When used, the Microsoft Enhanced Cryptographic Provider (Enhanced Provider) provides an application with stronger security than currently available with the Microsoft Base Cryptographic Provider (Base Provider). This provides users with a greater degree of protection in keeping their sensitive data secure.
The following table lists the default key lengths supported by the Base Provider and the Enhanced Provider for the shown algorithms.
| Algorithm | Base Provider | Enhanced Provider |
|---|---|---|
| RSA Key Exchange | 512-bit | 1,024-bit |
| RSA Signature | 512-bit | 1,024-bit |
| RC2 | 40-bit | 128-bit |
| RC4 | 40-bit | 128-bit |
| DES | Not supported | 56-bit |
| Triple DES (2-key) | Not supported | 112-bit |
| Triple DES (3-key) | Not supported | 168-bit |
The DES and Triple DES algorithms are now supported in the Enhanced Provider.
The Enhanced Provider is backward-compatible with the Base Provider distributed with CryptoAPI versions 1.0 and 2.0, with the following exception: For session keys, both CSPs are limited to generating and deriving keys of default key length (40 bit for the Base Provider, and 128 bit for the Enhanced Provider), precluding the Enhanced Provider from creating keys with Base Provider–compatible key lengths. However, the Enhanced Provider can import key lengths of any size, up to 128 bits.
For more information on cryptographic service providers, see Interfacing with a Cryptographic Service Provider (CSP).