CRYPTO_SETTINGS structure (schannel.h)

Indicates disabled cryptographic settings.

Syntax

typedef struct _CRYPTO_SETTINGS {
  eTlsAlgorithmUsage eAlgorithmUsage;
  UNICODE_STRING     strCngAlgId;
  DWORD              cChainingModes;
  PUNICODE_STRING    rgstrChainingModes;
  DWORD              dwMinBitLength;
  DWORD              dwMaxBitLength;
} CRYPTO_SETTINGS, *PCRYPTO_SETTINGS;

Members

eAlgorithmUsage

The algorithm being used as specified in the eTlsAlgorithmUsage enumeration.

Value Algorithm
TlsParametersCngAlgUsageKeyExchange Key exchange algorithm.
(e.g. RSA, ECDHE, DHE)
TlsParametersCngAlgUsageSignature Signature algorithm.
(e.g. RSA, DSA, ECDSA)
TlsParametersCngAlgUsageCipher Encryption algorithm.
(e.g. AES, DES, RC4)
TlsParametersCngAlgUsageDigest Digest of cipher suite.
(e.g. SHA1, SHA256, SHA384)
TlsParametersCngAlgUsageCertSig Signature and/or hash used to sign certificate.
(e.g. RSA, DSA, ECDSA, SHA1, SHA256)

strCngAlgId

The CNG algorithm identifier.

Cryptographic settings are ignored if the specified algorithm is not used by a supported, enabled cipher suite or an available credential.

cChainingModes

The count of entries in the rgstrChainingModes array.

Set to 0 if strCngAlgId does not have a chaining mode (e.g. BCRYPT_SHA384_ALGORITHM). It is an error to specify more than SCH_CRED_MAX_SUPPORTED_CHAINING_MODES.

rgstrChainingModes

An array of CNG chaining mode identifiers.

Set to NULL if strCngAlgId does not have a chaining mode (e.g. BCRYPT_SHA384_ALGORITHM).

dwMinBitLength

Minimum bit length for the specified CNG algorithm.

If 0, schannel uses system defaults. Set to 0 if the CNG algorithm implies bit length (e.g. BCRYPT_ECDH_P521_ALGORITHM).

dwMaxBitLength

Maximum bit length for the specified CNG algorithm.

If 0, schannel uses system defaults. Set to 0 if the CNG algorithm implies bit length (e.g. BCRYPT_ECDH_P521_ALGORITHM).

Remarks

The following constant distinguishes between the different RSA padding modes and can be specified in the strCngAlgId field. Either of these modes can be provided instead of the CNG algorithm identifier.

#define SCHANNEL_RSA_PSS_PADDING_ALGORITHM L"SCH_RSA_PSS_PAD"
#define SCHANNEL_RSA_PKCS_PADDING_ALGORITHM L"SCH_RSA_PKCS_PAD"

Requirements

Requirement Value
Minimum supported client Windows 10 1809 [desktop apps only]
Minimum supported server Windows Server 1809 [desktop apps only]
Header schannel.h

See also

SCH_CREDENTIALS

TLS_PARAMETERS

eTlsAlgorithmUsage