Cryptographic API was available in earlier Windows versions; however, the solution is now more comprehensive and ties in better with the authentication security. CryptoAPI makes the use of cryptography within applications easier, more transparent, and portable. All the C-API calls remain the same, even if you change the cryptographic service provider (CSP); however, parameter values might change. If you take a closer look at how the CryptoAPI architecture is set up (Figure 8.36), you can identify five functionality groups:

■ Base cryptographic functions Used to connect to a CSP, creating a security context that gives you access to private keys, generation of keys, and exchanging keys. The Base functions are as close as you can get to a CSP. When creating a context, you can select the CSP you want to use, but the access to the CSP remains out of sight and within the Windows kernel.This is done to give maximum protection to the public keys.The Base cryptographic functions can be subdivided in functions for:

■ Data encryption and decryption (Table 8.4)

■ Key generation and key exchange (Table 8.5)

■ CryptEncodeObject/CryptDecodeObject These generalized functions do the encoding/encryption and decoding/decryption of the object referred to.

■ Certificate store functions Enable you to manage certificates available in Certificates stores.

■ Certificate verification functions Take care of the encryption and decryption of the data, based on the security context. In addition, the hash functions are part of this function group. All these functions start with "Crypt."

■ Simplified message functions Used to encrypt/decrypt messages, sign messages, verify certificates. These message functions are composed using multiple low-level message functions and base cryptographic functions (Table 8.7).

■ Low-level message functions Used by simplified message functions, and can be used to obtain more control over the message functions, although it takes more programming effort.

For information on the other CryptoAPI groups, visit the Microsoft Platform SDK site (; Security | Security (General) | SDK Documentation | Cryptography | CryptoAPI).

Figure 8.36 An Overview of the CryptoAPI Architecture


BizTalk COM+




Simplified Message

Low-Level Message

Certificate Store

Certificate Verification

Basic Cryptographic

Cryptographic Service

Was this article helpful?

0 0

Post a comment