Platform SDK: Logon Authentication

Cryptographic Service Providers

Depending on the key exchange algorithm, Schannel makes use of several different types of CSPs. Each of these CSP types are discussed in detail in their respective specifications. Starting with Windows 2000, the following CSPs are supported.

Cryptographic service provider Comments
PROV_RSA_FULL Used to store client credentials in the same manner as the previous versions of Schannel. Client authentication is unchanged. Developers writing smart card PROV_RSA_FULL CSP applications use the same techniques. Can also be used to verify certificate signatures. Schannel uses a global verify-only context for this purpose.
PROV_DSS_FULL The same as PROV_RSA_FULL except that this is used to store DSS client credentials and to verify DSS certificate signatures.
PROV_RSA_SCHANNEL Used for all client and server cryptographic operations when an RSA cipher suite is negotiated, except for those requiring access to the client's private key.
PROV_DH_SCHANNEL Used for all client and server operations when a DH cipher suite is negotiated, except for those requiring access to the client's private key. This CSP also support the DSS algorithm and can be used to sign and verify the signatures on the ephemeral DH parameters.
PROV_FORTEZZA Used for all client and server operations when a Fortezza cipher suite is negotiated.