Re: CSP with foreign algorithm

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 04/13/04

• Next message: samgong: "Re: How can I display a certificate using CAPI in WIN98/WIN2000 Pro?"
• Previous message: Sahil: "WINLOGON issue with Server 2000"
• In reply to: Serguei Panassenko: "CSP with foreign algorithm"
• Next in thread: Alexey S. Poluntchenko: "Re: CSP with foreign algorithm"
• Reply: Alexey S. Poluntchenko: "Re: CSP with foreign algorithm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 13 Apr 2004 05:21:40 -0700

Unfortunately, the Microsoft CA, like most applications based on CryptoAPI,
is only able to use algorithms known to the operating system and defined in
Wincrypt.h. In addition, I don't believe that the GOST algorithm is
referenced in any IETF standards as an acceptable algorithm for X.509
certificates. The GOST algorithms may not be used with a Microsoft CA
currently. The local representatives of the Microsoft subsidiary should be
able to help you put you in contact with the right development team for
consideration of the GOST algorithm being supported in the next platform.

Regards,

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Serguei Panassenko" <develop@ancud.ru> wrote in message
news:ey5fz8SIEHA.2744@TK2MSFTNGP10.phx.gbl...
> Dear sirs!
>
>     Let me ask you some questions about Microsoft Cryptographic Service
> Provider.
>     Our company - ANCUD Ltd. (Moscow, Russia) - is a developer of
> information security hardware and software products since 1991. We are
> licensed by FSB and other Russian special services to perform
> development, sale and support cryptographic products to protect
> confidential information and State secrets. Our products are based on
> the GOST 128147-89 encryption standard.
>     Now we are finishing the CSP development in accordance to the CSP
> specification of Microsoft Corp and we faced with the following
> questions:
>     1. To install the CSP to Windows 2000/2003 we are required to get
> ALG_IDs for the following algorithms (which are the national
> cryptographic standards): GOST 28147-89 (encryption), GOST R 34.10-94
> (digital signature), GOST R 34.10-2001 (digital signature), GOST R
> 34.11-94 (hash).
>     2. The Cryptographic Provider Types list contains no type with the
> following algorithms:
>     Purpose                   Supported algorithms
>     Key Exchange        Diffie-Hellman
>     Digital Signature     GOST R 34.10-94, GOST R 34.10-2001
>     Encryption              GOST 28147-89
>     Hashing                   GOST R 34.11-94
>     If we intend to integrate the CSP with the standard Windows services
> (e.g. Certification Authority), we need the specified type to be
> registered.
>
>     After reading MSDN:
>  "Extensions to CryptoAPI must be made in a responsible manner. Before
> defining new parameters and algorithm types, a CSP developer should
> consult Microsoft Corporation, so that:
>  a.. Common CryptoAPI extensions can be identified and placed into the
> standard Wincrypt.h file.
>  b.. Namespace collisions can be avoided.
>  c.. It can be determined if the extension is required, or whether a
> particular operation can be achieved with the current API.
>  Note  For a CSP to be compatible with applications developed for the
> Microsoft Base Cryptographic Provider, it must support all of the
> preceding items as described in Base Cryptography Functions and in
> Cryptography Service Provider Functions."
>     - we wrote some letters to Microsoft Russia, but your representative
> office in Moscow is unable to advise us how to solve the problems.
>
>     Sincerely yours,
>     Dr. Serguei Panassenko, Software dept. head, ANCUD Ltd.
>
>

---

• Next message: samgong: "Re: How can I display a certificate using CAPI in WIN98/WIN2000 Pro?"
• Previous message: Sahil: "WINLOGON issue with Server 2000"
• In reply to: Serguei Panassenko: "CSP with foreign algorithm"
• Next in thread: Alexey S. Poluntchenko: "Re: CSP with foreign algorithm"
• Reply: Alexey S. Poluntchenko: "Re: CSP with foreign algorithm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Certificate Authority queries ... As you said CSP is an interface between applications and cryptography ... algorithms implemented in the software or the hardware. ... > CA is an application that utilises CryptoAPI. ... (microsoft.public.win2000.security) CSP with foreign algorithm ... the GOST 128147-89 encryption standard. ... Now we are finishing the CSP development in accordance to the CSP ... specification of Microsoft Corp and we faced with the following ... "Extensions to CryptoAPI must be made in a responsible manner. ... (microsoft.public.platformsdk.security) Re: [OT] Firefox 3.0 ... Again, FWIW, signcode uses MD5 or SHA1, both of which are public ... algorithms, I have no idea what Wise Install uses (or indeed, what ... Freely available versions of what MS calls the CryptoAPI are in easy to ... things like infinite precision maths and crypto algorithms. ... (uk.rec.motorcycles) Re: How good an encryption algorithm is this? ... They've designed plenty of crypto algorithms ... But surely there are enough CryptoAPI examples to help you out, ... Using "I think I'll design my own crypto algorithm" is a bad starting ... > those higher up crackers are probably more into breaking standard algorithms ... (microsoft.public.dotnet.languages.csharp) Re: How good an encryption algorithm is this? ... They've designed plenty of crypto algorithms ... But surely there are enough CryptoAPI examples to help you out, ... Using "I think I'll design my own crypto algorithm" is a bad starting ... > those higher up crackers are probably more into breaking standard algorithms ... (microsoft.public.vc.language)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)