diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 53c25eeb97..5399e86a43 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -394,6 +394,12 @@ #### [Software developer FAQ](intelligence/developer-faq.md) #### [Software developer resources](intelligence/developer-resources.md) +## Certifications + +### [FIPS 140 Validation](fips-140-validation.md) +### [Windows Platform Common Criteria Certification](windows-platform-common-criteria.md) + + ## More Windows 10 security ### [The Windows Security app](windows-defender-security-center/windows-defender-security-center.md) @@ -961,14 +967,10 @@ ###### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md) - - ### [Windows security baselines](windows-security-baselines.md) #### [Security Compliance Toolkit](security-compliance-toolkit-10.md) #### [Get support](get-support-for-security-baselines.md) -### [MBSA removal and alternatives](mbsa-removal-and-guidance.md) - ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) ## [Change history for Threat protection](change-history-for-threat-protection.md) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md new file mode 100644 index 0000000000..cdd262ce1c --- /dev/null +++ b/windows/security/threat-protection/fips-140-validation.md @@ -0,0 +1,7085 @@ +--- +title: FIPS 140 Validation +description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140. +ms.prod: w10 +ms.localizationpriority: medium +ms.author: daniha +author: danihalfin +ms.date: 04/03/2018 +--- + + +# FIPS 140 Validation + +On this page + + - [Introduction](https://technet.microsoft.com/en-us/library/cc750357.aspx#id0eo) + - [FIPS 140 Overview](https://technet.microsoft.com/en-us/library/cc750357.aspx#id0ebd) + - [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/en-us/library/cc750357.aspx#id0ezd) + - [Information for System Integrators](https://technet.microsoft.com/en-us/library/cc750357.aspx#id0eve) + - [Information for Software Developers](https://technet.microsoft.com/en-us/library/cc750357.aspx#id0eibac) + - [FIPS 140 FAQ](https://technet.microsoft.com/en-us/library/cc750357.aspx#id0eqcac) + - [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/en-us/library/cc750357.aspx#id0ewfac) + - [Cryptographic Algorithms](https://technet.microsoft.com/en-us/library/cc750357.aspx#id0erobg) + +Updated: March 2018 + +  + +## Introduction + +This document provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard, *Federal Information Processing Standard (FIPS) 140 – Security Requirements for Cryptographic Modules* \[FIPS 140\]. + +### Audience + +This document is primarily focused on providing information for three parties: + +[Procurement Officer](https://technet.microsoft.com/en-us/library/cc750357.aspx#_microsoft_product_validation) – Responsible for verifying that Microsoft products (or even third-party applications) are either FIPS 140 validated or utilize a Microsoft FIPS 140 validated cryptographic module. + +[System Integrator](https://technet.microsoft.com/en-us/library/cc750357.aspx#_information_for_system) – Responsible for ensuring that Microsoft Products are configured properly to use only FIPS 140 validated cryptographic modules. + +[Software Developer](https://technet.microsoft.com/en-us/library/cc750357.aspx#_information_for_software) – Responsible for building software products that utilize Microsoft FIPS 140 validated cryptographic modules. + +### Document Map + +This document is broken into seven major sections: + +[FIPS 140 Overview](https://technet.microsoft.com/en-us/library/cc750357.aspx#_fips_140_overview) – Provides an overview of the FIPS 140 standard as well as provides some historical information about the standard. + +[Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/en-us/library/cc750357.aspx#_microsoft_product_validation) – Provides information on how Microsoft products are FIPS 140 validated. + +[Information for System Integrators](https://technet.microsoft.com/en-us/library/cc750357.aspx#_information_for_system) – Describes how to configure and verify that Microsoft Products are being used in a manner consistent with the product’s FIPS 140 Security Policy. + +[Information for Software Developers](https://technet.microsoft.com/en-us/library/cc750357.aspx#_information_for_software) – Identifies how developers can leverage the Microsoft FIPS 140 validated cryptographic modules. + +[FAQ](https://technet.microsoft.com/en-us/library/cc750357.aspx#_fips_140_faq) – Frequently Asked Questions. + +[Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/en-us/library/cc750357.aspx#_microsoft_fips_140) – Explains Microsoft cryptographic architecture and identifies specific modules that are FIPS 140 validated. + +[Cryptographic Algorithms](https://technet.microsoft.com/en-us/library/cc750357.aspx#_cryptographic_algorithms) – Lists the cryptographic algorithm, modes, states, key sizes, Windows versions, and corresponding cryptographic algorithm validation certificates. + +## FIPS 140 Overview + +### FIPS 140 Standard + +FIPS 140 is a US government and Canadian government standard that defines a minimum set of the security requirements for products that implement cryptography. This standard is designed for cryptographic modules that are used to secure sensitive but unclassified information. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment of Canada (CSEC). + +The current standard defines four-levels of increasing security, 1 through 4. Most software products (including all Microsoft products) are tested against the Level 1 security requirements. + +### Applicability of the FIPS standard + +Within the US Federal government, the FIPS 140 standard applies to any security system (whether hardware, firmware, software, or a combination thereof) to be used by agencies for protecting sensitive but unclassified information. Some agencies have expanded its use by requiring that the modules to be procured for secret systems also meet the FIPS 140 requirements. + +The FIPS 140 standard has also been used by different standards bodies, specification groups, nations, and private institutions as a requirement or guideline for those products (e.g. – Digital Cinema Systems Specification). + +### History of 140-1 + +FIPS 140-1 is the original working version of the standard made official on January 11, 1994. The standard remained in effect until FIPS 140-2 became mandatory for new products on May 25, 2002. + +### FIPS 140-2 + +FIPS 140-2 is currently the active version of the standard. + +### Microsoft FIPS Support Policy + +Microsoft actively maintains FIPS 140 validation for its cryptographic modules. + +### FIPS Mode of Operation + +The common term “FIPS mode” is used in this document and Security Policy documents. When a cryptographic module contains both FIPS-approved and non-FIPS approved security methods, it must have a "FIPS mode of operation" to ensure only FIPS-approved security methods may be used. When a module is in "FIPS mode", a non-FIPS approved method cannot be used instead of a FIPS-approved method. + +## Microsoft Product Validation (Information for Procurement Officers and Auditors) + +This section provides information for Procurement Officers and Auditors who are responsible for ensuring that Microsoft products with FIPS 140 validated cryptographic modules are used in their organization. The goal of this section is to provide an overview of the Microsoft developed products and modules and explain how the validated cryptographic modules are used. + +### Microsoft Product Relationship with CNG and CAPI libraries + +Rather than validate individual components and products, Microsoft chooses to validate only the underlying cryptographic modules. Subsequently, many Windows components and Microsoft products are built to rely on the Cryptographic API: Next Generation (CNG) and legacy Cryptographic API (CAPI) FIPS 140 validated cryptographic modules. Windows components and Microsoft products use the documented application programming interfaces (APIs) for each of the modules to access various cryptographic services. + +The following list contains some of the Windows components and Microsoft products that rely on FIPS 140 validated cryptographic modules: + + - Schannel Security Package + - Remote Desktop Protocol (RDP) Client + - Encrypting File System (EFS) + - Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.) + - BitLocker® Drive Full-volume Encryption + - IPsec Settings of Windows Firewall + +## Information for System Integrators + +This section provides information for System Integrators and Auditors who are responsible for deploying Microsoft products in a manner consistent with the product’s FIPS 140 Security Policy. + +There are two steps to ensure that Microsoft products operate in FIPS mode: + +1. Selecting/Installing FIPS 140 validated cryptographic modules +2. Setting FIPS local/group security policy flag. + +### Step 1 – Selecting/Installing FIPS 140 Validated Cryptographic Modules + +Systems Integrators must ensure that all cryptographic modules installed are, in fact, FIPS 140 validated. This can be accomplished by cross-checking the version number of the installed module with the list of validated binaries. The list of validated CAPI binaries is identified in the [CAPI Validated Cryptographic Modules](https://technet.microsoft.com/en-us/library/cc750357.aspx#_capi_validated_cryptographic) section below and the list of validated CNG binaries is identified in the [CNG Validated Cryptographic Modules](https://technet.microsoft.com/en-us/library/cc750357.aspx#_cng_validated_cryptographic) section below. There are similar sections for all other validated cryptographic modules. + +The version number of the installed binary is found by right-clicking the module file and clicking on the Version or Details tab. Cryptographic modules are stored in the "windows\\system32" or "windows\\system32\\drivers" directory. + +### Step 2 – Setting FIPS Local/Group Security Policy Flag + +The Windows operating system provides a group (or local) security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing”, which is used by many Microsoft products to determine whether to operate in a FIPS-approved mode. When this policy is set, the validated cryptographic modules in Windows will also operate in a FIPS-approved mode. + +**Note** – There is no enforcement of the FIPS policy by the operating system or the validated cryptographic modules. Instead, each individual application must check this flag and enforce the Security Policy of the validated cryptographic modules. + +#### Instructions on Setting the FIPS Local/Group Security Policy Flag + +While there are alternative methods for setting the FIPS local/group security policy flag, the following method is included as a guide to users with Administrative privileges. This description is for the Local Security Policy, but the Group Security Policy may be set in a similar manner. + +1. Open the 'Run' menu by pressing the combination 'Windows Key + R'. +2. Type 'secpol.msc' and press 'Enter' or click the 'Ok' button. +3. In the Local Security Policy management console window that opens, use the left tab to navigate to the Local Policies -\> Security Options. +4. Scroll down the right pane and double-click 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing'. +5. In the properties window, select the 'Enabled' option and click the 'Apply' button. + +#### Microsoft Components and Products That Utilize FIPS Local/Group Security Policy + +The following list details some of the Microsoft components that use the cryptographic functionality implemented by either CNG or legacy CAPI. When the FIPS Local/Group Security Policy is set, the following components will enforce the validated module Security Policy. + + - Schannel Security Package + - Remote Desktop Protocol (RDP) Client + - Encrypting File System (EFS) + - Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.) + - BitLocker® Drive Full-volume Encryption + - IPsec Settings of Windows Firewall + +#### Effects of Setting FIPS Local/Group Security Policy Flag + +When setting the FIPS local/group security policy flag, the behavior of several Microsoft components and products are affected. The most noticeable difference will be that the components enforcing this setting will only use those algorithms approved or allowed in FIPS mode. The specific changes to the products listed above are: + + - Schannel Security Package forced to negotiate sessions using TLS. The following supported Cipher Suites are disabled: + + - - TLS\_RSA\_WITH\_RC4\_128\_SHA + - TLS\_RSA\_WITH\_RC4\_128\_MD5 + - SSL\_CK\_RC4\_128\_WITH\_MD5 + - SSL\_CK\_DES\_192\_EDE3\_CBC\_WITH\_MD5 + - TLS\_RSA\_WITH\_NULL\_MD5 + - TLS\_RSA\_WITH\_NULL\_SHA + + - The set of cryptographic algorithms that a Remote Desktop Protocol (RDP) server will use is scoped to: + + - - CALG\_RSA\_KEYX - RSA public key exchange algorithm + - CALG\_3DES - Triple DES encryption algorithm + - CALG\_AES\_128 - 128 bit AES + - CALG\_AES\_256 - 256 bit AES + - CALG\_SHA1 - SHA hashing algorithm + - CALG\_SHA\_256 - 256 bit SHA hashing algorithm + - CALG\_SHA\_384 - 384 bit SHA hashing algorithm + - CALG\_SHA\_512 - 512 bit SHA hashing algorithm + + - Any Microsoft .NET Framework applications, such as Microsoft ASP.NET or Windows Communication Foundation (WCF), only allow algorithm implementations that are validated to FIPS 140, meaning only classes that end in "CryptoServiceProvider" or "Cng" can be used. Any attempt to create an instance of other cryptographic algorithm classes or create instances that use non-allowed algorithms will cause an InvalidOperationException exception. + + - Verification of ClickOnce applications fails unless the client computer has .NET Framework 2.0 SP1 or later service pack installed or .NET Framework 3.5 or later installed. + + - On Windows Vista and Windows Server 2008 and later, BitLocker Drive Encryption switches from AES-128 using the elephant diffuser to using the approved AES-256 encryption. Recovery passwords are not created or backed up. Instead, backup a recovery key on a local drive or on a network share. To use the recovery key, put the key on a USB device and plug the device into the computer. + +Please be aware that selection of FIPS mode can limit product functionality (See ). + +## Information for Software Developers + +This section is targeted at developers who wish to build their own applications using the FIPS 140 validated cryptographic modules. + +Each of the validated cryptographic modules defines a series of rules that must be followed. The security rules for each validated cryptographic module are specified in the Security Policy document. Links to each of the Security Policy documents is provided in the [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/en-us/library/cc750357.aspx#_microsoft_fips_140) section below. Generally, the restriction in Microsoft validated cryptographic modules is limiting the use of cryptography to only FIPS Approved cryptographic algorithms, modes, and key sizes. + +### Using Microsoft Cryptographic Modules in a FIPS mode of operation + +No matter whether developing with native languages or using .NET, it is important to first check whether the CNG modules for the target system are FIPS validated. The list of validated CNG binaries is identified in the [CNG Validated Cryptographic Modules](https://technet.microsoft.com/en-us/library/cc750357.aspx#_cng_validated_cryptographic) section. + +When developing using CNG directly, it is the responsibility of the developer to follow the security rules outlined in the FIPS 140 Security Policy for each module. The security policy for each module is provided on the CMVP website. Links to each of the Security Policy documents is provided in the tables below. It is important to remember that setting the FIPS local/group security policy Flag (discussed above) does not affect the behavior of the modules when used for developing custom applications. + +If you are developing your application using .NET instead of using the native libraries, then setting the FIPS local policy flag will generate an exception when an improper .NET class is used for cryptography (i.e. the cryptographic classes whose names end in "Managed"). The names of these allowed classes end with "Cng", which use the CNG binaries or "CryptoServiceProvider", which use the legacy CAPI binaries. + +### Key Strengths and Validity Periods + +NIST Special Publication 800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, dated November 2015, \[[SP 800-131A](http://dx.doi.org/10.6028/nist.sp.800-131ar1)\], offers guidance for moving to stronger cryptographic keys and algorithms. This does not replace NIST SP 800-57, Recommendation for Key Management Part 1: General, \[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\], but gives more specific guidance. One of the most important topics discussed in these publications deals with the key strengths of FIPS Approved algorithms and their validity periods. When developing applications that use FIPS Approved algorithms, it is also extremely important to select appropriate key sizes based on the security lifetimes recommended by NIST. + +## FIPS 140 FAQ + +The following are answers to commonly asked questions for the FIPS 140-2 validation of Microsoft products. + +1. How does FIPS 140 relate to the Common Criteria? + **Answer:** These are two separate security standards with different, but complementary, purposes. FIPS 140 is a standard designed specifically for validating product modules that implement cryptography. On the other hand, Common Criteria is designed to help evaluate security functions in IT products. + In many cases, Common Criteria evaluations will rely on FIPS 140 validations to provide assurance that cryptographic functionality is implemented properly. +2. How does FIPS 140 relate to Suite B? + **Answer:** Suite B is simply a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. + The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140 standard. +3. There are so many modules listed on the NIST website for each release, how are they related and how do I tell which one applies to me? + **Answer:** Microsoft strives to validate all releases of its cryptographic modules. Each module provides a different set of cryptographic algorithms. If you are required to use only FIPS validated cryptographic modules, you simply need to verify that the version being used appears on the validation list. + Please see the [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/en-us/library/cc750357.aspx#_microsoft_fips_140)section for a complete list of Microsoft validated modules. +4. My application links against crypt32.dll, cryptsp.dll, advapi32.dll, bcrypt.dll, bcryptprimitives.dll, or ncrypt.dll. What do I need to do to assure I’m using FIPS 140 validated cryptographic modules? + **Answer:** crypt32.dll, cryptsp.dll, advapi32.dll, and ncrypt.dll are intermediary libraries that will offload all cryptographic operations to the FIPS validated cryptographic modules. Bcrypt.dll itself is a validated cryptographic module for Windows Vista and Windows Server 2008. For Windows 7 and Windows Server 2008 R2 and later, bcryptprimitives.dll is the validated module, but bcrypt.dll remains as one of the libraries to link against. + You must first verify that the underlying CNG cryptographic module is validated. Once verified, you'll need to confirm that you're using the module correctly in FIPS mode (See [Information for Software Developers](https://technet.microsoft.com/en-us/library/cc750357.aspx#_information_for_software) section for details). +5. What does "When operated in FIPS mode" mean on certificates? + **Answer:** This caveat identifies that a required configuration and security rules must be followed in order to use the cryptographic module in a manner consistent with its FIPS 140 Security Policy. The security rules are defined in the Security Policy for the module and usually revolve around using only FIPS Approved cryptographic algorithms and key sizes. Please see the Security Policy for the specific security rules for each cryptographic module (See [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/en-us/library/cc750357.aspx#_microsoft_fips_140) section for links to each policy). +6. Which FIPS validated module is called when Windows 7 or Windows 8 is configured to use the FIPS setting in the wireless configuration? + **Answer:** CNG is used. This setting tells the wireless driver to call FIPS 140-2 validated cryptographic modules instead of using the driver’s own cryptography, if any. +7. Is BitLocker to Go FIPS 140-2 validated? + **Answer:** There are two separate parts for BitLocker to Go. One part is simply a native feature of BitLocker and as such, it uses FIPS 140-2 validated cryptographic modules. The other part is the BitLocker to Go Reader application for down-level support of older operating systems such as Windows XP and Windows Vista. The Reader application does not use FIPS 140-2 validated cryptographic modules. +8. Are applications FIPS 140-2 validated? + **Answer:** Microsoft only has low-level cryptographic modules in Windows FIPS 140-2 validated, not high-level applications. A better question is whether a certain application calls a FIPS 140-2 validated cryptographic module in the underlying Windows OS. That question needs to be directed to the company/product group that created the application of interest. +9. How can Systems Center Operations Manager 2012 be configured to use FIPS 140-2 validated cryptographic modules? + **Answer:** See [http://technet.microsoft.com/en-us/library/hh914094.aspx](https://technet.microsoft.com/en-us/library/hh914094.aspx) + +## Microsoft FIPS 140 Validated Cryptographic Modules + +### Modules By Operating System + +The following tables identify the Cryptographic Modules for an operating system. + +#### Windows + +##### Windows 10 Creators Update (Version 1703) + +Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.15063#3095

FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.15063#3094

#3094

+

FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)

Boot Manager10.0.15063#3089

FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

+

Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)

Windows OS Loader10.0.15063#3090

FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

+

Other algorithms: NDRNG

Windows Resume[1]10.0.15063#3091FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)
BitLocker® Dump Filter[2]10.0.15063#3092FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790)
Code Integrity (ci.dll)10.0.15063#3093

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

Secure Kernel Code Integrity (skci.dll)[3]10.0.15063#3096

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

+ + +\[1\] Applies only to Home, Pro, Enterprise, Education and S + +\[2\] Applies only to Pro, Enterprise, Education, S, Mobile and Surface Hub + +\[3\] Applies only to Pro, Enterprise Education and S + +##### Windows 10 Anniversary Update (Version 1607) + +Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.14393#2937

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.14393#2936

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)

Boot Manager10.0.14393#2931

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload)10.0.14393#2932FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: NDRNG; MD5
BitLocker® Windows Resume (winresume)[1]10.0.14393#2933FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[2]10.0.14393#2934FIPS Approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll)10.0.14393#2935

FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: AES (non-compliant); MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

Secure Kernel Code Integrity (skci.dll)[3]10.0.14393#2938

FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+
+Other algorithms: MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

+ + +\[1\] Applies only to Home, Pro, Enterprise and Enterprise LTSB + +\[2\] Applies only to Pro, Enterprise, Enterprise LTSB and Mobile + +\[3\] Applies only to Pro, Enterprise and Enterprise LTSB + +##### Windows 10 November 2015 Update (Version 1511) + +Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10586#2606

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10586#2605

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)

Boot Manager[4]10.0.10586#2700FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)[5]10.0.10586#2701FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+
+Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[6]10.0.10586#2702FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[7]10.0.10586#2703FIPS Approved algorithms: AES (Certs. #3653)
Code Integrity (ci.dll)10.0.10586#2604

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+
+Other algorithms: AES (non-compliant); MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

Secure Kernel Code Integrity (skci.dll)[8]10.0.10586#2607

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+
+Other algorithms: MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

+ + +\[4\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub + +\[5\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub + +\[6\] Applies only to Home, Pro and Enterprise + +\[7\] Applies only to Pro, Enterprise, Mobile and Surface Hub + +\[8\] Applies only to Enterprise and Enterprise LTSB + +##### Windows 10 (Version 1507) + +Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.10240#2606

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)

Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.10240#2605

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)

Boot Manager[9]10.0.10240#2600FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)[10]10.0.10240#2601FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+
+Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[11]10.0.10240#2602FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[12]10.0.10240#2603FIPS Approved algorithms: AES (Certs. #3497 and #3498)
Code Integrity (ci.dll)10.0.10240#2604

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+
+Other algorithms: AES (non-compliant); MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

Secure Kernel Code Integrity (skci.dll)[13]10.0.10240#2607

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+
+Other algorithms: MD5

+

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

+ + +\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB + +\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB + +\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB + +\[12\] Applies only to Pro, Enterprise and Enterprise LTSB + +\[13\] Applies only to Enterprise and Enterprise LTSB + +##### Windows 8.1 + +Validated Editions: RT, Pro, Enterprise, Phone, Embedded + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.17031#2357

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)

Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.17042#2356

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

Boot Manager6.3.9600 6.3.9600.17031#2351FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.17031#2352FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+
+Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[14]6.3.9600 6.3.9600.17031#2353FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)6.3.9600 6.3.9600.17031#2354FIPS Approved algorithms: AES (Cert. #2832)
+
+Other algorithms: N/A
Code Integrity (ci.dll)6.3.9600 6.3.9600.17031#2355#2355

FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+
+Other algorithms: MD5

+

Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

+ + +\[14\] Applies only to Pro, Enterprise, and Embedded 8. + +##### Windows 8 + +Validated Editions: RT, Home, Pro, Enterprise, Phone + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.9200#1892FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert. ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+
Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.9200#1891FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RNG (Cert. ); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.2.9200#1895FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
BitLocker® Windows OS Loader (WINLOAD)6.2.9200#1896FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
BitLocker® Windows Resume (WINRESUME)[15]6.2.9200#1898FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
BitLocker® Dump Filter (DUMPFVE.SYS)6.2.9200#1899FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+
+Other algorithms: N/A
Code Integrity (CI.DLL)6.2.9200#1897FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.9200#1893FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert. ); Triple-DES MAC (Triple-DES Cert. , vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. , key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL)6.2.9200#1894FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+ + +\[15\] Applies only to Home and Pro + +**Windows 7** + +Validated Editions: Windows 7, Windows 7 SP1 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)

6.1.7600.16385

+

6.1.7601.17514

1329FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Kernel Mode Cryptographic Primitives Library (cng.sys)

6.1.7600.16385

+

6.1.7600.16915

+

6.1.7600.21092

+

6.1.7601.17514

+

6.1.7601.17725

+

6.1.7601.17919

+

6.1.7601.21861

+

6.1.7601.22076

1328FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Boot Manager

6.1.7600.16385

+

6.1.7601.17514

1319FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5#1168 and ); HMAC (Cert. ); RSA (Cert. ); SHS (Cert. )
+
+Other algorithms: MD5
Winload OS Loader (winload.exe)

6.1.7600.16385

+

6.1.7600.16757

+

6.1.7600.20897

+

6.1.7600.20916

+

6.1.7601.17514

+

6.1.7601.17556

+

6.1.7601.21655

+

6.1.7601.21675

1326FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5
BitLocker™ Drive Encryption

6.1.7600.16385

+

6.1.7600.16429

+

6.1.7600.16757

+

6.1.7600.20536

+

6.1.7600.20873

+

6.1.7600.20897

+

6.1.7600.20916

+

6.1.7601.17514

+

6.1.7601.17556

+

6.1.7601.21634

+

6.1.7601.21655

+

6.1.7601.21675

1332FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+
+Other algorithms: Elephant Diffuser
Code Integrity (CI.DLL)

6.1.7600.16385

+

6.1.7600.17122

+

6.1.7600.21320

+

6.1.7601.17514

+

6.1.7601.17950

+

6.1.7601.22108

1327FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.1.7600.16385
+(no change in SP1)		1331FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
Enhanced Cryptographic Provider (RSAENH.DLL)6.1.7600.16385
+(no change in SP1)		1330FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+ + +##### Windows Vista SP1 + +Validated Editions: Ultimate Edition + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.0.6001.18000 and 6.0.6002.18005978FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753)
Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596979FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
+
+Other algorithms: MD5
Code Integrity (ci.dll)6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005980FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
+
+Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228691000

FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and ); ECDSA (Cert. ); HMAC (Cert. ); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )

+

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228721001

FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

+

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.180051002

FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

+

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051003

FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

+

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

+ + +##### Windows Vista + +Validated Editions: Ultimate Edition + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider (RSAENH)6.0.6000.16386893FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6000.16386894FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption6.0.6000.16386947FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
+
+Other algorithms: Elephant Diffuser
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067891FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+
+Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5
+ + +##### Windows XP SP3 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.1.2600.5512997

FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

+

Other algorithms: DES; MD5; HMAC MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.1.2600.5507990

FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

+

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

Enhanced Cryptographic Provider (RSAENH)5.1.2600.5507989

FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

+

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)

+ + +##### Windows XP SP2 + + ++++++ + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
DSS/Diffie-Hellman Enhanced Cryptographic Provider5.1.2600.2133240

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

+

Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Microsoft Enhanced Cryptographic Provider5.1.2600.2161238

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

+ + +##### Windows XP SP1 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Microsoft Enhanced Cryptographic Provider5.1.2600.1029238

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

+ + +##### Windows XP + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module5.1.2600.0241

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

+

Other algorithms: DES (Cert. #89)

+ + +##### Windows 2000 SP3 + + ++++++ + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS: 5.0.2195.3665 [SP3])

+

(Base: 5.0.2195.3839 [SP3])

+

(DSS/DH Enh: 5.0.2195.3665 [SP3])

+

(Enh: 5.0.2195.3839 [SP3]

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

+ + +##### Windows 2000 SP2 + + ++++++ + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.0.2195.1569106

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+

Other algorithms: DES (Certs. #89)

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS:

+

5.0.2195.2228 [SP2])

+

(Base:

+

5.0.2195.2228 [SP2])

+

(DSS/DH Enh:

+

5.0.2195.2228 [SP2])

+

(Enh:

+

5.0.2195.2228 [SP2])

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

+ + +##### Windows 2000 SP1 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider

(Base DSS: 5.0.2150.1391 [SP1])

+

(Base: 5.0.2150.1391 [SP1])

+

(DSS/DH Enh: 5.0.2150.1391 [SP1])

+

(Enh: 5.0.2150.1391 [SP1])

103

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

+ + +##### Windows 2000 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.2150.176

FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

+ + +##### Windows 95 and Windows 98 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider5.0.1877.6 and 5.0.1877.775

FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

+

Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

+ + +##### Windows NT 4.0 + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Base Cryptographic Provider5.0.1877.6 and 5.0.1877.768FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
+
+Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)
+ + +#### Windows Server + +##### Windows Server 2016 + +Validated Editions: Standard, Datacenter, Storage Server + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)10.0.143932937FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)10.0.143932936FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager10.0.143932931

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload)10.0.143932932FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: NDRNG; MD5
BitLocker® Windows Resume (winresume)10.0.143932933FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)10.0.143932934FIPS Approved algorithms: AES (Certs. #4061 and #4064)
Code Integrity (ci.dll)10.0.143932935FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: AES (non-compliant); MD5
Secure Kernel Code Integrity (skci.dll)10.0.143932938FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+
+Other algorithms: MD5
+ + +##### Windows Server 2012 R2 + +Validated Editions: Server, Storage Server, + +**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)6.3.9600 6.3.9600.170312357FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)6.3.9600 6.3.9600.170422356FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.3.9600 6.3.9600.170312351FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
BitLocker® Windows OS Loader (winload)6.3.9600 6.3.9600.170312352FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+
+Other algorithms: MD5; NDRNG
BitLocker® Windows Resume (winresume)[16]6.3.9600 6.3.9600.170312353FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5
BitLocker® Dump Filter (dumpfve.sys)[17]6.3.9600 6.3.9600.170312354FIPS Approved algorithms: AES (Cert. #2832)
+
+Other algorithms: N/A
Code Integrity (ci.dll)6.3.9600 6.3.9600.170312355FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+
+Other algorithms: MD5
+ + +\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** + +\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** + +**Windows Server 2012** + +Validated Editions: Server, Storage Server + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)6.2.92001892FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert. ); HMAC (Cert. #); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Kernel Mode Cryptographic Primitives Library (cng.sys)6.2.92001891FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Boot Manager6.2.92001895FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
BitLocker® Windows OS Loader (WINLOAD)6.2.92001896FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG
BitLocker® Windows Resume (WINRESUME)6.2.92001898FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
BitLocker® Dump Filter (DUMPFVE.SYS)6.2.92001899FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+
+Other algorithms: N/A
Code Integrity (CI.DLL)6.2.92001897FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)6.2.92001893FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced Cryptographic Provider (RSAENH.DLL)6.2.92001894FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+ + +##### Windows Server 2008 R2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.175141321FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5
Winload OS Loader (winload.exe)6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216751333FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5
Code Integrity (ci.dll)6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221081334FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5
Kernel Mode Cryptographic Primitives Library (cng.sys)6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220761335FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
Cryptographic Primitives Library (bcryptprimitives.dll)66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.175141336FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4
Enhanced Cryptographic Provider (RSAENH)6.1.7600.163851337FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.1.7600.163851338FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4
BitLocker™ Drive Encryption6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216751339FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+
+Other algorithms: Elephant Diffuser
+ + +##### Windows Server 2008 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Boot Manager (bootmgr)6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224971004FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: N/A
Winload OS Loader (winload.exe)6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225961005FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: MD5
Code Integrity (ci.dll)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051006FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: MD5
Kernel Mode Security Support Provider Interface (ksecdd.sys)6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228691007FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert. ); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Cryptographic Primitives Library (bcrypt.dll)6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228721008FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.180051009FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+
+-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4
Enhanced Cryptographic Provider (RSAENH)6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.180051010FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+ + +##### Windows Server 2003 SP2 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.3959875

FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

+

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.3959869

FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

+

Other algorithms: DES; HMAC-MD5

Enhanced Cryptographic Provider (RSAENH)5.2.3790.3959868

FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

+

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+ + +##### Windows Server 2003 SP1 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.1830 [SP1]405

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

+

[1] x86
+[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH)5.2.3790.1830 [Service Pack 1])382

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

+

[1] x86
+[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.1830 [Service Pack 1]381

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

+

[1] x86
+[2] SP1 x86, x64, IA64

+ + +##### Windows Server 2003 + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Kernel Mode Cryptographic Module (FIPS.SYS)5.2.3790.0405

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

+

[1] x86
+[2] SP1 x86, x64, IA64

Enhanced Cryptographic Provider (RSAENH)5.2.3790.0382

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

+

[1] x86
+[2] SP1 x86, x64, IA64

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)5.2.3790.0381

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

+

[1] x86
+[2] SP1 x86, x64, IA64

+ + +#### Other Products + +##### Windows Embedded Compact 7 and Windows Embedded Compact 8 + + ++++++ + + + + + + + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider7.00.2872 [1] and 8.00.6246 [2]2957

FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

+

Allowed algorithms: HMAC-MD5; MD5; NDRNG

Cryptographic Primitives Library (bcrypt.dll)7.00.2872 [1] and 8.00.6246 [2]2956

FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

+

Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength

+ + + +##### Windows CE 6.0 and Windows Embedded Compact 7 + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Enhanced Cryptographic Provider6.00.1937 [1] and 7.00.1687 [2]825

FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

+

Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

+ + +##### Outlook Cryptographic Provider + + ++++++ + + + + + + + + + + + + + + +
Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Outlook Cryptographic Provider (EXCHCSP)SR-1A (3821)SR-1A (3821)110

FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

+

Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5

+ +  + +### Cryptographic Algorithms + +The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate. + +### Advanced Encryption Standard (AES) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-OFB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +

Microsoft Surface Hub Virtual TPM Implementations #4904

+

Version 10.0.15063.674

    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-OFB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903

+

Version 10.0.16299

    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CCM:
    • +
    • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • +
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • +
    • Plain Text Length: 0-32
      • +
    • AAD Length: 0-65536
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CMAC:
    • +
    • +
    • Generation:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • Verification:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-GCM:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • +
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • 96 bit IV supported
      • +
    • +
  • AES-XTS:
    • +
    • +
    • Key Size: 128:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • Key Size: 256:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902

+

Version 10.0.15063.674

    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CCM:
    • +
    • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • +
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • +
    • Plain Text Length: 0-32
      • +
    • AAD Length: 0-65536
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CMAC:
    • +
    • +
    • Generation:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • Verification:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-GCM:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • +
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • 96 bit IV supported
      • +
    • +
  • AES-XTS:
    • +
    • +
    • Key Size: 128:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • Key Size: 256:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901

+

Version 10.0.15254

    +
  • AES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CCM:
    • +
    • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
      • +
    • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
      • +
    • Plain Text Length: 0-32
      • +
    • AAD Length: 0-65536
      • +
    • +
  • AES-CFB128:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-CMAC:
    • +
    • +
    • Generation:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • Verification:
      • +
      • +
      • AES-128:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-192:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • AES-256:
        • +
        • +
        • Block Sizes: Full, Partial
          • +
        • Message Length: 0-65536
          • +
        • Tag Length: 16-16
          • +
        • +
      • +
    • +
  • AES-CTR:
    • +
    • +
    • Counter Source: Internal
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • +
  • AES-GCM:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • IV Generation: External
      • +
    • Key Lengths: 128, 192, 256 (bits)
      • +
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
      • +
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • 96 bit IV supported
      • +
    • +
  • AES-XTS:
    • +
    • +
    • Key Size: 128:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • Key Size: 256:
      • +
      • +
      • Modes: Decrypt, Encrypt
        • +
      • Block Sizes: Full
        • +
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

+

Version 10.0.16299

AES-KW:

+
    +
  • Modes: Decrypt, Encrypt
    • +
  • CIPHK transformation direction: Forward
    • +
  • Key Lengths: 128, 192, 256 (bits)
    • +
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • +
+

AES Val#4902

Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900

+

Version 10.0.15063.674

AES-KW:

+
    +
  • Modes: Decrypt, Encrypt
    • +
  • CIPHK transformation direction: Forward
    • +
  • Key Lengths: 128, 192, 256 (bits)
    • +
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • +
+

AES Val#4901

Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899

+

Version 10.0.15254

AES-KW:

+
    +
  • Modes: Decrypt, Encrypt
    • +
  • CIPHK transformation direction: Forward
    • +
  • Key Lengths: 128, 192, 256 (bits)
    • +
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • +
+

AES Val#4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898

+

Version 10.0.16299

AES-CCM:

+
    +
  • Key Lengths: 256 (bits)
    • +
  • Tag Lengths: 128 (bits)
    • +
  • IV Lengths: 96 (bits)
    • +
  • Plain Text Length: 0-32
    • +
  • AAD Length: 0-65536
    • +
+

AES Val#4902

Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896

+

Version 10.0.15063.674

AES-CCM:

+
    +
  • Key Lengths: 256 (bits)
    • +
  • Tag Lengths: 128 (bits)
    • +
  • IV Lengths: 96 (bits)
    • +
  • Plain Text Length: 0-32
    • +
  • AAD Length: 0-65536
    • +
+

AES Val#4901

Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895

+

Version 10.0.15254

AES-CCM:

+
    +
  • Key Lengths: 256 (bits)
    • +
  • Tag Lengths: 128 (bits)
    • +
  • IV Lengths: 96 (bits)
    • +
  • Plain Text Length: 0-32
    • +
  • AAD Length: 0-65536
    • +
+

AES Val#4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894

+

Version 10.0.16299

CBC ( e/d; 128 , 192 , 256 );

+

CFB128 ( e/d; 128 , 192 , 256 );

+

OFB ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627

+

Version 10.0.15063

KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

+

AES Val#4624

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626

+

Version 10.0.15063

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#4624

+

 

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625

+

Version 10.0.15063

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

CFB128 ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

+

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )

+

(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )

+

IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported

+

GMAC_Supported

+

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624

+

Version 10.0.15063

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434

+

Version 7.00.2872

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433

+

Version 8.00.6246

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431

+

Version 7.00.2872

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430

+

Version 8.00.6246

CBC ( e/d; 128 , 192 , 256 );

+

CFB128 ( e/d; 128 , 192 , 256 );

+

OFB ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074

+

Version 10.0.14393

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

+

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported

+

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064

+

Version 10.0.14393

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
+Version 10.0.14393

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )

+

AES Val#4064

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062

+

Version 10.0.14393

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#4064

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061

+

Version 10.0.14393

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

+

AES Val#3629

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652

+

Version 10.0.10586

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#3629

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653

+

Version 10.0.10586

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
+Version 10.0.10586

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

+

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported

+

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
+
+

+

Version 10.0.10586

KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )

+

AES Val#3497

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507

+

Version 10.0.10240

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#3497

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498

+

Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )

+

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC(Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported

+

XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
+Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
+Version 10.0.10240

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853

+

Version 6.3.9600

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#2832

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848

+

Version 6.3.9600

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )

+

GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )

+

(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )

+

IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 8 , 1024 ) ; 96BitIV_Supported ;
+OtherIVLen_Supported
+GMAC_Supported

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

+

Version 6.3.9600

CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+AES Val#2197

+

CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
+AES Val#2197

+

GCM(KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
+GMAC_Supported

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216

CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )

+

AES Val#2196

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

CFB128 ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+AES Val#1168

Windows Server 2008 R2 and SP1 CNG algorithms #1187

+

Windows 7 Ultimate and SP1 CNG algorithms #1178

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
+AES Val#1168		Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

+

 

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168

GCM

+

GMAC

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed
CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )

Windows Server 2008 CNG algorithms #757

+

Windows Vista Ultimate SP1 CNG algorithms #756

CBC ( e/d; 128 , 256 );

+

CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )

Windows Vista Ultimate BitLocker Drive Encryption #715

+

Windows Vista Ultimate BitLocker Drive Encryption #424

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CFB8 ( e/d; 128 , 192 , 256 );

Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739

+

Windows Vista Symmetric Algorithm Implementation #553

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

+

CTR ( int only; 128 , 192 , 256 )

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023

ECB ( e/d; 128 , 192 , 256 );

+

CBC ( e/d; 128 , 192 , 256 );

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818

+

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781

+

Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548

+

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516

+

Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507

+

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290

+

Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224

+

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80

+

Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33

+ + +Deterministic Random Bit Generator (DRBG) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function not used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4904

Microsoft Surface Hub Virtual TPM Implementations #1734

+

Version 10.0.15063.674

    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function not used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4903

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733

+

Version 10.0.16299

    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4902

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732

+

Version 10.0.15063.674

    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4901

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731

+

Version 10.0.15254

    +
  • Counter:
    • +
    • +
    • Modes: AES-256
      • +
    • Derivation Function States: Derivation Function used
      • +
    • Prediction Resistance Modes: Not Enabled
      • +
    • +
+

Prerequisite: AES #4897

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730

+

Version 10.0.16299

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4627 ) ]

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556

+

Version 10.0.15063

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4624 ) ]

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555

+

Version 10.0.15063

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4434 ) ]

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433

+

Version 7.00.2872

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4433 ) ]

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432

+

Version 8.00.6246

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4431 ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430

+

Version 7.00.2872

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4430 ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429

+

Version 8.00.6246

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4074 ) ]

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222

+

Version 10.0.14393

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4064 ) ]

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217

+

Version 10.0.14393

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3629 ) ]

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955

+

Version 10.0.10586

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3497 ) ]

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868

+

Version 10.0.10240

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2832 ) ]

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

+

Version 6.3.9600

CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ]Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ]Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ]Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
DRBG (SP 800–90)Windows Vista Ultimate SP1, vendor-affirmed
+ + +#### Digital Signature Algorithm (DSA) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • DSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • PQGGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • PQGVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • KeyPair:
        • +
        • +
        • L = 2048, N = 256
          • +
        • L = 3072, N = 256
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303

+

Version 10.0.15063.674

    +
  • DSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • PQGGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • PQGVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • KeyPair:
        • +
        • +
        •  
          • +
        •  
          • +
        • L = 2048, N = 256
          • +
        • L = 3072, N = 256
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302

+

Version 10.0.15254

    +
  • DSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • PQGGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • PQGVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigGen:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • SigVer:
        • +
        • +
        • L = 2048, N = 256 SHA: SHA-256
          • +
        • L = 3072, N = 256 SHA: SHA-256
          • +
        • +
      • KeyPair:
        • +
        • +
        • L = 2048, N = 256
          • +
        • L = 3072, N = 256
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301

+

Version 10.0.16299

FIPS186-4:

+

PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]

+

PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

KeyPairGen:   [ (2048,256) ; (3072,256) ]

+

SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]

+

SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val#3790

+

DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223

+

Version 10.0.15063

FIPS186-4:
+PQG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
+SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
+SHS: Val# 3649

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188

+

Version 7.00.2872

FIPS186-4:
+PQG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
+SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
+SHS: Val#3648

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187

+

Version 8.00.6246

FIPS186-4:
+PQG(gen)PARMS TESTED: [
+(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen:    [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED:   [ (2048,256)
+SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val# 3347
+DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098

+

Version 10.0.14393

FIPS186-4:
+PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]
+KeyPairGen:    [ (2048,256) ; (3072,256) ] SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val# 3047
+DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024

+

Version 10.0.10586

FIPS186-4:
+PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen:    [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val# 2886
+DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983

+

Version 10.0.10240

FIPS186-4:
+PQG(gen)PARMS TESTED:   [
+(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED:   [ (2048,256)
+SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen:    [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]

+

SHS: Val# 2373
+DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

+

Version 6.3.9600

FIPS186-2:
+PQG(ver) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: #1903
+DRBG: #258

+

FIPS186-4:
+PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SHS: #1903
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
FIPS186-2:
+PQG(ver) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: #1902
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686.		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1773
+DRBG: Val# 193
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.		Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1081
+DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.

Windows Server 2008 R2 and SP1 CNG algorithms #391

+

Windows 7 Ultimate and SP1 CNG algorithms #386

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1081
+RNG: Val# 649
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.

Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

+

Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.

Windows Server 2008 CNG algorithms #284

+

Windows Vista Ultimate SP1 CNG algorithms #283

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 753
+RNG: Val# 435
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.

Windows Server 2008 Enhanced DSS (DSSENH) #282

+

Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 618
+RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.

Windows Vista CNG algorithms #227

+

Windows Vista Enhanced DSS (DSSENH) #226

FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 784
+RNG: Val# 448
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.		Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 783
+RNG: Val# 447
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 611
+RNG: Val# 314		Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 385		Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
FIPS186-2:
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 181
+
+		Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SHS: SHA-1 (BYTE)
+SIG(ver) MOD(1024);
+SHS: SHA-1 (BYTE)

Windows 2000 DSSENH.DLL #29

+

Windows 2000 DSSBASE.DLL #28

+

Windows NT 4 SP6 DSSENH.DLL #26

+

Windows NT 4 SP6 DSSBASE.DLL #25

FIPS186-2: PRIME;
+FIPS186-2:

+

KEYGEN(Y):
+SHS: SHA-1 (BYTE)

+

SIG(gen):
+SIG(ver) MOD(1024);
+SHS: SHA-1 (BYTE)

Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17
+ + +#### Elliptic Curve Digital Signature Algorithm (ECDSA) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #2373, DRBG #489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

+

Version 6.3.9600

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384
          • +
        • Generation Methods: Testing Candidates
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #1253

+

Version 10.0.15063.674

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384
          • +
        • Generation Methods: Testing Candidates
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252

+

Version 10.0.16299

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #1251

+

Version 10.0.15063.674

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250

+

Version 10.0.15063.674

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249

+

Version 10.0.15254

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248

+

Version 10.0.15254

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247

+

Version 10.0.16299

    +
  • ECDSA:
    • +
    • +
    • 186-4:
      • +
      • +
      • Key Pair Generation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • Generation Methods: Extra Random Bits
          • +
        • +
      • Public Key Validation:
        • +
        • +
        • Curves: P-256, P-384, P-521
          • +
        • +
      • Signature Generation:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • Signature Verification:
        • +
        • +
        • P-256 SHA: SHA-256
          • +
        • P-384 SHA: SHA-384
          • +
        • P-521 SHA: SHA-512
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246

+

Version 10.0.16299

FIPS186-4:
+PKG: CURVES( P-256 P-384 TestingCandidates )
+SHS: Val#3790
+DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136

+

Version 10.0.15063

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#3790
+DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135

+

Version 10.0.15063

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#3790
+DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133

+

Version 10.0.15063

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
+SHS:Val# 3649
+DRBG:Val# 1430

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073

+

Version 7.00.2872

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
+SHS:Val#3648
+DRBG:Val# 1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072

+

Version 8.00.6246

FIPS186-4:
+PKG: CURVES( P-256 P-384 TestingCandidates )
+PKV: CURVES( P-256 P-384 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )

+

SHS: Val# 3347
+DRBG: Val# 1222

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920

+

Version 10.0.14393

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

+

SHS: Val# 3347
+DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911

+

Version 10.0.14393

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

+

SHS: Val# 3047
+DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760

+

Version 10.0.10586

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

+

SHS: Val# 2886
+DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706

+

Version 10.0.10240

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )

+

SHS: Val#2373
+DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

+

Version 6.3.9600

FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: #1903
+DRBG: #258
+SIG(ver):CURVES( P-256 P-384 P-521 )
+SHS: #1903
+DRBG: #258

+

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: #1903
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341

FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#1773
+DRBG: Val# 193
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#1773
+DRBG: Val# 193

+

FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#1773
+DRBG: Val# 193
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#1081
+DRBG: Val# 23
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#1081
+DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.

Windows Server 2008 R2 and SP1 CNG algorithms #142

+

Windows 7 Ultimate and SP1 CNG algorithms #141

FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#753
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.

Windows Server 2008 CNG algorithms #83

+

Windows Vista Ultimate SP1 CNG algorithms #82

FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#618
+RNG: Val# 321
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#618
+RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.		Windows Vista CNG algorithms #60
+ + +#### Keyed-Hash Message Authentication Code (HMAC) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4011

Microsoft Surface Hub Virtual TPM Implementations #3271

+

Version 10.0.15063.674

    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4009

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270

+

Version 10.0.16299

    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-512:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4011

Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269

+

Version 10.0.15063.674

    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-512:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4010

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268

+

Version 10.0.15254

    +
  • HMAC-SHA-1:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-256:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-384:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
  • HMAC-SHA2-512:
    • +
    • +
    • Key Sizes < Block Size
      • +
    • Key Sizes > Block Size
      • +
    • Key Sizes = Block Size
      • +
    • +
+

Prerequisite: SHS #4009

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267

+

Version 10.0.16299

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062

+

Version 10.0.15063

HMAC-SHA1(Key Sizes Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061

+

Version 10.0.15063

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3652

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3652

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3652

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3652

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946

+

Version 7.00.2872

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3651

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3651

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3651

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3651

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945

+

Version 8.00.6246

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3649

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal# 3649

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943

+

Version 7.00.2872

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3648

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3648

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3648

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3648

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942

+

Version 8.00.6246

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
+SHS Val# 3347

+

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3347

+

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661

+

Version 10.0.14393

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3347

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651

+

Version 10.0.14393

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
+SHS Val# 3047

+

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3047

+

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3047

+

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
+SHS Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381

+

Version 10.0.10586

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
+SHSVal# 2886

+

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
+SHSVal# 2886

+

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
+ SHSVal# 2886

+

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
+SHSVal# 2886

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233

+

Version 10.0.10240

HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
+SHS Val#2373

+

HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
+SHS Val#2373

+

HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
+SHS Val#2373

+

HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
+SHS Val#2373

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

+

Version 6.3.9600

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#2764

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#2764

Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122

+

Version 5.2.29344

HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902

+

HMAC-SHA256 ( Key Size Ranges Tested: KS#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS#1902

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS#1902

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS#1902

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS#1902

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )

+

SHS#1903

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS )

+

SHS#1903

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS )

+

SHS#1903

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS )

+

SHS#1903

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1773

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

+

Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1773

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1774

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1774

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1081

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1081

Windows Server 2008 R2 and SP1 CNG algorithms #686

+

Windows 7 and SP1 CNG algorithms #677

+

Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687

+

Windows 7 Enhanced Cryptographic Provider (RSAENH) #673

HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081

+

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#1081

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#816

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#816

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#816

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#816

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753

+

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#753

Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS )SHS Val#753

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408

+

Windows Vista Enhanced Cryptographic Provider (RSAENH) #407

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHSVal#618

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618

Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#785

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429

+

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#783

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#783

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#783

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#783

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#613

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#613

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#613

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#613

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#610Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#753

Windows Server 2008 CNG algorithms #413

+

Windows Vista Ultimate SP1 CNG algorithms #412

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737

+

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#737

Windows Vista Ultimate BitLocker Drive Encryption #386

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618

Windows Vista CNG algorithms #298

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#589

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHSVal#589

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#589

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#589

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267

HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#578

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#578

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#578

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#578

Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260

HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495

+

HMAC-SHA256 ( Key Size Ranges Tested: KSVal#495

Windows Vista BitLocker Drive Encryption #199
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#364

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99

+

Windows XP, vendor-affirmed

HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#305

+

HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#305

+

HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#305

+

HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#305

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31
+ + +#### Key Agreement Scheme (KAS) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Full Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #150

+

Version 10.0.15063.674

    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Full Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149

+

Version 10.0.16299

    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Ephemeral Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • One Pass DH:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • Static Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732

+
    +
  • KAS FFC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • +
    • Schemes:
      • +
      • +
      • dhEphem:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhOneFlow:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhStatic:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DSA #1303, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #148

+

Version 10.0.15063.674

    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Ephemeral Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • One Pass DH:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • Static Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731

+
    +
  • KAS FFC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • +
    • Schemes:
      • +
      • +
      • dhEphem:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhOneFlow:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhStatic:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DSA #1302, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147

+

Version 10.0.15254

    +
  • KAS ECC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
      • +
    • Schemes:
      • +
      • +
      • Ephemeral Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • KDFs: Concatenation
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • One Pass DH:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • Static Unified:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • EC:
            • +
            • +
            • Curve: P-256
              • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • ED:
            • +
            • +
            • Curve: P-384
              • +
            • SHA: SHA-384
              • +
            • MAC: HMAC
              • +
            • +
          • EE:
            • +
            • +
            • Curve: P-521
              • +
            • SHA: SHA-512
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730

+
    +
  • KAS FFC:
    • +
    • +
    • Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
      • +
    • Schemes:
      • +
      • +
      • dhEphem:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhOneFlow:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • dhStatic:
        • +
        • +
        • Key Agreement Roles: Initiator, Responder
          • +
        • Parameter Sets:
          • +
          • +
          • FB:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • FC:
            • +
            • +
            • SHA: SHA-256
              • +
            • MAC: HMAC
              • +
            • +
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DSA #1301, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146

+

Version 10.0.16299

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration ) SCHEMES [ FullUnified ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ]

+

SHS Val#3790
+DSA Val#1135
+DRBG Val#1556

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128

+

Version 10.0.15063

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
+SHS Val#3790
+DSA Val#1223
+DRBG Val#1555

+

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS Val#3790
+ECDSA Val#1133
+DRBG Val#1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127

+

Version 10.0.15063

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
+SHS Val# 3649
+DSA Val#1188
+DRBG Val#1430

+

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115

+

Version 7.00.2872

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder> ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
+[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
+SHS Val#3648
+DSA Val#1187
+DRBG Val#1429

+

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS Val#3648
+ECDSA Val#1072
+DRBG Val#1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114

+

Version 8.00.6246

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration )
+SCHEMES  [ FullUnified  ( No_KC  < KARole(s): Initiator / Responder > < KDF: CONCAT > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ]

+

SHS Val# 3347 ECDSA Val#920 DRBG Val#1222

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93

+

Version 10.0.14393

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation )
+SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic (No_KC  < KARole(s): Initiator / Responder > ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

+

SHS Val# 3347 DSA Val#1098 DRBG Val#1217

+

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH  ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

+

SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92

+

Version 10.0.14393

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  < KARole(s): Initiator / Responder > ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

+

SHS Val# 3047 DSA Val#1024 DRBG Val#955

+

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH  ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

+

SHS Val# 3047 ECDSA Val#760 DRBG Val#955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72

+

Version 10.0.10586

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  < KARole(s): Initiator / Responder > ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

+

SHS Val# 2886 DSA Val#983 DRBG Val#868

+

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH  ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

+

SHS Val# 2886 ECDSA Val#706 DRBG Val#868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64

+

Version 10.0.10240

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  < KARole(s): Initiator / Responder > ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]

+

SHS Val#2373 DSA Val#855 DRBG Val#489

+

ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH  ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC  < KARole(s): Initiator / Responder > ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]

+

SHS Val#2373 ECDSA Val#505 DRBG Val#489

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47

+

Version 6.3.9600

FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS #1903 DSA Val#687 DRBG #258

+

ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS #1903 ECDSA Val#341 DRBG #258

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36

KAS (SP 800–56A)

+

key agreement

+

key establishment methodology provides 80 to 256 bits of encryption strength

Windows 7 and SP1, vendor-affirmed

+

Windows Server 2008 R2 and SP1, vendor-affirmed

+ + +SP 800-108 Key-Based Key Derivation Functions (KBKDF) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • Counter:
    • +
    • +
    • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
      • +
    • +
+

MAC prerequisite: HMAC #3271

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
+
+

K prerequisite: DRBG #1734, KAS #150

Microsoft Surface Hub Virtual TPM Implementations #161

+

Version 10.0.15063.674

    +
  • Counter:
    • +
    • +
    • MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
      • +
    • +
+

MAC prerequisite: HMAC #3270

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
+
+

K prerequisite: DRBG #1733, KAS #149

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160

+

Version 10.0.16299

    +
  • Counter:
    • +
    • +
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • +
    • +
+

MAC prerequisite: AES #4902, HMAC #3269

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
  • K prerequisite: KAS #148
    • +
+

Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159

+

Version 10.0.15063.674

    +
  • Counter:
    • +
    • +
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • +
    • +
+

MAC prerequisite: AES #4901, HMAC #3268

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
+
+

K prerequisite: KAS #147

Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158

+

Version 10.0.15254

    +
  • Counter:
    • +
    • +
    • MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
      • +
    • +
+

MAC prerequisite: AES #4897, HMAC #3267

+
+
    +
  • Counter Location: Before Fixed Data
    • +
  • R Length: 32 (bits)
    • +
  • SPs used to generate K: SP 800-56A, SP 800-90A
    • +
+
+

K prerequisite: KAS #146

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157

+

Version 10.0.16299

CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+
+KAS Val#128
+DRBG Val#1556
+MAC Val#3062

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141

+

Version 10.0.15063

CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+
+KAS Val#127
+AES Val#4624
+DRBG Val#1555
+MAC Val#3061

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140

+

Version 10.0.15063

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

KAS Val#93 DRBG Val#1222 MAC Val#2661

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102

+

Version 10.0.14393

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101

+

Version 10.0.14393

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72

+

Version 10.0.10586

CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66

+

Version 10.0.10240

CTR_Mode:  ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

DRBG Val#489 MAC Val#1773

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30

+

Version 6.3.9600

CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )

+

DRBG #258 HMAC Val#1345

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
+ + +Random Number Generator (RNG) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #

FIPS 186-2 General Purpose

+

[ (x-Original); (SHA-1) ]

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
FIPS 186-2
+[ (x-Original); (SHA-1) ]

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060

+

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292

+

Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286

+

Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66

FIPS 186-2
+[ (x-Change Notice); (SHA-1) ]

+

FIPS 186-2 General Purpose
+[ (x-Change Notice); (SHA-1) ]

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649

+

Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435

+

Windows Vista RNG implementation #321

FIPS 186-2 General Purpose
+[ (x-Change Notice); (SHA-1) ]

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470

+

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449

+

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316

+

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313

FIPS 186-2
+[ (x-Change Notice); (SHA-1) ]

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448

+

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314

+ + +#### RSA + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1734

Microsoft Surface Hub Virtual TPM Implementations #2677

+

Version 10.0.15063.674

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 240 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1733

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676

+

Version 10.0.16299

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub RSA32 Algorithm Implementations #2675

+

Version 10.0.15063.674

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674

+

Version 10.0.16299

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673

+

Version 10.0.15254

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Public Key Exponent: Fixed (10001)
        • +
      • Provable Primes with Conditions:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.3
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #2672

+

Version 10.0.15063.674

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Probable Random Primes:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.2
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671

+

Version 10.0.15063.674

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Probable Random Primes:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.2
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670

+

Version 10.0.15254

RSA:

+
    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Public Key Exponent: Fixed (10001)
        • +
      • Provable Primes with Conditions:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.3
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669

+

Version 10.0.15254

    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Public Key Exponent: Fixed (10001)
        • +
      • Provable Primes with Conditions:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.3
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668

+

Version 10.0.16299

    +
  • 186-4:
    • +
    • +
    • Key Generation:
      • +
      • +
      • Probable Random Primes:
        • +
        • +
        • Mod lengths: 2048, 3072 (bits)
          • +
        • Primality Tests: C.2
          • +
        • +
      • +
    • Signature Generation PKCS1.5:
      • +
      • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Generation PSS:
      • +
      • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • Signature Verification PKCS1.5:
      • +
      • +
      • Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
        • +
      • +
    • Signature Verification PSS:
      • +
      • +
      • Mod 1024:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 496 (bits)
          • +
        • +
      • Mod 2048:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • Mod 3072:
        • +
        • +
        • SHA-1: Salt Length: 160 (bits)
          • +
        • SHA-256: Salt Length: 256 (bits)
          • +
        • SHA-384: Salt Length: 384 (bits)
          • +
        • SHA-512: Salt Length: 512 (bits)
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667

+

Version 10.0.16299

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
+SHA Val#3790

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524

+

Version 10.0.15063

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523

+

Version 10.0.15063

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val#3790
+DRBG: Val# 1555

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522

+

Version 10.0.15063

FIPS186-4:
+186-4KEY(gen):
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val#3790

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521

+

Version 10.0.15063

FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652

+

FIPS186-4:
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
+SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3652

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415

+

Version 7.00.2872

FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651

+

FIPS186-4:
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
+SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3651

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414

+

Version 8.00.6246

FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val# 3649 , SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649

+

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val# 3649
+DRBG: Val# 1430

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412

+

Version 7.00.2872

FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648

+

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3648
+DRBG: Val# 1429

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411

+

Version 8.00.6246

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))

+

SHA Val# 3347

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206

+

Version 10.0.14393

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

+

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195

+

Version 10.0.14393

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#3346

soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194

+

Version 10.0.14393

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193

+

Version 10.0.14393

FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

SHA Val# 3347 DRBG: Val# 1217

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192

+

Version 10.0.14393

FIPS186-4:
+186-4KEY(gen):  FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

+

SHA Val# 3047 DRBG: Val# 955

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889

+

Version 10.0.10586

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#3048

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871

+

Version 10.0.10586

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888

+

Version 10.0.10586

FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

SHA Val# 3047

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887

+

Version 10.0.10586

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

+

SHA Val# 2886 DRBG: Val# 868

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798

+

Version 10.0.10240

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#2871

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784

+

Version 10.0.10240

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#2871

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783

+

Version 10.0.10240

FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

SHA Val# 2886

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802

+

Version 10.0.10240

FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )

+

SHA Val#2373 DRBG: Val# 489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487

+

Version 6.3.9600

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#2373

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494

+

Version 6.3.9600

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))

+

SHA Val#2373

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493

+

Version 6.3.9600

FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))

+

SHA Val#2373

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519

+

Version 6.3.9600

FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
+SHA #1903

+

Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+SHA #1903 DRBG: #258		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.		Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.		Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.		Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.		Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.

Windows Server 2008 R2 and SP1 CNG algorithms #567

+

Windows 7 and SP1 CNG algorithms #560

FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.		Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.		Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
FIPS186-2:
+ALG[ANSIX9.31]:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.

Windows Server 2008 CNG algorithms #358

+

Windows Vista SP1 CNG algorithms #357

FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355

+

Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354

FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.		Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.		Windows Vista RSA key generation implementation #258
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.		Windows Vista CNG algorithms #257
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.		Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.		Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.		Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]:
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.		Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.		Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52

FIPS186-2:

+

– PKCS#1 v1.5, signature generation and verification

+

– Mod sizes: 1024, 1536, 2048, 3072, 4096

+

– SHS: SHA–1/256/384/512

Windows XP, vendor-affirmed

+

Windows 2000, vendor-affirmed

+ + +#### Secure Hash Standard (SHS) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • SHA-1:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-256:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-384:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-512:
    • +
    • +
    • Supports Empty Message
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011

+

Version 10.0.15063.674

    +
  • SHA-1:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-256:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-384:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-512:
    • +
    • +
    • Supports Empty Message
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010

+

Version 10.0.15254

    +
  • SHA-1:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-256:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-384:
    • +
    • +
    • Supports Empty Message
      • +
    • +
  • SHA-512:
    • +
    • +
    • Supports Empty Message
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009

+

Version 10.0.16299

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790

+

Version 10.0.15063

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652

+

Version 7.00.2872

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651

+

Version 8.00.6246

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649

+

Version 7.00.2872

SHA-1      (BYTE-only)
+SHA-256  (BYTE-only)
+SHA-384  (BYTE-only)
+SHA-512  (BYTE-only)

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648

+

Version 8.00.6246

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
+Version 10.0.14393
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
+Version 10.0.14393
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
+Version 10.0.10586
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
+Version 10.0.10586
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
+Version 10.0.10240
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
+Version 10.0.10240
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
+Version 6.3.9600
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
+Version 6.3.9600

SHA-1 (BYTE-only)

+

SHA-256 (BYTE-only)

+

SHA-384 (BYTE-only)

+

SHA-512 (BYTE-only)

+

Implementation does not support zero-length (null) messages.

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903

+

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774

+

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows 7and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816

SHA-1 (BYTE-only)

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785

+

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783
SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753

+

Windows Vista Symmetric Algorithm Implementation #618

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)

Windows Vista BitLocker Drive Encryption #737

+

Windows Vista Beta 2 BitLocker Drive Encryption #495

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613

+

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364

SHA-1 (BYTE-only)

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611

+

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610

+

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385

+

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371

+

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181

+

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177

+

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176

SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)

Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589

+

Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578

+

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305

SHA-1 (BYTE-only)

Windows XP Microsoft Enhanced Cryptographic Provider #83

+

Crypto Driver for Windows 2000 (fips.sys) #35

+

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32

+

Windows 2000 RSAENH.DLL #24

+

Windows 2000 RSABASE.DLL #23

+

Windows NT 4 SP6 RSAENH.DLL #21

+

Windows NT 4 SP6 RSABASE.DLL #20

+ + +#### Triple DES + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Modes / States / Key SizesAlgorithm Implementation and Certificate #
    +
  • TDES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB64:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558

+

Version 10.0.15063.674

    +
  • TDES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB64:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557

+

Version 10.0.15254

    +
  • TDES-CBC:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB64:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-CFB8:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +
  • TDES-ECB:
    • +
    • +
    • Modes: Decrypt, Encrypt
      • +
    • Keying Option: 1
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556

+

Version 10.0.16299

TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459

+

Version 10.0.15063

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, )

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384

+

Version 8.00.6246

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, )

Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383

+

Version 8.00.6246

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

CTR ( int only )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382

+

Version 7.00.2872

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, )

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381

+

Version 8.00.6246

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

TCFB8( KO 1 e/d, ) ;

+

TCFB64( KO 1 e/d, )

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
+
+

+

Version 10.0.14393

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

TCFB8( KO 1 e/d, ) ;

+

TCFB64( KO 1 e/d, )

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
+
+

+

Version 10.0.10586

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

TCFB8( KO 1 e/d, ) ;

+

TCFB64( KO 1 e/d, )

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
+
+

+

Version 10.0.10240

TECB( KO 1 e/d, ) ;

+

TCBC( KO 1 e/d, ) ;

+

TCFB8( KO 1 e/d, ) ;

+

TCFB64( KO 1 e/d, )

Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692

+

Version 6.3.9600

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 ) ;

+

TCFB64( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 )

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 )

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 )

Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 ) ;

+

TCFB8( e/d; KO 1,2 )

Windows Vista Symmetric Algorithm Implementation #549
Triple DES MAC

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed

+

Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed

TECB( e/d; KO 1,2 ) ;

+

TCBC( e/d; KO 1,2 )

Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308

+

Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691

+

Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677

+

Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676

+

Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675

+

Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544

+

Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543

+

Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542

+

Windows CE 6.0 and Window CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526

+

Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517

+

Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381

+

Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370

+

Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365

+

Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315

+

Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201

+

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199

+

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192

+

Windows XP Microsoft Enhanced Cryptographic Provider #81

+

Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18

+

Crypto Driver for Windows 2000 (fips.sys) #16

+ + +#### SP 800-132 Password Based Key Derivation Function (PBKDF) + + + + + + + + + + + + + + +
+ Modes / States / Key Sizes + + Algorithm Implementation and Certificate # +
+ PBKDF (vendor affirmed) +

 Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
(Software Version: 10.0.14393)

+

Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)

+

Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
(Software Version: 10.0.14393)

+

Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931
(Software Version: 10.0.14393)

+
+ PBKDF (vendor affirmed) +

Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)

+

Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed

+
+ + +#### Component Validation List + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Publication / Component Validated / DescriptionImplementation and Certificate #
    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #489

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540

+

Version 6.3.9600

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Microsoft Surface Hub Virtual TPM Implementations #1519

+

Version 10.0.15063.674

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518

+

Version 10.0.16299

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Microsoft Surface Hub MsBignum Cryptographic Implementations #1517

+

Version 10.0.15063.674

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Microsoft Surface Hub MsBignum Cryptographic Implementations #1516

+

Version 10.0.15063.674

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

 Prerequisite: DRBG #1732

Microsoft Surface Hub MsBignum Cryptographic Implementations #1515

+

Version 10.0.15063.674

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1732

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514

+

Version 10.0.15063.674

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513

+

Version 10.0.15063.674

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512

+

Version 10.0.15063.674

    +
  • IKEv1:
    • +
    • +
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • +
    • Pre-shared Key Length: 64-2048
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, HMAC #3269

+
    +
  • IKEv2:
    • +
    • +
    • Derived Keying Material length: 192-1792
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4011, HMAC #3269

+
    +
  • TLS:
    • +
    • +
    • Supports TLS 1.0/1.1
      • +
    • Supports TLS 1.2:
      • +
      • +
      • SHA Functions: SHA-256, SHA-384
        • +
      • +
    • +
+

Prerequisite: SHS #4011, HMAC #3269

Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511

+

Version 10.0.15063.674

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1731

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510

+

Version 10.0.15254

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509

+

Version 10.0.15254

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508

+

Version 10.0.15254

    +
  • IKEv1:
    • +
    • +
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • +
    • Pre-shared Key Length: 64-2048
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, HMAC #3268

+
    +
  • IKEv2:
    • +
    • +
    • Derived Keying Material length: 192-1792
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4010, HMAC #3268

+
    +
  • TLS:
    • +
    • +
    • Supports TLS 1.0/1.1
      • +
    • Supports TLS 1.2:
      • +
      • +
      • SHA Functions: SHA-256, SHA-384
        • +
      • +
    • +
+

Prerequisite: SHS #4010, HMAC #3268

Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507

+

Version 10.0.15254

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1731

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506

+

Version 10.0.15254

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505

+

Version 10.0.15254

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504

+

Version 10.0.15254

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503

+

Version 10.0.16299

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502

+

Version 10.0.16299

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501

+

Version 10.0.16299

    +
  • ECDSA SigGen:
    • +
    • +
    • P-256 SHA: SHA-256
      • +
    • P-384 SHA: SHA-384
      • +
    • P-521 SHA: SHA-512
      • +
    • +
+

Prerequisite: DRBG #1730

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499

+

Version 10.0.16299

    +
  • RSADP:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498

+

Version 10.0.16299

+

 

    +
  • RSASP1:
    • +
    • +
    • Modulus Size: 2048 (bits)
      • +
    • Padding Algorithms: PKCS 1.5
      • +
    • +

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497

+

Version 10.0.16299

    +
  • IKEv1:
    • +
    • +
    • Methods: Digital Signature, Pre-shared Key, Public Key Encryption
      • +
    • Pre-shared Key Length: 64-2048
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, HMAC #3267

+
    +
  • IKEv2:
    • +
    • +
    • Derived Keying Material length: 192-1792
      • +
    • Diffie-Hellman shared secrets:
      • +
      • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 2048 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 256 (bits)
          • +
        • SHA Functions: SHA-256
          • +
        • +
      • Diffie-Hellman shared secret:
        • +
        • +
        • Length: 384 (bits)
          • +
        • SHA Functions: SHA-384
          • +
        • +
      • +
    • +
+

Prerequisite: SHS #4009, HMAC #3267

+
    +
  • TLS:
    • +
    • +
    • Supports TLS 1.0/1.1
      • +
    • Supports TLS 1.2:
      • +
      • +
      • SHA Functions: SHA-256, SHA-384
        • +
      • +
    • +
+

Prerequisite: SHS #4009, HMAC #3267

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

+

Version 10.0.16299

FIPS186-4 ECDSA

+

Signature Generation of hash sized messages

+

ECDSA SigGen Component: CURVES( P-256 P-384 P-521 )

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
+Version 10.0. 15063

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
+Version 10.0. 15063

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
+Version 10.0.14393

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
+Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
+Version 10.0.10586

+

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
+Version 6.3.9600

FIPS186-4 RSA; PKCS#1 v2.1

+

RSASP1 Signature Primitive

+

RSASP1: (Mod2048: PKCS1.5 PKCSPSS)

Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285
+Version 10.0.15063

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282
+Version 10.0.15063

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
+Version 10.0.15063

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
+Version 10.0.14393

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
+Version 10.0.14393

+

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
+Version 10.0.10586

+

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
+Version  10.0.10240

+

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289
+Version 6.3.9600

FIPS186-4 RSA; RSADP

+

RSADP Primitive

+

RSADP: (Mod2048)

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283
+Version 10.0.15063

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
+Version 10.0.15063

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
+Version 10.0.14393

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
+Version 10.0.14393

+

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663
+Version 10.0.10586

+

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576
+Version  10.0.10240

SP800-135

+

Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS

Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496

+

Version 10.0.16299

+

Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
+Version 10.0.15063

+

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140
+Version 7.00.2872

+

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139
+Version 8.00.6246

+

Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886
+Version 10.0.14393

+

Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664
+Version 10.0.10586

+

Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
+Version  10.0.10240

+

Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
+Version 6.3.9600

+ + +## References + +\[[FIPS 140](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)\] - FIPS 140-2, Security Requirements for Cryptographic Modules + +\[[FIPS FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)\] - Cryptographic Module Validation Program (CMVP) FAQ + +\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised) + +\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths + +## Additional Microsoft References + +Enabling FIPS mode - + +Cipher Suites in Schannel - [http://msdn.microsoft.com/en-us/library/aa374757(VS.85).aspx](https://msdn.microsoft.com/en-us/library/aa374757\(vs.85\).aspx) + diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md new file mode 100644 index 0000000000..86b6688059 --- /dev/null +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -0,0 +1,165 @@ +--- +title: Windows Platform Common Criteria Certification +description: This topic details how Microsoft supports the Common Criteria certification program. +ms.prod: w10 +ms.localizationpriority: medium +ms.author: daniha +author: danihalfin +ms.date: 04/03/2018 +--- + +# Windows Platform Common Criteria Certification + +Microsoft is committed to optimizing the security of its products and services. As part of that commitment, Microsoft supports the Common Criteria certification program, continues to ensure that products incorporate the features and functions required by relevant Common Criteria protection profiles, and completes Common Criteria certifications of Microsoft Windows products. + +## Common Criteria Security Targets + +### Information for Systems Integrators and Accreditors + +The Security Target describes security functionality and assurance measures used to evaluate Windows. + + - [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](http://download.microsoft.com/download/b/f/5/bf59e430-e57b-462d-8dca-8ac3c93cfcff/windows%2010%20anniversary%20update%20ipsec%20vpn%20client%20security%20target%20-%20public%20\(december%2029%202016\)%20\(clean\).docx) + - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/3/7/2/372beb03-b1ed-4bb6-9b9b-b8f43afc570d/st_vid10746-st.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book](http://download.microsoft.com/download/a/c/2/ac2a6ed8-4d2f-4f48-a9bf-f059d6c9af38/windows%2010%20mdf3%20security%20target%20-%20public%20\(june%2022%202016\)\(final\).docx) + - [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) + - [Windows 10 and Windows Server 2012 R2](http://www.commoncriteriaportal.org/files/epfiles/st_windows10.pdf) + - [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) + - [Windows 8.1 with Surface 3 and Windows Phone 8.1 with Lumia 635 and Lumia 830](https://www.niap-ccevs.org/st/st_vid10635-st.pdf) + - [Microsoft Surface Pro 3 and Windows 8.1](https://www.niap-ccevs.org/st/st_vid10632-st.pdf) + - [Windows 8.1 and Windows Phone 8.1](https://www.niap-ccevs.org/st/st_vid10592-st.pdf) + - [Windows 8 and Windows Server 2012](https://www.niap-ccevs.org/st/st_vid10520-st.pdf) + - [Windows 8 and Windows RT](https://www.niap-ccevs.org/st/st_vid10620-st.pdf) + - [Windows 8 and Windows Server 2012 BitLocker](http://www.commoncriteriaportal.org/files/epfiles/st_vid10540-st.pdf) + - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://www.commoncriteriaportal.org/files/epfiles/st_vid10529-st.pdf) + - [Windows 7 and Windows Server 2008 R2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-st.pdf) + - [Microsoft Windows Server 2008 R2 Hyper-V Role](http://www.microsoft.com/download/en/details.aspx?id=29305) + - [Windows Vista and Windows Server 2008 at EAL4+](http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf) + - [Microsoft Windows Server 2008 Hyper-V Role](http://www.commoncriteriaportal.org/files/epfiles/0570b_pdf.pdf) + - [Windows Vista and Windows Server 2008 at EAL1](http://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_st_v1.0.pdf) + - [Windows Server 2003 SP2 including R2, x64, and IA64; Windows XP Professional SP2 and x64 SP2; and Windows XP Embedded SP2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10184-st.pdf) + - [Windows Server 2003 Certificate Server](http://www.commoncriteriaportal.org/files/epfiles/st_vid9507-st.pdf) + - [Windows Rights Management Services (RMS) 1.0 SP2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10224-st.pdf) + +## Common Criteria Deployment and Administration + +### Information for IT Administrators + +These documents describe how to configure Windows to replicate the configuration used during the Common Criteria evaluation. + +**Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2** + + - [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client Operational Guidance](http://download.microsoft.com/download/2/c/c/2cc8f929-233e-4a40-b673-57b449680984/windows%2010%20au%20and%20server%202016%20ipsec%20vpn%20client%20operational%20guidance%20\(21%20dec%202016\)%20\(public\).docx) + - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/3/3/f/33fa01dd-b380-46e1-833f-fd85854b4022/st_vid10746-agd.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book Administrative Guide](http://download.microsoft.com/download/3/2/c/32c6fa02-b194-478f-a0f6-0215b47d0f40/windows%2010%20mdf3%20mobile%20device%20pp%20operational%20guidance%20\(may%2027,%202016\)\(public\).docx) + - [Microsoft Windows 10 Mobile and Windows 10 Administrative Guide](http://download.microsoft.com/download/2/d/c/2dce3435-9328-48e2-9813-c2559a8d39fa/microsoft%20windows%2010%20and%20windows%2010%20mobile%20guidance.pdf) + - [Windows 10 and Windows Server 2012 R2 Administrative Guide](http://download.microsoft.com/download/0/f/d/0fd33c9a-98ac-499e-882f-274f80f3d4f0/microsoft%20windows%2010%20and%20server%202012%20r2%20gp%20os%20guidance.pdf) + - [Windows 10 Common Criteria Operational Guidance](http://download.microsoft.com/download/d/6/f/d6fb4cec-f0f2-4d00-ab2e-63bde3713f44/windows%2010%20mobile%20device%20operational%20guidance.pdf) + +**Windows 8.1 and Windows Phone 8.1** + + - [Microsoft Surface Pro 3 Common Criteria Mobile Operational Guidance](http://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx) + - [Windows 8.1 and Windows Phone 8.1 CC Supplemental Admin Guide](http://download.microsoft.com/download/b/0/e/b0e30225-5017-4241-ac0a-6c40bc8e6714/mobile%20operational%20guidance.docx) + +**Windows 8, Windows RT, and Windows Server 2012** + + - [Windows 8 and Windows Server 2012](http://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx) + - [Windows 8 and Windows RT](http://download.microsoft.com/download/8/6/e/86e8c001-8556-4949-90cf-f5beac918026/microsoft%20windows%208%20microsoft%20windows%20rt%20common%20criteria%20supplemental%20admin.docx) + - [Windows 8 and Windows Server 2012 BitLocker](http://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf) + - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx) + +**Windows 7 and Windows Server 2008 R2** + + - [Windows 7 and Windows Server 2008 R2 Supplemental CC Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=ee05b6d0-9939-4765-9217-63083bb94a00) + - [Windows Server 2008 R2 Hyper-V Common Criteria Configuration Guide](http://www.microsoft.com/download/en/details.aspx?id=29308) + +**Windows Vista and Windows Server 2008** + + - [Windows Vista and Windows Server 2008 Supplemental CC Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567) + - [Windows Server 2008 Hyper-V Role Common Criteria Administrator Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=cb19538d-9e13-4ab6-af38-8f48abfdad08) + +**Windows Server 2003 SP2 including R2, x64, and Itanium** + + - [Windows Server 2003 SP2 R2 Common Criteria Administrator Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=39598841-e693-4891-9234-cfd1550f3949) + - [Windows Server 2003 SP2 R2 Common Criteria Configuration Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=4f7b6a93-0307-480f-a5af-a20268cbd7cc) + +**Windows Server 2003 SP1(x86), x64, and IA64** + + - [Windows Server 2003 with x64 Hardware Administrator's Guide](http://www.microsoft.com/downloads/details.aspx?familyid=8a26829f-c177-4b79-913a-4135fb7b96ef) + - [Windows Server 2003 with x64 Hardware Configuration Guide](http://www.microsoft.com/downloads/details.aspx?familyid=3f9ecd0a-74dd-4d23-a4e5-d7b63fed70e8) + +**Windows Server 2003 SP1** + + - [Windows Server 2003 Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=75736009-59e9-4a71-879e-cf581817b8cc) + - [Windows Server 2003 Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=a0ad1856-beb7-4285-b47c-381e8a210c38) + +**Windows XP Professional SP2 (x86) and x64 Edition** + + - [Windows XP Common Criteria Administrator Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=9a7f0b16-72ce-4675-aec8-58785c4e37ee) + - [Windows XP Common Criteria Configuration Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=165da57d-f066-4ddf-9462-cbecfcd68694) + - [Windows XP Common Criteria User Guide 3.0](http://www.microsoft.com/downloads/details.aspx?familyid=7c1a4761-9b9e-429c-84eb-cd7b034c5779) + - [Windows XP Professional with x64 Hardware Administrator's Guide](http://www.microsoft.com/downloads/details.aspx?familyid=346f041e-d641-4af7-bdea-c5a3246d0431) + - [Windows XP Professional with x64 Hardware Configuration Guide](http://www.microsoft.com/downloads/details.aspx?familyid=a7075319-cc3d-4420-a00b-8c9a7068ad54) + - [Windows XP Professional with x64 Hardware User’s Guide](http://www.microsoft.com/downloads/details.aspx?familyid=26c49cf5-6159-4197-97ce-bf1fdfc54569) + +**Windows XP Professional SP2, and XP Embedded SP2** + + - [Windows XP Professional Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=9bcac470-a0b3-4d34-a561-fa8308c0ff60) + - [Windows XP Professional Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=9f04915e-571a-422d-8ffa-5797051e81de) + - [Windows XP Professional User's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=d39d0028-7093-495c-80da-2b5b29a54bd8) + +**Windows Server 2003 Certificate Server** + + - [Windows Server 2003 Certificate Server Administrator's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=445093d8-45e2-4cf6-884c-8802c1e6cb2d) + - [Windows Server 2003 Certificate Server Configuration Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=46abc8b5-11be-4e3d-85c2-63226c3688d2) + - [Windows Server 2003 Certificate Server User's Guide](http://www.microsoft.com/downloads/en/details.aspx?familyid=74f66d84-2654-48d0-b9b5-b383d383425e) + +## Common Criteria Evaluation Technical Reports and Certification / Validation Reports + +### Information for Systems Integrators and Accreditors + +An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team. + + - [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](http://download.microsoft.com/download/2/0/a/20a8e686-3cd9-43c4-a22a-54b552a9788a/st_vid10753-vr.pdf) + - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/9/b/6/9b633763-6078-48aa-b9ba-960da2172a11/st_vid10746-vr.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book](http://download.microsoft.com/download/d/c/b/dcb7097d-1b9f-4786-bb07-3c169fefb579/st_vid10715-vr.pdf) + - [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10694-vr.pdf) + - [Windows 10 and Windows Server 2012 R2](https://www.commoncriteriaportal.org/files/epfiles/cr_windows10.pdf) + - [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-vr.pdf) + - [Windows 8.1 with Surface 3 and Windows Phone 8.1 with Lumia 635 and Lumia 830](https://www.niap-ccevs.org/st/st_vid10635-vr.pdf) + - [Microsoft Surface Pro 3 and Windows 8.1](https://www.niap-ccevs.org/st/st_vid10632-vr.pdf) + - [Windows 8.1 and Windows Phone 8.1](https://www.niap-ccevs.org/st/st_vid10592-vr.pdf) + - [Windows 8 and Windows Server 2012](https://www.niap-ccevs.org/st/st_vid10520-vr.pdf) + - [Windows 8 and Windows RT](https://www.niap-ccevs.org/st/st_vid10620-vr.pdf) + - [Windows 8 and Windows Server 2012 BitLocker](http://www.commoncriteriaportal.org/files/epfiles/st_vid10540-vr.pdf) + - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://www.commoncriteriaportal.org/files/epfiles/st_vid10529-vr.pdf) + - [Windows 7 and Windows Server 2008 R2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-vr.pdf) + - [Windows Vista and Windows Server 2008 Validation Report at EAL4+](http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-vr.pdf) + - [Windows Server 2008 Hyper-V Role Certification Report](http://www.commoncriteriaportal.org/files/epfiles/0570a_pdf.pdf) + - [Windows Vista and Windows Server 2008 Certification Report at EAL1](http://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_cr_v1.0.pdf) + - [Windows XP / Windows Server 2003 with x64 Hardware ETR](http://www.microsoft.com/downloads/details.aspx?familyid=6e8d98f9-25b9-4c85-9bd9-24d91ea3c9ef) + - [Windows XP / Windows Server 2003 with x64 Hardware ETR, Part II](http://www.microsoft.com/downloads/details.aspx?familyid=0c35e7d8-9c56-4686-b902-d5ffb9915658) + - [Windows Server 2003 SP2 including R2, Standard, Enterprise, Datacenter, x64, and Itanium Editions Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) + - [Windows XP Professional SP2 and x64 SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) + - [Windows XP Embedded SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/20080303_st_vid10184-vr.pdf) + - [Windows XP and Windows Server 2003 ETR](http://www.microsoft.com/downloads/details.aspx?familyid=63cf2a1e-f578-4bb5-9245-d411f0f64265) + - [Windows XP and Windows Server 2003 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid9506-vr.pdf) + - [Windows Server 2003 Certificate Server ETR](http://www.microsoft.com/downloads/details.aspx?familyid=a594e77f-dcbb-4787-9d68-e4689e60a314) + - [Windows Server 2003 Certificate Server Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid9507-vr.pdf) + - [Microsoft Windows Rights Management Services (RMS) 1.0 SP2 Validation Report](http://www.commoncriteriaportal.org/files/epfiles/st_vid10224-vr.pdf) + +## Other Common Criteria Related Documents + + - [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](http://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc) +