Cryptography Next Generation

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 7, Windows Storage Server 2008, Windows Storage Server 2008 R2, Windows Vista

Cryptography Next Generation (CNG) in the Windows Server® 2008 and Windows Server® 2008 R2 Enterprise operating system provides a flexible cryptographic development platform that allows IT pros to create, update, and use custom cryptography algorithms in cryptography-related applications such as Active Directory® Certificate Services (AD CS), Secure Sockets Layer (SSL), and Internet Protocol security (IPsec). CNG implements the United States government's Suite B cryptographic algorithms, which include algorithms for encryption, digital signatures, key exchange, and hashing.

What does CNG do?

CNG provides a set of APIs that are used to:

  • Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data.

  • Create, store, and retrieve cryptographic keys.

  • Install and use additional cryptographic providers.

CNG has the following capabilities:

  • CNG allows customers to use their own cryptographic algorithms or implementations of standard cryptographic algorithms. They can also add new algorithms.

  • CNG supports cryptography in kernel mode. The same API is used in both kernel mode and user mode to fully support cryptography features. Secure Sockets Layer/Transport Layer Security (SSL/TLS) and IPsec, in addition to startup processes that use CNG, operate in kernel mode.

  • The plan for CNG includes acquiring Federal Information Processing Standards (FIPS) 140-2 level 2 certification together with Common Criteria evaluations.

  • CNG complies with Common Criteria requirements by using and storing long-lived keys in a secure process.

  • CNG supports the current set of CryptoAPI 1.0 algorithms.

  • CNG provides support for elliptic curve cryptography (ECC) algorithms. A number of ECC algorithms are required by the United States government's Suite B effort.

  • Any computer with a Trusted Platform Module (TPM) will be able to provide key isolation and key storage in TPM.

Who will be interested in this feature?

CNG applies to public key infrastructure (PKI) deployments that require the use of Suite B algorithms and that do not need to integrate with certification authorities (CAs) that do not support Suite B algorithms, such as CAs installed on servers running the Windows Server® 2003 and Windows® 2000 Server operating systems.

Are there any special considerations?

To use the new cryptographic algorithms, both your CA and your applications should support ECC (or any other new algorithm you implement under CNG). Though the CA needs to issue and manage these new certificate types, applications must be able to handle certificate chain validation and use the keys generated with Suite B algorithms.

Suite B algorithms such as ECC are supported only on the Windows Vista® and Windows Server 2008 operating systems. This means it is not possible to use those certificates on earlier versions of Windows such as Windows Server 2003 or Windows XP. However, it is possible to use classic algorithms such as Rivest-Shamir-Adleman (RSA) even if the keys have been generated with a CNG key provider.

Clients running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 can use either CryptoAPI 1.0 or the new CNG API because both APIs can run side by side. However, applications such as SSL, IPsec, Secure/Multipurpose Internet Mail Extensions (S/MIME), and Kerberos must be updated in order to use Suite B algorithms.

How should I prepare for CNG?

Do not deploy certificates with Suite B algorithms before verifying these requirements:

  • Before issuing certificates that use algorithms such as ECC, verify that your CAs and operating systems support these algorithms.

  • Verify that your organization's PKI-enabled applications can use certificates that rely on CNG cryptographic providers.

  • If your organization uses certificates to support smart card logon, contact your smart card vendor to verify that their smart cards can handle CNG algorithms.

In Windows Vista and Windows Server 2008, the following certificate-enabled applications can handle certificates that use cryptographic algorithms that are registered in the CNG provider.

Application name Verify a certificate chain that contains certificates with algorithms that are registered in a CNG provider Use algorithms that are not supported by CryptoAPI

Encrypting File System (EFS)

Yes

Yes*

IPsec

Yes

Yes

Kerberos

No

No

S/MIME

Outlook 2003: no

Outlook 2007: yes

Outlook 2003: no

Outlook 2007: yes

Smart card logon

No

No

SSL

Yes

Yes

Wireless

Yes

Yes

Note

  • The Encrypting File System (EFS) supports the use of the Rivest-Shamir-Adleman (RSA) algorithm on version 2 certificate templates, which only use Cryptography API (CAPI). EFS only supports Elliptic Curve Diffie-Hellman (ECDH) on version 3 certificate templates, which only use Cryptography Next Generation (CNG). Version 3 templates are the default when Windows Server 2008 Enterprise certificate templates are used. If you plan to utilize EFS with RSA, be sure to select Windows Server 2003, Enterprise Edition, to get the version 2 template, and use a CAPI Cryptographic Service Provider (CSP).

How should I prepare to deploy this feature?

To use Suite B algorithms for cryptographic operations, you first need a Windows Server 2008-based CA to issue certificates that are Suite B-enabled.

If you do not have a PKI yet, you can set up a Windows Server 2008–based CA where the CA certificates and the end-entity certificates use Suite B algorithms. However, you still have to verify that all your applications are ready for Suite B algorithms and can support such certificates.

If you already have a PKI with CAs running Windows Server 2003 or where classic algorithms are being used to support existing applications, you can add a subordinate CA on a server running Windows Server 2008, but you must continue using classic algorithms.

To introduce Suite B algorithms into an existing environment where classic algorithms are used, consider adding a second PKI and perform a cross-certification between the two CA hierarchies.

Additional references