Depending on the key exchange algorithm, Schannel makes use of several different types of CSPs. Each of these CSP types are discussed in detail in their respective specifications. Starting with Windows 2000, the following CSPs are supported.
Cryptographic service provider |
Comments |
PROV_RSA_FULL |
Used to store client credentials in the same manner as the previous versions of Schannel. Client authentication is unchanged. Developers writing smart card PROV_RSA_FULL CSP applications use the same techniques. Can also be used to verify certificate signatures. Schannel uses a global verify-only context for this purpose. |
PROV_DSS_FULL |
The same as PROV_RSA_FULL except that this is used to store DSS client credentials and to verify DSS certificate signatures. |
PROV_RSA_SCHANNEL |
Used for all client and server cryptographic operations when an RSA cipher suite is negotiated, except for those requiring access to the client's private key. |
PROV_DH_SCHANNEL |
Used for all client and server operations when a DH cipher suite is negotiated, except for those requiring access to the client's private key. This CSP also support the DSS algorithm and can be used to sign and verify the signatures on the ephemeral DH parameters. |
PROV_FORTEZZA |
Used for all client and server operations when a Fortezza cipher suite is negotiated. |