Microsoft AES Cryptographic Provider
The Microsoft Enhanced RSA and AES Cryptographic Provider supports the same capabilities as the Microsoft Base Cryptographic Provider, called the Base Provider. The AES Provider supports stronger security through longer keys and additional algorithms. It can be used with all versions of CryptoAPI.
Windows XP: The Microsoft AES Cryptographic Provider was named Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype).
To maintain backward compatibility with earlier provider versions, the provider name, as defined in the Wincrypt.h header file, retains the version 1.0 designation even though newer versions of this provider have been shipped. To determine the version of the provider in use, call CryptGetProvParam with the dwParam parameter set to PP_VERSION. Version 2.0 is in use if 0x0200 is returned.
| Value | |
|---|---|
| Provider type | PROV_RSA_AES |
| Provider name | MS_ENH_RSA_AES_PROV |
The following table highlights differences between the Base Provider, Strong Provider, and AES Provider. The key lengths shown are the default key lengths.
| Algorithm | Base Provider key length | Strong Provider key length | AES Provider key length |
|---|---|---|---|
| RSA public key signature algorithm | 512 bits | 1,024 bits | 1,024 bits |
| RSA public key exchange algorithm | 512 bits | 1,024 bits | 1,024 bits |
| RC2 block encryption algorithm | 40 bits | 128 bits | 128 bits Salt length can be set. |
| RC4 stream encryption algorithm | 40 bits | 128 bits | 128 bits Salt length can be set. |
| DES | 56 bits | 56 bits | 56 bits |
| Triple DES (2 key) | Not supported | 112 bits | 112 bits |
| Triple DES (3 key) | Not supported | 168 bits | 168 bits |
For a complete list of supported algorithms, see AES Provider Algorithms.
The Strong Provider, Enhanced Provider, and AES Provider are backward-compatible with the Base Provider except that the providers can generate only RC2 or RC4 keys of default key length. The default length for the Base Provider is 40 bits. The default length for the AES Provider is 128 bits. Thus the AES Provider cannot create keys with Base Provider-compatible key lengths. However, the AES Provider can import RC2 and RC4 keys of up to 128 bits. Therefore, the AES Provider can import and use 40-bit keys generated by using the Base Provider.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for