SECP521R1**
Requirement Value
Name secP521r1
Standard Recommended Elliptic Curve Domain Parameters
Key size (bits) 521
TLS capable Yes
Object identifier 1.3.132.0.35
**BCRYPT\_ECC\_CURVE\_WTLS12**
Requirement Value
Name wtls12
Standard WTLS
Key size (bits) 224
TLS capable No
Object identifier 1.3.132.0.33
**BCRYPT\_ECC\_CURVE\_WTLS7**
Requirement Value
Name wtls7
Standard WTLS
Key size (bits) 160
TLS capable No
Object identifier 1.3.132.0.30
**BCRYPT\_ECC\_CURVE\_WTLS9**
Requirement Value
Name wtls9
Standard WTLS
Key size (bits) 160
TLS capable No
Object identifier 2.23.43.1.4.9
**BCRYPT\_ECC\_CURVE\_X962P192V1**
Requirement Value
Name x962P192v1
Standard ANSI X9.62
Key size (bits) 192
TLS capable No
Object identifier 1.2.840.10045.3.1.1
**BCRYPT\_ECC\_CURVE\_X962P192V2**
Requirement Value
Name x962P192v2
Standard ANSI X9.62
Key size (bits) 192
TLS capable No
Object identifier 1.2.840.10045.3.1.2
**BCRYPT\_ECC\_CURVE\_X962P192V3**
Requirement Value
Name x962P192v3
Standard ANSI X9.62
Key size (bits) 192
TLS capable No
Object identifier 1.2.840.10045.3.1.3
**BCRYPT\_ECC\_CURVE\_X962P239V1**
Requirement Value
Name x962P239v1
Standard ANSI X9.62
Key size (bits) 239
TLS capable No
Object identifier 1.2.840.10045.3.1.4
**BCRYPT\_ECC\_CURVE\_X962P239V2**
Requirement Value
Name x962P239v2
Standard ANSI X9.62
Key size (bits) 239
TLS capable No
Object identifier 1.2.840.10045.3.1.5
**BCRYPT\_ECC\_CURVE\_X962P239V3**
Requirement Value
Name x962P239v3
Standard ANSI X9.62
Key size (bits) 239
TLS capable No
Object identifier 1.2.840.10045.3.1.6
**BCRYPT\_ECC\_CURVE\_X962P256V1**
Requirement Value
Name x962P256v1
Standard ANSI X9.62
Key size (bits) 256
TLS capable No
Object identifier 1.2.840.10045.3.1.7

Remarks

To use a named curve, call BCryptOpenAlgorithmProvider using either the BCRYPT_ECDSA_ALGORITHM or the BCRYPT_ECDH_ALGORITHM as the algorithm ID. Then, call BCryptSetProperty and set the BCRYPT_ECC_CURVE_NAME property to one of the above curves or any named curves registered on the computer as shown by the certutil -displayEccCurve command.

Requirements

Requirement Value
Minimum supported client Windows 10 [desktop apps only]
Minimum supported server Windows Server 2016 [desktop apps only]
Header Bcrypt.h

See also

BCryptOpenAlgorithmProvider

NCryptCreatePersistedKey