When used, the Microsoft Enhanced Cryptographic Provider provides an application with stronger security than currently available with the Microsoft Base Cryptographic Provider. This provides users more protection in keeping sensitive data secure.
The following table shows the default key lengths supported by the Base Provider and the Enhanced Provider for the shown algorithms.
Algorithm |
Base Provider |
Enhanced Provider |
| RSA Key Exchange | 512-bit | 1,024-bit |
| RSA Signature | 512-bit | 1,024-bit |
| RC2 | 40-bit | 128-bit |
| RC4 | 40-bit | 128-bit |
| DES | Not supported | 56-bit |
| Triple DES (2-key) | Not supported | 112-bit |
| Triple DES (3-key) | Not supported | 168-bit |
The Enhanced Provider is backward-compatible with the Base Provider distributed with CryptoAPI version 1.0, with the following exception. For session keys, both CSPs are limited to generating and deriving keys of default key length: 40-bit for the Base Provider, and 128-bit for the Enhanced Provider, which precludes the Enhanced Provider from creating keys with Base Provider–compatible key lengths. However, the Enhanced Provider can import key lengths of any size, up to 128-bits.
Warning If you use the Microsoft RSA Base Provider to create a certification authority, your license to issue certificates is limited to certificates intended for use in the context of your particular application or service.