CNG Named Elliptic Curves
Beginning in Windows 10, CNG provides support for the following named elliptic curves (ANSI X9.62, X9.63, FIPS 186-2).
- **BCRYPT\_ECC\_CURVE\_25519**
-
-
Requirement Value Name curve25519 Standard Curve 25519 Key size (bits) 255 TLS capable Object identifier None
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP160R1**
-
-
Requirement Value Name brainpoolP160r1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 160 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.1
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP160T1**
-
-
Requirement Value Name brainpoolP160t1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 160 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.2
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP192R1**
-
-
Requirement Value Name brainpoolP192r1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 192 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.3
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP192T1**
-
-
Requirement Value Name brainpoolP192t1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 192 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.4
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP224R1**
-
-
Requirement Value Name brainpoolP224r1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 224 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.5
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP224T1**
-
-
Requirement Value Name brainpoolP224t1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 224 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.6
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP256R1**
-
-
Requirement Value Name brainpoolP256r1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 256 TLS capable Yes Object identifier 1.3.36.3.3.2.8.1.1.7
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP256T1**
-
-
Requirement Value Name brainpoolP256t1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 256 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.8
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP320R1**
-
-
Requirement Value Name brainpoolP320r1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 320 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.9
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP32 0T1**
-
-
Requirement Value Name brainpoolP320t1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 320 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.10
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP384R1**
-
-
Requirement Value Name brainpoolP384r1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 384 TLS capable Yes Object identifier 1.3.36.3.3.2.8.1.1.11
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP384T1**
-
-
Requirement Value Name brainpoolP384t1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 384 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.12
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP512R1**
-
-
Requirement Value Name brainpoolP512r1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 512 TLS capable Yes Object identifier 1.3.36.3.3.2.8.1.1.13
-
- **BCRYPT\_ECC\_CURVE\_BRAINPOOLP512T1**
-
-
Requirement Value Name brainpoolP512t1 Standard ECC Brainpool Standard Curves and Curve Generation Key size (bits) 512 TLS capable No Object identifier 1.3.36.3.3.2.8.1.1.14
-
- **BCRYPT\_ECC\_CURVE\_EC192WAPI**
-
-
Requirement Value Name ec192wapi Standard Chinese National Standard for Wireless LANs (GB 15629.11-2003) Key size (bits) 192 TLS capable No Object identifier 1.2.156.11235.1.1.2.1
-
- **BCRYPT\_ECC\_CURVE\_NISTP192**
-
-
Requirement Value Name nistP192 Standard Recommended Elliptic Curves for Federal Government Use Key size (bits) 192 TLS capable Yes Object identifier 1.2.840.10045.3.1.1
-
- **BCRYPT\_ECC\_CURVE\_NISTP224**
-
-
Requirement Value Name nistP224 Standard Recommended Elliptic Curves for Federal Government Use Key size (bits) 224 TLS capable Yes Object identifier 1.3.132.0.33
-
- **BCRYPT\_ECC\_CURVE\_NISTP256**
-
-
Requirement Value Name nistP256 Standard Recommended Elliptic Curves for Federal Government Use Key size (bits) 256 TLS capable Yes Object identifier 1.2.840.10045.3.1.7
-
- **BCRYPT\_ECC\_CURVE\_NISTP384**
-
-
Requirement Value Name nistP384 Standard Recommended Elliptic Curves for Federal Government Use Key size (bits) 384 TLS capable Yes Object identifier 1.3.132.0.34
-
- **BCRYPT\_ECC\_CURVE\_NISTP521**
-
-
Requirement Value Name nistP521 Standard Recommended Elliptic Curves for Federal Government Use Key size (bits) 521 TLS capable Yes Object identifier 1.3.132.0.35
-
- **BCRYPT\_ECC\_CURVE\_NUMSP256T1**
-
-
Requirement Value Name numsP256t1 Standard Specification of Curve Selection and Supported Curve Parameters in MSR ECCLib Key size (bits) 256 TLS capable No Object identifier None
-
- **BCRYPT\_ECC\_CURVE\_NUMSP384T1**
-
-
Requirement Value Name numsP384t1 Standard Specification of Curve Selection and Supported Curve Parameters in MSR ECCLib Key size (bits) 384 TLS capable No Object identifier None
-
- **BCRYPT\_ECC\_CURVE\_NUMSP512T1**
-
-
Requirement Value Name numsP512t1 Standard Specification of Curve Selection and Supported Curve Parameters in MSR ECCLib Key size (bits) 512 TLS capable No Object identifier None
-
- **BCRYPT\_ECC\_CURVE\_SECP160K1**
-
-
Requirement Value Name secP160k1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 160 TLS capable Yes Object identifier 1.3.132.0.9
-
- **BCRYPT\_ECC\_CURVE\_SECP160R1**
-
-
Requirement Value Name secP160r1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 160 TLS capable Yes Object identifier 1.3.132.0.8
-
- **BCRYPT\_ECC\_CURVE\_SECP160R1**
-
-
Requirement Value Name secP160r2 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 160 TLS capable Yes Object identifier 1.3.132.0.30
-
- **BCRYPT\_ECC\_CURVE\_SECP192K1**
-
-
Requirement Value Name secP192k1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 192 TLS capable Yes Object identifier 1.3.132.0.31
-
- **BCRYPT\_ECC\_CURVE\_SECP192R1**
-
-
Requirement Value Name secP192r1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 192 TLS capable Yes Object identifier 1.2.840.10045.3.1.1
-
- **BCRYPT\_ECC\_CURVE\_SECP224K1**
-
-
Requirement Value Name secP224k1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 224 TLS capable Yes Object identifier 1.3.132.0.32
-
- **BCRYPT\_ECC\_CURVE\_SECP224R1**
-
-
Requirement Value Name secP224r1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 224 TLS capable Yes Object identifier 1.3.132.0.33
-
- **BCRYPT\_ECC\_CURVE\_SECP256K1**
-
-
Requirement Value Name secP256k1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 256 TLS capable Yes Object identifier 1.3.132.0.10
-
- **BCRYPT\_ECC\_CURVE\_SECP256R1**
-
-
Requirement Value Name secP256r1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 256 TLS capable Yes Object identifier 1.2.840.10045.3.1.7
-
- **BCRYPT\_ECC\_CURVE\_SECP384R1**
-
-
Requirement Value Name secP384r1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 384 TLS capable Yes Object identifier 1.3.132.0.34
-
- **BCRYPT\_ECC\_CURVE\_SECP521R1**
-
-
Requirement Value Name secP521r1 Standard Recommended Elliptic Curve Domain Parameters Key size (bits) 521 TLS capable Yes Object identifier 1.3.132.0.35
-
- **BCRYPT\_ECC\_CURVE\_WTLS12**
-
-
Requirement Value Name wtls12 Standard WTLS Key size (bits) 224 TLS capable No Object identifier 1.3.132.0.33
-
- **BCRYPT\_ECC\_CURVE\_WTLS7**
-
-
Requirement Value Name wtls7 Standard WTLS Key size (bits) 160 TLS capable No Object identifier 1.3.132.0.30
-
- **BCRYPT\_ECC\_CURVE\_WTLS9**
-
-
Requirement Value Name wtls9 Standard WTLS Key size (bits) 160 TLS capable No Object identifier 2.23.43.1.4.9
-
- **BCRYPT\_ECC\_CURVE\_X962P192V1**
-
-
Requirement Value Name x962P192v1 Standard ANSI X9.62 Key size (bits) 192 TLS capable No Object identifier 1.2.840.10045.3.1.1
-
- **BCRYPT\_ECC\_CURVE\_X962P192V2**
-
-
Requirement Value Name x962P192v2 Standard ANSI X9.62 Key size (bits) 192 TLS capable No Object identifier 1.2.840.10045.3.1.2
-
- **BCRYPT\_ECC\_CURVE\_X962P192V3**
-
-
Requirement Value Name x962P192v3 Standard ANSI X9.62 Key size (bits) 192 TLS capable No Object identifier 1.2.840.10045.3.1.3
-
- **BCRYPT\_ECC\_CURVE\_X962P239V1**
-
-
Requirement Value Name x962P239v1 Standard ANSI X9.62 Key size (bits) 239 TLS capable No Object identifier 1.2.840.10045.3.1.4
-
- **BCRYPT\_ECC\_CURVE\_X962P239V2**
-
-
Requirement Value Name x962P239v2 Standard ANSI X9.62 Key size (bits) 239 TLS capable No Object identifier 1.2.840.10045.3.1.5
-
- **BCRYPT\_ECC\_CURVE\_X962P239V3**
-
-
Requirement Value Name x962P239v3 Standard ANSI X9.62 Key size (bits) 239 TLS capable No Object identifier 1.2.840.10045.3.1.6
-
- **BCRYPT\_ECC\_CURVE\_X962P256V1**
-
-
Requirement Value Name x962P256v1 Standard ANSI X9.62 Key size (bits) 256 TLS capable No Object identifier 1.2.840.10045.3.1.7
-
Remarks
To use a named curve, call BCryptOpenAlgorithmProvider using either the BCRYPT_ECDSA_ALGORITHM or the BCRYPT_ECDH_ALGORITHM as the algorithm ID. Then, call BCryptSetProperty and set the BCRYPT_ECC_CURVE_NAME property to one of the above curves or any named curves registered on the computer as shown by the certutil -displayEccCurve command.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 10 [desktop apps only] |
| Minimum supported server | Windows Server 2016 [desktop apps only] |
| Header | Bcrypt.h |