Cryptography Security

CryptoAPI uses credentials and other assets that unauthorized users can access. The following list summarizes the best practices for protecting these assets.

Best Practices

Specify the service provider by name

Microsoft® Windows® CE includes three cryptographic service providers; Microsoft RSA Base Provider, Microsoft Enhanced Cryptographic Provider, and Smart Card CSP. In Windows CE .NET 4.1 and later, the default provider is Microsoft Enhanced Cryptographic Provider. You can also add your own cryptographic service provider. Use the strongest service provider that is appropriate for your application. To ensure that it uses the correct provider, an application should always specify the service provider by name. If the name of the service provider is not specified, CryptoAPI uses a provider of the same type. This unspecified service provider may be a weaker provider than you need.

Call CryptGetKeyParam to get key length

You should verify the key length of the encryption algorithm before using the default service provider. This ensures that you are using the correct provider for your application. A user can delete or reset the default provider for the device by changing the registry or by callig CryptSetProviderEx. Avoid using CryptSetProviderEx, except as a part of the administrative setup of the device. CryptSetProviderEx affects the behavior of applications that rely on the default behavior of CryptoAPI.

Set device passwords

CryptoAPI stores private keys and applications store user credentials on each device. To prevent hackers from extracting the user credentials, you must implement a device locking capability that requires a password to access the device when it is powered on. Also, for optimum protection, you can use a smart card to store private keys and use the Smart Card CSP. For more information, see Smart Card CSP.

Do not create your own random number generator

Use CryptGenRandom to generate random data.

Protect application data

To protect sensitive information and to prevent data tampering, use CryptProtectData and CryptUnprotectData.

Clear data from temporary storage after use

Do not store a secret itself. For example, if an application needs to verify that a user knows a password, you can compare the hash of the secret entered by the user with the hash of the secret stored by the application. In this case, you do not need to store the secret, only the hash.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications, you will find a Security Note in the registry settings documentation.

For information about cryptography registry settings, see Cryptography Registry Settings.

See Also

Cryptography | Microsoft Cryptographic System | Using Basic Cryptography Services | About Cryptographic Service Provider | Protected Store | Certificates

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.