| Platform SDK: Cryptography |
CryptoAPI has been designed to be easily extensible. New types and parameters can be defined by any CSP author to make CryptoAPI bend to the requirements of a wide variety of situations.
| Extensible items | Comment |
|---|---|
| Provider types | A provider type represents a particular family or type of cryptographic services. New provider types can be defined, each serving a particular niche. |
| Provider parameters | Provider parameters are sent and received using CPSetProvParam and CPGetProvParam, respectively. New provider parameters could allow a CSP to be configured in ways not foreseen by the CryptoAPI designers. |
| Algorithm identifiers | The enumeration facilities of CPGetProvParam allow applications to list algorithm identifiers dynamically. New symmetric, public-key, and hash algorithms can be defined at any time. |
| Public/private key pair types | While new key pair types can be defined as needed, currently only signature and key exchange key pairs are used. |
| Key BLOB types | New key BLOB types could permit session keys, public keys, and public/private key pairs to be exchanged in a flexible manner using the CPExportKey and CPImportKey functions. |
| Key parameters | Key parameters are sent and retrieved using CPSetKeyParam and CPGetKeyParam. New key parameters could enable support for many different types of keys. |
| Hash object parameters | Hash object parameters are sent and retrieved using CPSetHashParam and CPGetHashParam. New hash object parameters could enable support for many different types of hashes. |
| Flag values | Most CryptoAPI/CryptoSPI functions have a dwFlags parameter. New dwFlags values could modify the behavior of functions as necessary. |
Extensions to CryptoAPI must be made in a responsible manner. Before defining new parameters and algorithm types, a CSP developer should consult Microsoft Corporation, so that:
Note For a CSP to be compatible with applications developed for the Microsoft Base Cryptographic Provider, it must support all of the preceding items as described in CryptoAPI Reference and in Cryptographic Service Provider Reference.