Re: AES 256-bit Certificate

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 03/23/05 

Date: Wed, 23 Mar 2005 16:48:54 +0800

However, in IIS, the max we can configured or force is 128bits, right ? 

-- 
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
""WenJun Zhang[msft]"" <v-wzhang@online.microsoft.com> wrote in message 
news:p7lWK$3LFHA.3476@TK2MSFTNGXA02.phx.gbl...
> Hi,
>
> As I known, Advanced Encryption Standard(AES) is an algorithms
> similiar to DES, but not a cryptographic service provider (CSP).
> Windows XP SP1 and Windows 2003 begins to use AES algorithm replaces
> DESX:
>
> "The Windows XP operating system supports the use of a stronger
> symmetric algorithm than the default DESX algorithm included with the
> Windows 2000 operating system. The default algorithm for Windows 2000
> and Windows XP is DESX. The default algorithm for Windows XP Service
> Pack 1 and Windows Server 2003 is Advanced Encryption Standard (AES)
> using a 256-bit key. For users requiring greater symmetric key
> strength with a FIPS 140-1 compliant algorithm, the 3DES algorithm
> can be enabled. "
>
> For SSL certificate key length, it's generally longer than 256 bits.
> If you use a Windows XP (SP1 or later)/2003 machine connect to a
> Windows 2003 CA to request a certificate (use the Advanced
> Certificate Request web form), you can select a CSP called "Microsoft
> Enhanced RSA and AES Cryptographic Provider", and you will see its
> min key size is 384.
>
> However if you use IIS web server certificate wizard to generate the
> request (CSR), there are only 2 CSPs can be selected by default:
> Microsoft RSA/Schannel Cryptographic Provider (the default option),
> Microsoft DSS and Diffie-Hellman/Schannel Cryptographic Provider .
>
> Hope this above can clarify some part of your question.
> Thanks.
>
> Best regards,
>
> WenJun Zhang
> Microsoft Online Partner Support
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>

Relevant Pages

  • RE: updates after format
    ... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ...
    (microsoft.public.windows.mediacenter)
  • Re: Windows Update repeats
    ... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ...
    (microsoft.public.windowsupdate)
  • Re: Assembly Language
    ... >> Randy Hyde ... > it is all a question of the right algorithm for the job, ... "response time" and "throughput" (I don't recall Randy ever referring ... an example, a batch file is "throughput" friendly, while a Windows GUI ...
    (alt.lang.asm)
  • RE: Schannel event 36870 - 0x6
    ... I searched all the Microsoft Websites and Internal resource. ... Some firewalls may reject network traffic that originates from Windows ... Do you have certificate problem when visiting secured websites such as ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: CAPICOM on Windows NT
    ... Microsoft Internet Explorer 5 or later is required ... Windows 2000/NT, Windows Me/98/95 ... | Subject: CAPICOM on Windows NT ... | 2000 Server machine as an internal Certificate Authority ...
    (microsoft.public.platformsdk.security)