The Microsoft® Enhanced Cryptographic Provider (Enhanced Provider) supports the same capabilities as the Microsoft Base Cryptographic Provider (Base Provider), but provides for stronger security through longer keys and additional algorithms. It can be used with CryptoAPI version 1.0 and version 2.0.
Note The Enhanced Provider is currently available only within North America.
To maintain backward compatibility with earlier versions of this provider, the name, as defined in the Wincrypt.h header file, retains the version 1.0 designation. However, version 2.0 of this provider is currently shipping. To see which version of the provider you have, make a call to CryptGetProvParam with the dwParam argument set to PP_VERSION. If 0x0200 is returned in pbData, then you have version 2.0.
Provider Type: PROV_RSA_FULL
Provider Name: MS_ENHANCED_PROV
The following table shows the differences between the Base Provider, and the Enhanced Provider. The key lengths shown are the default keylengths.
| Algorithm | Base Provider | Enhanced Provider |
|---|---|---|
| RSA public-key signature algorithm | Key length: 512 bits. | Key length: 1,024 bits. |
| RSA public-key exchange algorithm | Key length: 512 bits. | Key length: 1,024 bits. |
| RC2 block encryption algorithm | Key length: 40 bits. | Key length: 128 bits. Salt length: settable. |
| RC4 stream encryption algorithm | Key length: 40 bits. | Key length: 128 bits. Salt length: settable. |
| DES | Not supported. | Key length: 56 bits. |
| Triple DES (2 key) | Not supported. | Key length: 112 bits. |
| Triple DES (3 key) | Not supported. | Key length: 168 bits. |
The Enhanced Cryptographic Provider is backward-compatible with the Base Cryptographic Provider distributed with CryptoAPI versions 1.0 and 2.0, with the following exception:
For session keys, the base provider is limited to generating and deriving RC2 or RC4 keys of default key length (40 bit for the Base Provider, and 128 bit for the Enhanced Provider). This precludes the Enhanced Provider from creating keys with Base Provider-compatible key lengths. However, the Enhanced Provider can import RC2 and RC4 keys, up to 128 bits. In other words, 40 bit keys that have been generated using the Base Provider can be imported into the Enhanced Provider and used from there.