Introducing Compliance to Suite B Cryptography

Applies To: Windows 7, Windows Server 2008 R2

This product evaluation topic for the IT professional describes changes to security technologies as a result of Suite B cryptographic compliance in Windows 7 and Windows Server 2008 R2.

Suite B cryptography support for security technologies in Windows

Suite B is a group of cryptographic algorithms that is approved by the United States National Security Agency (NSA). Whereas Suite A is intended for highly sensitive communication and critical authentication systems, Suite B is a publicly available set of algorithms that establish a cryptographic standard for software encryption. Suite B's components are:

• Advanced Encryption Standard (AES-128 and AES-256)

• Elliptic Curve Digital Signature Algorithm (ECDSA)

• Elliptic Curve Diffie-Hellman (ECDH)

• Secure Hash Algorithm (SHA-256 and SHA-384)

Support for Suite B cryptographic algorithms was added in Windows Vista Service Pack 1 (SP1) and in Windows Server 2008 with the introduction of Cryptography Next Generation (CNG). For Windows 7 and Windows Server 2008 R2, several security technologies use Suite B algorithms, including:

• Transport Security Layer (TLS) authentication protocol (implemented in the Schannel authentication package)

  For more information about what's new in TLS, see Introducing TLS v1.2.

• Encrypting File System (EFS)

For additional resources about Suite B and CNG, see:

• Cryptography Next Generation

• CNG Features

• Description of the support for Suite B cryptographic algorithms that was added in Windows Vista Service Pack 1 and in Windows Server 2008

• Fact Sheet NSA Suite B Cryptography