Cryptographic Service Provider


Cryptographic Service Provider

In Microsoft Windows, a Cryptographic Service Provider (CSP) is a software library that implements the Microsoft CryptoAPI (CAPI). CSPs implement encoding and decoding functions, which computer application programs may use, for example, to implement strong user authentication or for secure email.

CSPs are independent modules that can be used by different applications. A user program calls CryptoAPI functions and these are redirected to CSPs functions. Since CSPs are responsible for implementing cryptographic algorithms and standards, applications do not need to be concerned about security details. Furthermore, one application can define which CSP it is going to use on its calls to CryptoAPI. In fact, all cryptographic stuff is implemented in CSPs. CryptoAPI only works as a bridge between the application and the CSP.

CSPs are implemented basically as a special type of DLL with special restrictions on loading and use. Every CSP must be digitally signed by Microsoft and the signature is verified when Windows loads the CSP. In addition, after being loaded, Windows periodically re-scans the CSP to detect tampering, either by malicious software such as computer viruses or by the user him/herself trying to circumvent restrictions (for example on cryptographic key length) that might be built into the CSP's code.

To obtain a signature, non-Microsoft CSP developers must supply paperwork to Microsoft promising to obey various legal restrictions and giving valid contact information. As of circa 2000, Microsoft did not charge any fees to supply these signatures. For development and testing purposes, a CSP developer can configure Windows to recognize the developer's own signatures instead of Microsoft's, but this is a somewhat complex and obscure operation unsuitable for nontechnical end users.

The CAPI/CSP architecture had its origins in the era of restrictive US government controls on the export of cryptography. Microsoft's default or "base" CSP then included with Windows was limited to 512-bit RSA public-key cryptography and 40-bit symmetric cryptography, the maximum key lengths permitted in exportable mass market software at the time. CSPs implementing stronger cryptography were available only to U.S. residents, unless the CSPs themselves had received U.S. government export approval. The system of requiring CSPs to be signed only on presentation of completed paperwork was intended to prevent the easy spread of unauthorized CSPs implemented by anonymous or foreign developers. As such, it was presented as a concession made by Microsoft to the government, in order to get export approval for the CAPI itself.

After the Bernstein v. United States court decision establishing computer source code as protected free speech and the transfer of cryptographic regulatory authority from the U.S. State Department to the more pro-export Commerce Department, the restrictions on key lengths were dropped, and the CSPs shipped with Windows now include full-strength cryptography. The main use of third-party CSPs is to interface with external cryptography hardware such as hardware security modules (HSM) or smart cards.

Smart Card CSP

These cryptographic functions can be realised by a smart card, thus the Smart Card CSP is the Microsoft way of a PKCS#11. Microsoft Windows is identifying the correct Smart Card CSP, which have to be used, analysing the answer to reset (ATR) of the smart card, which is registered in the Windows Registry. Installing a new CSP, all ATRs of the supported smart cards are enlisted in the registry.

See also

External links


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Cryptographic Service Provider — (CSP) sind Komponenten (Software /Programmibliotheken) der Windows Betriebssysteme von Microsoft. Jeder CSP implementiert Funktionen der Microsoft Cryptographic API (MS CryptoAPI). Diese API bietet Programmen kryptografische Funktionen zum… …   Deutsch Wikipedia

  • Cryptographic Service Provider — (ou « CSP ») est une bibliothèque logicielle de fonctions fournie par Microsoft ou un éditeur tiers. Tout programme en C (ou C++) peut utiliser les fonctions cryptographiques fournies le CSP par l intermédiaire de l interface de… …   Wikipédia en Français

  • Crypto Service Provider — Der Cryptographic Service Provider (CSP) stellt kryptografische Funktionen im Rahmen von Microsofts Cryptographic Application Programming Interface (CAPI) zur Verfügung, mit denen sich E Mails ver und entschlüsseln lassen. CSP s werden als eine… …   Deutsch Wikipedia

  • Cryptographic API — The Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, or simply CAPI) is an application programming interface included with Microsoft Windows operating systems that provides services… …   Wikipedia

  • Cryptographic Application Programming Interface — La Cryptographic Application Programming Interface de Microsoft (aussi connue sous le nom de CryptoAPI, MS CAPI ou simplement CAPI) est une interface de programmation pour les langages C et C++ présente dans le système d exploitation Microsoft… …   Wikipédia en Français

  • Novell Cloud Security Service — Developer(s) Novell Initial release early 2010 Type Web application Website Novell …   Wikipedia

  • Security Support Provider Interface — SSPI is an API used by Microsoft Windows systems to perform a variety of security related operations such as authentication.SSPI functions as a common interface to several Security Support Providers (SSP) such as: * NTLM * Kerberos * Secure… …   Wikipedia

  • Managed Trusted Internet Protocol Service — MTIPS architectural design, demonstrating the MTIPS transport and agency trusted domain Managed Trusted Internet Protocol Service (MTIPS) was developed by the US General Services Administration (GSA) to allow US Federal agencies to physically and …   Wikipedia

  • CryptoAPI — Cryptographic Application Programming Interface La Cryptographic Application Programming Interface de Microsoft (aussi connue sous le nom de CryptoAPI, MS CAPI ou simplement CAPI) est une interface de programmation pour les langages C et C++… …   Wikipédia en Français

  • MS CAPI — Cryptographic Application Programming Interface La Cryptographic Application Programming Interface de Microsoft (aussi connue sous le nom de CryptoAPI, MS CAPI ou simplement CAPI) est une interface de programmation pour les langages C et C++… …   Wikipédia en Français