Soci (Soczó Zsolt) szakmai blogja

2006.11.12.

Új Crypto API a Vistában; Cryptography API: Next Generation, CNG

Filed under: Szakmai élet,Vista — Soczó Zsolt @ 00:09

MSDN Docs.

Röviden:

Cryptography API: Next Generation (CNG) API is the long-term replacement for the CryptoAPI. CNG is designed to be extensible at many levels and cryptography agnostic in behavior.

CNG has the following features.

  • CNG supports cryptography in kernel mode. The same API is used in both kernel and user mode in order to fully support the crypto cryptography features. Both SSL/TLS and IPSec operate in kernel mode in addition to boot processes that will be using CNG.
  • Federal Information Processing Standards (FIPS) 140 Certification. CNG is aiming at getting FIPS 140-2 level 2 certification together with Common Criteria evaluation on selected platforms. Other platforms will have FIPS 140-2 level 1 certification. These will be the same implementation, just different certifications.
  • CNG complies with Common Criteria requirements by storing and using long lived keys in a secure process in order to comply with Common Criteria requirements. Audit appropriate actions in the CNG layer.
  • CNG provides support for the current set of algorithms in CryptoAPI 1.0. Every algorithm that is currently supported in CryptoAPI 1.0 will continue to be supported in CNG.
  • CNG provides support for Elliptic Curve Cryptography (ECC) algorithms. A number of ECC algorithms are required by the United States government’s Suite B effort.
  • Key Isolation & Storage: Any machine with a Trusted Platform Module (TPM) will seamlessly provide key isolation and key storage in TPM

Szóval kernel módú a játékos. Érdekes, ahogy egyre több dolgot lenyomnak kernel módba. Ez valahol érthető számomra, mióta az Inside Windowsban a GDI-vel kapcsolatban leírták miért léptek így, de azért egy kicsit mindig aggódok, amikor a TCB-t nyomják tele sok, pontenciálisan bugos cuccal. Lelkük rajta.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress