The NSA's Suite B standards also do not include it. Also SHA-224 is not generally used by protocols and applications. Regarding SHA-224 support, SHA-224 offers less security than SHA-256 but takes the same amount of resources. On Vista, default Provider for PROV_RSA_AES is "Microsoft Enhanced RSA and AES Cryptographic Provider", and on XP is "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)". For each Provider Type you will see the name of the default Provider for that type. For each Provider you will also see which dll implements (rsaenh.dll, etc.) it and its Provider Type (1, 24, etc.). If you open regedit.exe and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults, you will be able to see the available Providers in the system ("Microsoft Enhanced Cryptographic Provider v1.0", "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)", etc.) and the Provider Types ("Type 001" which is "RSA Full (Signature and Key Exchange)", "Type 024" which is "RSA Full and AES"). Note that technically speaking, Microsoft AES Cryptographic Provider is just Microsoft Enhanced Cryptographic Provider with support for AES encryption algorithms. "Microsoft Enhanced RSA and AES Cryptographic Provider" (or "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" as it's called on Windows XP SP3) is implemented in rsaenh.dll and is of type PROV_RSA_AES. Why? The issue is that those Algid's are only valid with providers of type PROV_RSA_AES, and these CSP are of type PROV_RSA_FULL. If you try to use CryptCreateHashwith any SHA-2 Algid ( CALG_SHA_256, CALG_SHA_384, CALG_SHA_512)and any of these CSP, you will still get a NTE_BAD_ALGID error on XP SP3.
Our "Microsoft Base/Strong/Enhanced Cryptographic Providers" are implemented on Rsaenh.dll. This has been added to the crypto module rsaenh.dll. Implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in X.509 certificate validation.
Same algorithms are supported on Vista, though.Ĭan we use SHA-2 algorithms in Windows XP at all?The answer is yes, but it will depend on the CSP (Cryptographic Service Provider) that we use to perform the cryptographic operations.Īccording to our documentation, Windows XP SP3 supports all SHA-2 algorithms except SHA-224: CryptCreateHash: NTE_BAD_ALGID or -2146893816 or 0x80090008 or "Invalid algorithm specified". If you try to use any SHA-2 algorithm ( SHA-256, SHA-384 and SHA-512) on Windows XP, you may getthe following error when using i.e.
0 kommentar(er)
