Röviden:
Cryptography API: Next Generation (CNG) API is the long-term replacement for the CryptoAPI. CNG is designed to be extensible at many levels and cryptography agnostic in behavior.
CNG has the following features.
- CNG supports cryptography in kernel mode. The same API is used in both kernel and user mode in order to fully support the crypto cryptography features. Both SSL/TLS and IPSec operate in kernel mode in addition to boot processes that will be using CNG.
- Federal Information Processing Standards (FIPS) 140 Certification. CNG is aiming at getting FIPS 140-2 level 2 certification together with Common Criteria evaluation on selected platforms. Other platforms will have FIPS 140-2 level 1 certification. These will be the same implementation, just different certifications.
- CNG complies with Common Criteria requirements by storing and using long lived keys in a secure process in order to comply with Common Criteria requirements. Audit appropriate actions in the CNG layer.
- CNG provides support for the current set of algorithms in CryptoAPI 1.0. Every algorithm that is currently supported in CryptoAPI 1.0 will continue to be supported in CNG.
- CNG provides support for Elliptic Curve Cryptography (ECC) algorithms. A number of ECC algorithms are required by the United States government’s Suite B effort.
- Key Isolation & Storage: Any machine with a Trusted Platform Module (TPM) will seamlessly provide key isolation and key storage in TPM
Szóval kernel módú a játékos. Érdekes, ahogy egyre több dolgot lenyomnak kernel módba. Ez valahol érthető számomra, mióta az Inside Windowsban a GDI-vel kapcsolatban leírták miért léptek így, de azért egy kicsit mindig aggódok, amikor a TCB-t nyomják tele sok, pontenciálisan bugos cuccal. Lelkük rajta.
Could you hire me? Contact me if you like what I’ve done in this article and think I can create value for your company with my skills.