CryptoAPI version 1.0 contained all the necessary functionality to handle straight cryptography. In this document, the original version 1.0 functionality is now called Cryptographic Functions. However, there is a rapidly evolving trend toward the incorporation of certificates in secure communications. Cryptography provides two of the three most important aspects of secure communications—privacy and integrity. The other important aspect is authentication—the certification that both the sender and recipient are who they say they are. The method that is being used to provide authentication in secure communications is digital certificates (often shortened to just certificates).
The CryptoAPI version 2.0 has all the same functionality contained in version 1.0, plus it adds all the necessary functionality to manage and use certificates in secure communications, and functions to encode and decode PKCS #7 messages.
The certificate management API includes functions to maintain and manage a persistent storage of certificates (called a certificate store), and a set of functions that provide for the incorporation of certificates in outgoing messages and the verification of certificates that are being received in messages.
The message management API is provided at two levels—low-level message functions and simplified message functions. The low-level message functions provide more flexibility than the simplified message functions, but require more function calls.
In September 1996, Microsoft® hosted a Security Design Review conference attended by several hundred interested developers. The purpose of this design review was to present the CryptoAPI as it existed at that point, so that feedback could be received about its usefulness and any change in direction that was needed. As a result of that feedback and due to ongoing development efforts, significant changes have occurred to the CryptoAPI since the conference. The changes that have occurred since the conference are presented in The Microsoft CryptoAPI Summary of Changes.