Re: 3DES with PROV_RSA_FULL ???

From: Eric (eric.h@netcourrier.com)
Date: 08/12/02


From: "Eric" <eric.h@netcourrier.com>
Date: Mon, 12 Aug 2002 17:19:23 +0200


Hi Mark,

I am sorry to read like a lawyer and I don't pretend anything, I am new in
using CryptoAPI and as for anything new I just refer to the
documentation.....
I don't have any background information about laws restriction in 99'. This
is why I was surprised I could use 3DES with PROV_RSA_FULL
This is also the reason I post on this group, I am not stuck with the docs
and I like to have experience from other people...
You know, this CAPI doc is very hard for newbies because it has a lot of out
of date information.... Hopefully we have this newsgroup :-)
Thanks again for your help.
Regards.
Eric

"Mark_Pryor" <mpryorVB@netsprintmail.com> wrote in message
news:#4Dl48gQCHA.3772@tkmsftngp08...
> Hi,
> Eric <eric.h@netcourrier.com> wrote in message
> news:#zvHfycQCHA.2676@tkmsftngp10...
> > Thanks for you answers Mark and you,
> >
> > I am not talking about the Provider which does support 3DES as written
in
> > the API doc.
> > As i understand, each provider must be used with a provider type. This
> > provider type supports a set of algorithms within the overall set of
> > algorithms supported by the Provider.
> > That means "Enhanced Provider" can support some algorithms which are not
> > part of some provider types.
> > In the API doc it is written that "Enhanced Prov" support 3DES but the
> > PROV_RSA_FULL type does not include this algorithm...So i would need to
use
> > another provider type (that includes 3DES) along the "Enhanced provider"
in
> > order to use 3DES.
> >
> > I don't know if I am right and I would appreciate if someone could
clarify
> > it...
>
> Yes you are right. The PROV_RSA_FULL is documented to only
> allow the RC2, RC4 algorithms.
>
> Why do you read the SDK Docs like a lawyer? Let the API speak for itself,
> especially when it has methods like
> CryptGetProvParam / dwParam=PP_ENUMALGS
>
> that expose the allowed algorithms. The latest release of WinXP allows
> AES. Are you going to pretend that it shouldn't work cause those
> ancient Docs don't mention it?
>
> Most of the pages in the Crypto Docs were written in the early
> days of IE5 (Nov 1999), when the laws restricting export of strong
> cryptography were still on the books. They only mention a minimal
> set of algos included with the Base provider.
>
> regards,
> Mark Pryor
>
>
>