diff --git a/ThirdPartyNotices b/ThirdPartyNotices
index a0bd09d68f..faceb5a528 100644
--- a/ThirdPartyNotices
+++ b/ThirdPartyNotices
@@ -7,7 +7,7 @@ see the [LICENSE](LICENSE) file, and grant you a license to any code in the repo
Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation
may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries.
The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks.
-Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.
+Microsoft's general trademark guidelines can be found at https://go.microsoft.com/fwlink/?LinkID=254653.
Privacy information can be found at https://privacy.microsoft.com/en-us/
diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
index 130038d3a2..c336f03247 100644
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@@ -243,7 +243,7 @@ In the following table, we show you the features available in both Microsoft Edg
|-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:|
| Print support |  |  |
| Multi-tab support |  |  |
-| Allow/Block URL support |  *\*For Microsoft Edge kiosk mode use* Windows Defender Firewall. Microsoft kiosk browser has custom policy support. |  |
+| Allow/Block URL support |   |
| Configure Home Button |  |  |
| Set Start page(s) URL |  | 
*Same as Home button URL* |
| Set New Tab page URL |  |  |
@@ -255,7 +255,7 @@ In the following table, we show you the features available in both Microsoft Edg
| SKU availability | Windows 10 October 2018 Update
Professional, Enterprise, and Education | Windows 10 April 2018 Update
Professional, Enterprise, and Education |
**\*Windows Defender Firewall**
-To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide).
+To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both, using IP addresses. For more details, see [Windows Defender Firewall with Advanced Security Deployment Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide).
---
diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md
index 14514a5133..0973813221 100644
--- a/devices/hololens/holographic-3d-viewer-beta.md
+++ b/devices/hololens/holographic-3d-viewer-beta.md
@@ -6,10 +6,10 @@ ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
-audience: ITPro
-ms.localizationpriority: medium
+ms.localizationpriority: high
ms.date: 10/30/2019
-ms.reviewer:
+ms.reviewer: scooley
+audience: ITPro
manager: jarrettr
appliesto:
- HoloLens (1st gen)
diff --git a/devices/hololens/holographic-store-apps.md b/devices/hololens/holographic-store-apps.md
index 6d0e0d820a..085f14c50e 100644
--- a/devices/hololens/holographic-store-apps.md
+++ b/devices/hololens/holographic-store-apps.md
@@ -3,7 +3,7 @@ title: Find, install, and uninstall applications
description: The Microsoft Store is your source for apps and games that work with HoloLens. Learn more about finding, installing, and uninstalling holographic apps.
ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435
ms.reviewer: v-miegge
-ms.date: 8/30/2019
+ms.date: 08/30/2019
manager: jarrettr
keywords: hololens, store, uwp, app, install
ms.prod: hololens
@@ -11,7 +11,7 @@ ms.sitesec: library
author: mattzmsft
ms.author: mazeller
ms.topic: article
-ms.localizationpriority: medium
+ms.localizationpriority: high
appliesto:
- HoloLens (1st gen)
- HoloLens 2
@@ -33,7 +33,7 @@ Open the Microsoft Store from the **Start** menu. Then browse for apps and games
## Install apps
-To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](http://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
+To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
1. To open the [**Start** menu](holographic-home.md), perform a [bloom](hololens1-basic-usage.md) gesture or tap your wrist.
2. Select the Store app and then tap to place this tile into your world.
diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md
index 6e8f48fa30..bbe2dad4d3 100644
--- a/devices/hololens/hololens-connect-devices.md
+++ b/devices/hololens/hololens-connect-devices.md
@@ -7,8 +7,8 @@ ms.sitesec: library
author: Teresa-Motiv
ms.author: v-tea
ms.topic: article
-ms.localizationpriority: medium
-ms.date: 9/13/2019
+ms.localizationpriority: high
+ms.date: 09/13/2019
manager: jarrettr
appliesto:
- HoloLens (1st gen)
@@ -34,7 +34,7 @@ Classes of Bluetooth devices supported by HoloLens (1st gen):
- HoloLens (1st gen) clicker
> [!NOTE]
-> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported on HoloLens (1st gen). [Learn more](http://go.microsoft.com/fwlink/p/?LinkId=746660).
+> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported on HoloLens (1st gen). [Learn more](https://go.microsoft.com/fwlink/p/?LinkId=746660).
### Pair a Bluetooth keyboard or mouse
diff --git a/devices/hololens/hololens-environment-considerations.md b/devices/hololens/hololens-environment-considerations.md
index e09691dddf..ec56133a01 100644
--- a/devices/hololens/hololens-environment-considerations.md
+++ b/devices/hololens/hololens-environment-considerations.md
@@ -9,9 +9,9 @@ ms.date: 8/29/2019
ms.prod: hololens
ms.topic: article
audience: ITPro
-ms.localizationpriority: medium
+ms.localizationpriority: high
appliesto:
-- HoloLens 1
+- HoloLens (1st gen)
- HoloLens 2
---
diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md
index daf928dd5e..6ee4fb35c1 100644
--- a/devices/hololens/hololens-offline.md
+++ b/devices/hololens/hololens-offline.md
@@ -11,7 +11,7 @@ manager: v-miegge
ms.topic: article
ms.prod: hololens
ms.sitesec: library
-ms.localizationpriority: medium
+ms.localizationpriority: high
appliesto:
- HoloLens (1st gen)
- HoloLens 2
diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md
index 67541da523..0585bf89f7 100644
--- a/devices/hololens/hololens-recovery.md
+++ b/devices/hololens/hololens-recovery.md
@@ -9,7 +9,7 @@ author: mattzmsft
ms.author: mazeller
ms.date: 08/30/2019
ms.topic: article
-ms.localizationpriority:
+ms.localizationpriority: high
manager: jarrettr
appliesto:
- HoloLens (1st gen)
diff --git a/devices/hololens/hololens-spaces.md b/devices/hololens/hololens-spaces.md
index b8f98ea416..26790eacca 100644
--- a/devices/hololens/hololens-spaces.md
+++ b/devices/hololens/hololens-spaces.md
@@ -9,7 +9,7 @@ keywords: hololens, Windows Mixed Reality, design, spatial mapping, HoloLens, su
ms.prod: hololens
ms.sitesec: library
ms.topic: article
-ms.localizationpriority: medium
+ms.localizationpriority: high
appliesto:
- HoloLens 1 (1st gen)
- HoloLens 2
diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md
index ca4e503851..e6ccdbd207 100644
--- a/devices/hololens/hololens-status.md
+++ b/devices/hololens/hololens-status.md
@@ -8,7 +8,7 @@ manager: jarrettr
audience: Admin
ms.topic: article
ms.prod: hololens
-ms.localizationpriority: Medium
+ms.localizationpriority: high
ms.sitesec: library
---
diff --git a/devices/hololens/hololens1-clicker.md b/devices/hololens/hololens1-clicker.md
index 9e8d26b69d..9da6a40ba5 100644
--- a/devices/hololens/hololens1-clicker.md
+++ b/devices/hololens/hololens1-clicker.md
@@ -10,7 +10,7 @@ ms.sitesec: library
author: v-miegge
ms.author: v-miegge
ms.topic: article
-ms.localizationpriority: medium
+ms.localizationpriority: high
appliesto:
- HoloLens (1st gen)
---
diff --git a/devices/hololens/hololens1-hardware.md b/devices/hololens/hololens1-hardware.md
index aced822bd4..b10c64486f 100644
--- a/devices/hololens/hololens1-hardware.md
+++ b/devices/hololens/hololens1-hardware.md
@@ -15,7 +15,7 @@ appliesto:
- HoloLens (1st gen)
---
-# HoloLens (1st Gen) hardware
+# HoloLens (1st gen) hardware
diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md
index 912f8f5f79..9f8edd7758 100644
--- a/devices/hololens/hololens2-setup.md
+++ b/devices/hololens/hololens2-setup.md
@@ -102,6 +102,7 @@ Not sure what the indicator lights on your HoloLens mean? Want to know how HoloL
| - | - | - |
| You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. |
| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. |
+| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a hardware failure. To be sure, [reinstall the OS](hololens-recovery.md#hololens-2), and try again. After reinstalling the OS, if the light-flash pattern persists, contact [support](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb). |
## Safety and comfort
diff --git a/devices/surface-hub/surface-hub-site-readiness-guide.md b/devices/surface-hub/surface-hub-site-readiness-guide.md
index cf21867432..b3f42b32cf 100644
--- a/devices/surface-hub/surface-hub-site-readiness-guide.md
+++ b/devices/surface-hub/surface-hub-site-readiness-guide.md
@@ -99,8 +99,8 @@ There are three ways to mount your Surface Hub:
For specifications on available mounts for the original Surface Hub, see the following:
-- [Surface Hub Mounts and Stands Datasheet](http://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf)
-- [Surface Hub Stand and Wall Mount Specifications](http://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf)
+- [Surface Hub Mounts and Stands Datasheet](https://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf)
+- [Surface Hub Stand and Wall Mount Specifications](https://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf)
## The Connect experience
diff --git a/devices/surface/surface-dock-firmware-update.md b/devices/surface/surface-dock-firmware-update.md
index 6916589feb..8fa4e11515 100644
--- a/devices/surface/surface-dock-firmware-update.md
+++ b/devices/surface/surface-dock-firmware-update.md
@@ -47,8 +47,14 @@ You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firm
- **Msiexec.exe /i /quiet /norestart**
+> [!NOTE]
+> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
+
For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation.
+> [!IMPORTANT]
+> If you want to keep your Surface Dock updated using any other method, refer to [Update your Surface Dock](https://support.microsoft.com/help/4023478/surface-update-your-surface-dock) for details.
+
## Intune deployment
You can use Intune to distribute Surface Dock Firmware Update to your devices. First you will need to convert the MSI file to the .intunewin format, as described in the following documentation: [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps/apps-win32-app-management).
@@ -84,8 +90,8 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
| Log | Location | Notes |
| -------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Surface Dock Firmware Update log | /l*v %windir%\logs\Applications\SurfaceDockFWI.log | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. |
-| Windows Device Install log | %windir%\inf\ setupapi.dev.log | For more information about using Device Install Log, refer [to SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. |
+| Surface Dock Firmware Update log | Path needs to be specified (see note) | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. |
+| Windows Device Install log | %windir%\inf\setupapi.dev.log | For more information about using Device Install Log, refer to [SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-). |
**Table 2. Event log IDs for Surface Dock Firmware Update**
@@ -97,6 +103,10 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
| 2003 | Dock firmware update failed to get firmware version. |
| 2004 | Querying the firmware version. |
| 2005 | Dock firmware failed to start update. |
+| 2006 | Failed to send offer/payload pairs. |
+| 2007 | Firmware update finished. |
+| 2008 | BEGIN dock telemetry. |
+| 2011 | END dock telemetry. |
## Troubleshooting tips
diff --git a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
index fda09c81df..56bd58a27e 100644
--- a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
+++ b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md
@@ -20,7 +20,7 @@ ms.date: 06/16/2016
After you have properly deployed the Microsoft Application Virtualization (App-V) 5.0 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
**Note**
-For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md
index cc24ad5c89..eefee88047 100644
--- a/mdop/mbam-v25/deploy-mbam.md
+++ b/mdop/mbam-v25/deploy-mbam.md
@@ -110,7 +110,7 @@ Choose a server that meets the hardware configuration as explained in the [MBAM
.NET Framework Environment
Configuration APIs
-For the self-service portal to work, you should also [download and install ASP.NET MVC 4.0](http://go.microsoft.com/fwlink/?linkid=392271).
+For the self-service portal to work, you should also [download and install ASP.NET MVC 4.0](https://go.microsoft.com/fwlink/?linkid=392271).
The next step is to create the required MBAM users and groups in Active Directory.
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index c265525536..44260b0181 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -82,7 +82,8 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC
- Password
- Windows Hello for Business, with or without an MDM subscription.
-
+> [!NOTE]
+> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
## Related topics
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 922ed015a1..68141ff2a5 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2699,8 +2699,8 @@ Additional lists:
## CSP DDF files download
You can download the DDF files for various CSPs from the links below:
-- [Download all the DDF files for Windows 10, version 1903](http://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
-- [Download all the DDF files for Windows 10, version 1809](http://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index beb25c4bea..a5298bf190 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -20,10 +20,10 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy*
You can view various Policy DDF files by clicking the following links:
-- [View the Policy DDF file for Windows 10, version 1903](http://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
-- [View the Policy DDF file for Windows 10, version 1809](http://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
+- [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
+- [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
- [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
-- [View the Policy DDF file for Windows 10, version 1803 release C](http://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
+- [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
- [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
index cb2908dda2..7b4f4424be 100644
--- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
@@ -25,7 +25,13 @@ manager: dansimp
## Overview
-Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies.
+Starting in Windows 10, version 1703, you can import ADMX files (also called ADMX ingestion) and set those ADMX-backed policies for Win32 and Desktop Bridge apps by using Windows 10 Mobile Device Management (MDM) on desktop SKUs. The ADMX files that define policy information can be ingested to your device by using the Policy CSP URI, `./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`. The ingested ADMX file is then processed into MDM policies.
+
+NOTE: Starting from the following Windows 10 version Replace command is supported
+- Windows 10, version 1903 with KB4512941 and KB4517211 installed
+- Windows 10, version 1809 with KB4512534 and KB installed
+- Windows 10, version 1803 with KB4512509 and KB installed
+- Windows 10, version 1709 with KB4516071 and KB installed
When the ADMX policies are imported, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
@@ -48,6 +54,8 @@ When the ADMX policies are imported, the registry keys to which each policy is w
- software\microsoft\exchange\
- software\policies\microsoft\vba\security\
- software\microsoft\onedrive
+- software\Microsoft\Edge
+- Software\Microsoft\EdgeUpdate\
> [!Warning]
> Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined.
diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index 0c13fc8950..719976a254 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -22,9 +22,9 @@ ms.author: dansimp
A Stop error is displayed as a blue screen that contains the name of the faulty driver, such as any of the following example drivers:
-- atikmpag.sys
-- igdkmd64.sys
-- nvlddmkm.sys
+- `atikmpag.sys`
+- `igdkmd64.sys`
+- `nvlddmkm.sys`
There is no simple explanation for the cause of Stop errors (also known as blue screen errors or bug check errors). Many different factors can be involved. However, various studies indicate that Stop errors usually are not caused by Microsoft Windows components. Instead, these errors are generally related to malfunctioning hardware drivers or drivers that are installed by third-party software. This includes video cards, wireless network cards, security programs, and so on.
@@ -61,7 +61,7 @@ To troubleshoot Stop error messages, follow these general steps:
4. Run [Microsoft Safety Scanner](http://www.microsoft.com/security/scanner/en-us/default.aspx) or any other virus detection program that includes checks of the Master Boot Record for infections.
-5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10 to 15 percent free disk space.
+5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10–15 percent free disk space.
6. Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios:
@@ -90,12 +90,12 @@ To configure the system for memory dump files, follow these steps:
5. Stop and disable Automatic System Restart Services (ASR) to prevent dump files from being written.
6. If the server is virtualized, disable auto reboot after the memory dump file is created. This lets you take a snapshot of the server in-state and also if the problem recurs.
-The memory dump file is saved at the following locations.
+The memory dump file is saved at the following locations:
| Dump file type | Location |
|----------------|----------|
-|(none) | %SystemRoot%\MEMORY.DMP (inactive, or greyed out) |
-|Small memory dump file (256kb) | %SystemRoot%\Minidump |
+|(none) | %SystemRoot%\MEMORY.DMP (inactive, or grayed out) |
+|Small memory dump file (256 kb) | %SystemRoot%\Minidump |
|Kernel memory dump file | %SystemRoot%\MEMORY.DMP |
| Complete memory dump file | %SystemRoot%\MEMORY.DMP |
| Automatic memory dump file | %SystemRoot%\MEMORY.DMP |
@@ -118,7 +118,7 @@ More information on how to use Dumpchk.exe to check your dump files:
### Memory dump analysis
-Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in a variety of symptoms.
+Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in various symptoms.
When a Stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the Stop error again. If you can replicate the problem, you can usually determine the cause.
@@ -138,8 +138,8 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols
1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. See the steps [here](troubleshoot-windows-freeze.md#method-1-memory-dump) for more information.
2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer.
-3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk).
-4. Start the install and choose **Debugging Tools for Windows**. This will install the WinDbg tool.
+3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk).
+4. Start the install and choose **Debugging Tools for Windows**. This installs the WinDbg tool.
5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.
a. If the computer is connected to the Internet, enter the [Microsoft public symbol server](https://docs.microsoft.com/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.
b. If the computer is not connected to the Internet, you must specify a local [symbol path](https://docs.microsoft.com/windows-hardware/drivers/debugger/symbol-path).
@@ -149,7 +149,7 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols
8. A detailed bugcheck analysis will appear. See the example below.
9. Scroll down to the section where it says **STACK_TEXT**. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL.
-10. See [Using the !analyze Exension](https://docs.microsoft.com/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output.
+10. See [Using the !analyze Extension](https://docs.microsoft.com/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output.
There are many possible causes of a bugcheck and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:
@@ -213,7 +213,7 @@ Use the following guidelines when you use Driver Verifier:
- Test any “suspicious” drivers (drivers that were recently updated or that are known to be problematic).
- If you continue to experience non-analyzable crashes, try enabling verification on all third-party and unsigned drivers.
-- Enable concurrent verification on groups of 10 to 20 drivers.
+- Enable concurrent verification on groups of 10–20 drivers.
- Additionally, if the computer cannot boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. This is because the tool cannot run in Safe mode.
For more information, see [Driver Verifier](https://docs.microsoft.com/windows-hardware/drivers/devtest/driver-verifier).
@@ -233,13 +233,13 @@ SYSTEM_SERVICE_EXCEPTION
Stop error code c000021a {Fatal System Error} The W
NTFS_FILE_SYSTEM
Stop error code 0x000000024 | This Stop error is commonly caused by corruption in the NTFS file system or bad blocks (sectors) on the hard disk. Corrupted drivers for hard disks (SATA or IDE) can also adversely affect the system's ability to read and write to disk. Run any hardware diagnostics that are provided by the manufacturer of the storage subsystem. Use the scan disk tool to verify that there are no file system errors. To do this, right-click the drive that you want to scan, select Properties, select Tools, and then select the Check now button.We also suggest that you update the NTFS file system driver (Ntfs.sys), and apply the latest cumulative updates for the current operating system that is experiencing the problem.
KMODE_EXCEPTION_NOT_HANDLED
Stop error code 0x0000001E | If a driver is identified in the Stop error message, disable or remove that driver. Disable or remove any drivers or services that were recently added.
If the error occurs during the startup sequence, and the system partition is formatted by using the NTFS file system, you might be able to use Safe mode to disable the driver in Device Manager. To do this, follow these steps:
Go to **Settings > Update & security > Recovery**. Under **Advanced startup**, select **Restart now**. After your PC restarts to the **Choose an option** screen, select **Troubleshoot > Advanced options > Startup Settings > Restart**. After the computer restarts, you'll see a list of options. Press **4** or **F4** to start the computer in Safe mode. Or, if you intend to use the Internet while in Safe mode, press **5** or **F5** for the Safe Mode with Networking option.
DPC_WATCHDOG_VIOLATION
Stop error code 0x00000133 | This Stop error code is caused by a faulty driver that does not complete its work within the allotted time frame in certain conditions. To enable us to help mitigate this error, collect the memory dump file from the system, and then use the Windows Debugger to find the faulty driver. If a driver is identified in the Stop error message, disable the driver to isolate the problem. Check with the manufacturer for driver updates. Check the system log in Event Viewer for additional error messages that might help identify the device or driver that is causing Stop error 0x133. Verify that any new hardware that is installed is compatible with the installed version of Windows. For example, you can get information about required hardware at Windows 10 Specifications. If Windows Debugger is installed, and you have access to public symbols, you can load the c:\windows\memory.dmp file into the Debugger, and then refer to [Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012](https://blogs.msdn.microsoft.com/ntdebugging/2012/12/07/determining-the-source-of-bug-check-0x133-dpc_watchdog_violation-errors-on-windows-server-2012/) to find the problematic driver from the memory dump.
-USER_MODE_HEALTH_MONITOR
Stop error code 0x0000009E | This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Therefore, Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.
This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process.Try to update the component or process that is indicated in the event logs. You should see the following event recorded:
Event ID: 4870
Source: Microsoft-Windows-FailoverClustering
Description: User mode health monitoring has detected that the system is not being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. Recovery action will be taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang.
For more information, see ["Why is my Failover Clustering node blue screening with a Stop 0x0000009E?"](https://blogs.technet.microsoft.com/askcore/2009/06/12/why-is-my-failover-clustering-node-blue-screening-with-a-stop-0x0000009e) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw).
+USER_MODE_HEALTH_MONITOR
Stop error code 0x0000009E | This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Therefore, Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.
This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process. Try to update the component or process that is indicated in the event logs. You should see the following event recorded:
Event ID: 4870
Source: Microsoft-Windows-FailoverClustering
Description: User mode health monitoring has detected that the system is not being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. Recovery action is taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang.
For more information, see ["Why is my Failover Clustering node blue screening with a Stop 0x0000009E?"](https://blogs.technet.microsoft.com/askcore/2009/06/12/why-is-my-failover-clustering-node-blue-screening-with-a-stop-0x0000009e) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw).
## Debugging examples
### Example 1
-This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver). The **IMAGE_NAME** will tell you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
+This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver). The **IMAGE_NAME** tells you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
```
2: kd> !analyze -v
@@ -391,7 +391,7 @@ ANALYSIS_SESSION_ELAPSED_TIME: 8377
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_ndis!ndisqueueioworkitem
FAILURE_ID_HASH: {10686423-afa1-4852-ad1b-9324ac44ac96}
-FAILURE_ID_REPORT_LINK: http://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96
+FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96
Followup: ndiscore
---------
```
@@ -564,7 +564,7 @@ ANALYSIS_SESSION_ELAPSED_TIME: 162bd
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_r_invalid_wwanusbmp!unknown_function
FAILURE_ID_HASH: {31e4d053-0758-e43a-06a7-55f69b072cb3}
-FAILURE_ID_REPORT_LINK: http://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3
+FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3
Followup: MachineOwner
---------
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 139dcce1bb..95cf9806b1 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -36,7 +36,7 @@ It is intended that shared PCs are joined to an Active Directory or Azure Active
When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows 10, version 1703, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days.
### Maintenance and sleep
-Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not is use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
+Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not in use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
While shared PC mode does not configure Windows Update itself, it is strongly recommended to configure Windows Update to automatically install updates and reboot (if necessary) during maintenance hours. This will help ensure the PC is always up to date and not interrupting users with updates.
diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md
index 0214e53ad8..ddb3d63a10 100644
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@@ -9,7 +9,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
ms.localizationpriority: medium
ms.topic: article
---
@@ -159,6 +160,93 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
+
setupapi.dev.log content:
+
+
+>>> [Device Install (UpdateDriverForPlugAndPlayDevices) - PCI\VEN_8086&DEV_8C4F]
+>>> Section start 2019/09/26 20:13:01.623
+ cmd: rundll32.exe "C:\WINDOWS\Installer\MSI6E4C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_95972906 484 ChipsetWiX.CustomAction!Intel.Deployment.ChipsetWiX.CustomActions.InstallDrivers
+ ndv: INF path: C:\WINDOWS\TEMP\{15B1CD41-69F5-48EA-9F45-0560A40FE2D8}\Drivers\lynxpoint\LynxPointSystem.inf
+ ndv: Install flags: 0x00000000
+ ndv: {Update Device Driver - PCI\VEN_8086&DEV_8C4F&SUBSYS_05BE1028&REV_04\3&11583659&0&F8}
+ ndv: Search options: 0x00000081
+ ndv: Searching single INF 'C:\WINDOWS\TEMP\{15B1CD41-69F5-48EA-9F45-0560A40FE2D8}\Drivers\lynxpoint\LynxPointSystem.inf'
+ dvi: {Build Driver List} 20:13:01.643
+ dvi: Searching for hardware ID(s):
+ dvi: pci\ven_8086&dev_8c4f&subsys_05be1028&rev_04
+ dvi: pci\ven_8086&dev_8c4f&subsys_05be1028
+ dvi: pci\ven_8086&dev_8c4f&cc_060100
+ dvi: pci\ven_8086&dev_8c4f&cc_0601
+ dvi: Searching for compatible ID(s):
+ dvi: pci\ven_8086&dev_8c4f&rev_04
+ dvi: pci\ven_8086&dev_8c4f
+ dvi: pci\ven_8086&cc_060100
+ dvi: pci\ven_8086&cc_0601
+ dvi: pci\ven_8086
+ dvi: pci\cc_060100
+ dvi: pci\cc_0601
+ sig: {_VERIFY_FILE_SIGNATURE} 20:13:01.667
+ sig: Key = lynxpointsystem.inf
+ sig: FilePath = c:\windows\temp\{15b1cd41-69f5-48ea-9f45-0560a40fe2d8}\drivers\lynxpoint\lynxpointsystem.inf
+ sig: Catalog = c:\windows\temp\{15b1cd41-69f5-48ea-9f45-0560a40fe2d8}\drivers\lynxpoint\LynxPoint.cat
+ sig: Success: File is signed in catalog.
+ sig: {_VERIFY_FILE_SIGNATURE exit(0x00000000)} 20:13:01.683
+ dvi: Created Driver Node:
+ dvi: HardwareID - PCI\VEN_8086&DEV_8C4F
+ dvi: InfName - c:\windows\temp\{15b1cd41-69f5-48ea-9f45-0560a40fe2d8}\drivers\lynxpoint\lynxpointsystem.inf
+ dvi: DevDesc - Intel(R) QM87 LPC Controller - 8C4F
+ dvi: Section - Needs_ISAPNP_DRV
+ dvi: Rank - 0x00ff2001
+ dvi: Signer Score - WHQL
+ dvi: DrvDate - 04/04/2016
+ dvi: Version - 10.1.1.18
+ dvi: {Build Driver List - exit(0x00000000)} 20:13:01.699
+ ndv: Searching currently installed INF
+ dvi: {Build Driver List} 20:13:01.699
+ dvi: Searching for hardware ID(s):
+ dvi: pci\ven_8086&dev_8c4f&subsys_05be1028&rev_04
+ dvi: pci\ven_8086&dev_8c4f&subsys_05be1028
+ dvi: pci\ven_8086&dev_8c4f&cc_060100
+ dvi: pci\ven_8086&dev_8c4f&cc_0601
+ dvi: Searching for compatible ID(s):
+ dvi: pci\ven_8086&dev_8c4f&rev_04
+ dvi: pci\ven_8086&dev_8c4f
+ dvi: pci\ven_8086&cc_060100
+ dvi: pci\ven_8086&cc_0601
+ dvi: pci\ven_8086
+ dvi: pci\cc_060100
+ dvi: pci\cc_0601
+ dvi: Created Driver Node:
+ dvi: HardwareID - PCI\VEN_8086&DEV_8C4F
+ dvi: InfName - C:\WINDOWS\System32\DriverStore\FileRepository\lynxpointsystem.inf_amd64_cd1e518d883ecdfe\lynxpointsystem.inf
+ dvi: DevDesc - Intel(R) QM87 LPC Controller - 8C4F
+ dvi: Section - Needs_ISAPNP_DRV
+ dvi: Rank - 0x00ff2001
+ dvi: Signer Score - WHQL
+ dvi: DrvDate - 10/03/2016
+ dvi: Version - 10.1.1.38
+ dvi: {Build Driver List - exit(0x00000000)} 20:13:01.731
+ dvi: {DIF_SELECTBESTCOMPATDRV} 20:13:01.731
+ dvi: Default installer: Enter 20:13:01.735
+ dvi: {Select Best Driver}
+ dvi: Class GUID of device changed to: {4d36e97d-e325-11ce-bfc1-08002be10318}.
+ dvi: Selected Driver:
+ dvi: Description - Intel(R) QM87 LPC Controller - 8C4F
+ dvi: InfFile - c:\windows\system32\driverstore\filerepository\lynxpointsystem.inf_amd64_cd1e518d883ecdfe\lynxpointsystem.inf
+ dvi: Section - Needs_ISAPNP_DRV
+ dvi: {Select Best Driver - exit(0x00000000)}
+ dvi: Default installer: Exit
+ dvi: {DIF_SELECTBESTCOMPATDRV - exit(0x00000000)} 20:13:01.743
+ ndv: Currently Installed Driver:
+ ndv: Inf Name - oem1.inf
+ ndv: Driver Date - 10/03/2016
+ ndv: Driver Version - 10.1.1.38
+ ndv: {Update Device Driver - exit(00000103)}
+! ndv: No better matching drivers found for device 'PCI\VEN_8086&DEV_8C4F&SUBSYS_05BE1028&REV_04\3&11583659&0&F8'.
+! ndv: No devices were updated.
+<<< Section end 2019/09/26 20:13:01.759
+<<< [Exit status: FAILURE(0xC1900101)]
+
This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f.
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index a1992d96b8..61edc16bf7 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -37,7 +37,7 @@ Deployment instructions are provided for the following scenarios:
### Scenario 1
- The VM is running Windows 10, version 1803 or later.
-- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) (QMTH).
+- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH).
When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
@@ -47,7 +47,7 @@ Deployment instructions are provided for the following scenarios:
[Inherited Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account.
### Scenario 3
-- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) partner.
+- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) partner.
In this scenario, the underlying Windows 10 Pro license must be activated prior to Subscription Activation of Windows 10 Enterprise. Activation is accomplished using a Windows 10 Pro Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server on your corporate network can be used if you have configured a private connection, such as [ExpressRoute](https://azure.microsoft.com/services/expressroute/) or [VPN Gateway](https://azure.microsoft.com/services/vpn-gateway/).
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md
index b76cb0ec72..096ebe1151 100644
--- a/windows/deployment/windows-autopilot/add-devices.md
+++ b/windows/deployment/windows-autopilot/add-devices.md
@@ -27,7 +27,7 @@ Before deploying a device using Windows Autopilot, the device must be registered
## OEM registration
-When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/windowsforbusiness/windows-autopilot).
+When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers and resellers" section of the [Windows Autopilot information page](https://aka.ms/windowsautopilot).
Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so. This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization. See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#oem-authorization).
diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md
index ca7e93d18b..d096e3ff63 100644
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@@ -398,7 +398,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o
## Windows Defender
The following endpoint is used for Windows Defender when Cloud-based Protection is enabled.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Windows Defender Antivirus cloud service connections, see [Allow connections to the Windows Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service).
| Source process | Protocol | Destination |
|----------------|----------|------------|
diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index afaaca56b3..228b863e82 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -112,7 +112,7 @@ The following table lists the three group scopes and more information about each
Global groups from any domain in the same forest
Other Universal groups from any domain in the same forest
Can be converted to Domain Local scope
-Can be converted to Global scope if the group does not contain any other Universal groups |
+Can be converted to Global scope if the group is not a member of any other Universal groups
On any domain in the same forest or trusting forests |
Other Universal groups in the same forest
Domain Local groups in the same forest or trusting forests
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index cf2079e8e5..cf63fb2c17 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -107,7 +107,7 @@ Federation server proxies are computers that run AD FS software that have been c
Use the [Setting of a Federation Proxy](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/checklist--setting-up-a-federation-server-proxy) checklist to configure AD FS proxy servers in your environment.
### Deploy Azure AD Connect
-Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
+Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](https://go.microsoft.com/fwlink/?LinkId=615771).
When you are ready to install, follow the **Configuring federation with AD FS** section of [Custom installation of Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-get-started-custom). Select the **Federation with AD FS** option on the **User sign-in** page. At the **AD FS Farm** page, select the use an existing option and click **Next**.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 1cf7fcb2cd..804d8a9ca6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -77,8 +77,8 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi
The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
->[!NOTE]
->The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail.
+> [!NOTE]
+> The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail.
### Enrollment Agent certificate template
@@ -150,10 +150,10 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equivalent credentials.
1. Open an elevated command prompt.
-2. Run `certutil -dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
+2. Run `certutil -dsTemplate WHFBAuthentication,msPKI-Private-Key-Flag,+CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
->[!NOTE]
->If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
+> [!NOTE]
+> If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
## Publish Templates
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
index abb29a0a18..0f5cdfa98a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@@ -27,7 +27,7 @@ ms.reviewer:
You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises.
## Deploy Azure AD Connect
-Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771).
+Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](https://go.microsoft.com/fwlink/?LinkId=615771).
> [!NOTE]
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
index 3878a9b907..99d02689bd 100644
--- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
@@ -21,7 +21,7 @@ ms.reviewer:
> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users.
+Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. See [FIDO2 security keys features and providers](https://docs.microsoft.com/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys).
The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience.
diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md
index 6edaaf0f7d..a710de4335 100644
--- a/windows/security/information-protection/windows-information-protection/wip-learning.md
+++ b/windows/security/information-protection/windows-information-protection/wip-learning.md
@@ -10,8 +10,8 @@ ms.mktglfcycl:
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: stephow-MSFT
-ms.author: stephow
+author: LauraWi
+ms.author: laurawi
manager: laurawi
audience: ITPro
ms.collection: M365-security-compliance
@@ -33,7 +33,7 @@ In the **Website learning report**, you can view a summary of the devices that h
## Access the WIP Learning reports
-1. Open the [Azure portal](http://portal.azure.com/).
+1. Open the [Azure portal](https://portal.azure.com/).
1. Click **All services**, type **Intune** in the text box filter, and click the star to add it to **Favorites**.
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index faa3dcf853..e9761cde7b 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -196,7 +196,7 @@ Typical **Primary Group** values for user accounts:
- **New UAC Value** \[Type = UnicodeString\]: specifies flags that control password, lockout, disable/enable, script, and other behavior for the user account. If the value of **userAccountControl** attribute of user object was changed, you will see the new value here.
-To decode this value, you can go through the property value definitions in the “Table 7. User’s or Computer’s account UAC flags.” from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag.
+To decode this value, you can go through the property value definitions in the [User’s or Computer’s account UAC flags.](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties) from largest to smallest. Compare each property value to the flags value in the event. If the flags value in the event is greater than or equal to the property value, then the property is "set" and applies to that event. Subtract the property value from the flags value in the event and note that the flag applies and then go on to the next flag.
Here's an example: Flags value from event: 0x15
@@ -226,7 +226,7 @@ Decoding:
So this UAC flags value decodes to: LOCKOUT and SCRIPT
-- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: “Table 7. User’s or Computer’s account UAC flags.”. In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event.
+- **User Account Control** \[Type = UnicodeString\]**:** shows the list of changes in **userAccountControl** attribute. You will see a line of text for each change. See possible values in here: [User’s or Computer’s account UAC flags](https://support.microsoft.com/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties). In the “User Account Control field text” column, you can see the text that will be displayed in the **User Account Control** field in 4738 event.
- **User Parameters** \[Type = UnicodeString\]: if you change any setting using Active Directory Users and Computers management console in Dial-in tab of user’s account properties, then you will see **<value changed, but not displayed>** in this field. For local accounts, this field is not applicable and always has “<value not set>“ value.
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 5f47de9db6..32bbf69dc2 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -1,7091 +1,7194 @@
----
-title: FIPS 140 Validation
-description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140.
-ms.prod: w10
-audience: ITPro
-author: dulcemontemayor
-ms.author: dansimp
-manager: dansimp
-ms.collection: M365-identity-device-management
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 04/03/2018
-ms.reviewer:
----
-
-
-# FIPS 140 Validation
-
-On this page
-
-- [Introduction](https://technet.microsoft.com/library/cc750357.aspx#id0eo)
-- [FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#id0ebd)
-- [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#id0ezd)
-- [Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#id0eve)
-- [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#id0eibac)
-- [FIPS 140 FAQ](https://technet.microsoft.com/library/cc750357.aspx#id0eqcac)
-- [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#id0ewfac)
-- [Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#id0erobg)
-
-Updated: March 2018
-
-
-
-## Introduction
-
-This document provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard, *Federal Information Processing Standard (FIPS) 140 – Security Requirements for Cryptographic Modules* \[FIPS 140\].
-
-### Audience
-
-This document is primarily focused on providing information for three parties:
-
-[Procurement Officer](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_product_validation) – Responsible for verifying that Microsoft products (or even third-party applications) are either FIPS 140 validated or utilize a Microsoft FIPS 140 validated cryptographic module.
-
-[System Integrator](https://technet.microsoft.com/library/cc750357.aspx#_information_for_system) – Responsible for ensuring that Microsoft Products are configured properly to use only FIPS 140 validated cryptographic modules.
-
-[Software Developer](https://technet.microsoft.com/library/cc750357.aspx#_information_for_software) – Responsible for building software products that utilize Microsoft FIPS 140 validated cryptographic modules.
-
-### Document Map
-
-This document is broken into seven major sections:
-
-[FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#_fips_140_overview) – Provides an overview of the FIPS 140 standard as well as provides some historical information about the standard.
-
-[Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_product_validation) – Provides information on how Microsoft products are FIPS 140 validated.
-
-[Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#_information_for_system) – Describes how to configure and verify that Microsoft Products are being used in a manner consistent with the product’s FIPS 140 Security Policy.
-
-[Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#_information_for_software) – Identifies how developers can leverage the Microsoft FIPS 140 validated cryptographic modules.
-
-[FAQ](https://technet.microsoft.com/library/cc750357.aspx#_fips_140_faq) – Frequently Asked Questions.
-
-[Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_fips_140) – Explains Microsoft cryptographic architecture and identifies specific modules that are FIPS 140 validated.
-
-[Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#_cryptographic_algorithms) – Lists the cryptographic algorithm, modes, states, key sizes, Windows versions, and corresponding cryptographic algorithm validation certificates.
-
-## FIPS 140 Overview
-
-### FIPS 140 Standard
-
-FIPS 140 is a US government and Canadian government standard that defines a minimum set of the security requirements for products that implement cryptography. This standard is designed for cryptographic modules that are used to secure sensitive but unclassified information. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment of Canada (CSEC).
-
-The current standard defines four-levels of increasing security, 1 through 4. Most software products (including all Microsoft products) are tested against the Level 1 security requirements.
-
-### Applicability of the FIPS standard
-
-Within the US Federal government, the FIPS 140 standard applies to any security system (whether hardware, firmware, software, or a combination thereof) to be used by agencies for protecting sensitive but unclassified information. Some agencies have expanded its use by requiring that the modules to be procured for secret systems also meet the FIPS 140 requirements.
-
-The FIPS 140 standard has also been used by different standards bodies, specification groups, nations, and private institutions as a requirement or guideline for those products (e.g. – Digital Cinema Systems Specification).
-
-### History of 140-1
-
-FIPS 140-1 is the original working version of the standard made official on January 11, 1994. The standard remained in effect until FIPS 140-2 became mandatory for new products on May 25, 2002.
-
-### FIPS 140-2
-
-FIPS 140-2 is currently the active version of the standard.
-
-### Microsoft FIPS Support Policy
-
-Microsoft actively maintains FIPS 140 validation for its cryptographic modules.
-
-### FIPS Mode of Operation
-
-The common term “FIPS mode” is used in this document and Security Policy documents. When a cryptographic module contains both FIPS-approved and non-FIPS approved security methods, it must have a "FIPS mode of operation" to ensure only FIPS-approved security methods may be used. When a module is in "FIPS mode", a non-FIPS approved method cannot be used instead of a FIPS-approved method.
-
-## Microsoft Product Validation (Information for Procurement Officers and Auditors)
-
-This section provides information for Procurement Officers and Auditors who are responsible for ensuring that Microsoft products with FIPS 140 validated cryptographic modules are used in their organization. The goal of this section is to provide an overview of the Microsoft developed products and modules and explain how the validated cryptographic modules are used.
-
-### Microsoft Product Relationship with CNG and CAPI libraries
-
-Rather than validate individual components and products, Microsoft chooses to validate only the underlying cryptographic modules. Subsequently, many Windows components and Microsoft products are built to rely on the Cryptographic API: Next Generation (CNG) and legacy Cryptographic API (CAPI) FIPS 140 validated cryptographic modules. Windows components and Microsoft products use the documented application programming interfaces (APIs) for each of the modules to access various cryptographic services.
-
-The following list contains some of the Windows components and Microsoft products that rely on FIPS 140 validated cryptographic modules:
-
-- Schannel Security Package
-- Remote Desktop Protocol (RDP) Client
-- Encrypting File System (EFS)
-- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
-- BitLocker® Drive Full-volume Encryption
-- IPsec Settings of Windows Firewall
-- Server Message Block (SMB) 3.x
-
-## Information for System Integrators
-
-This section provides information for System Integrators and Auditors who are responsible for deploying Microsoft products in a manner consistent with the product’s FIPS 140 Security Policy.
-
-There are two steps to ensure that Microsoft products operate in FIPS mode:
-
-1. Selecting/Installing FIPS 140 validated cryptographic modules
-2. Setting FIPS local/group security policy flag.
-
-### Step 1 – Selecting/Installing FIPS 140 Validated Cryptographic Modules
-
-Systems Integrators must ensure that all cryptographic modules installed are, in fact, FIPS 140 validated. This can be accomplished by cross-checking the version number of the installed module with the list of validated binaries. The list of validated CAPI binaries is identified in the [CAPI Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_capi_validated_cryptographic) section below and the list of validated CNG binaries is identified in the [CNG Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_cng_validated_cryptographic) section below. There are similar sections for all other validated cryptographic modules.
-
-The version number of the installed binary is found by right-clicking the module file and clicking on the Version or Details tab. Cryptographic modules are stored in the "windows\\system32" or "windows\\system32\\drivers" directory.
-
-### Step 2 – Setting FIPS Local/Group Security Policy Flag
-
-The Windows operating system provides a group (or local) security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing”, which is used by many Microsoft products to determine whether to operate in a FIPS-approved mode. When this policy is set, the validated cryptographic modules in Windows will also operate in a FIPS-approved mode.
-
-**Note** – There is no enforcement of the FIPS policy by the operating system or the validated cryptographic modules. Instead, each individual application must check this flag and enforce the Security Policy of the validated cryptographic modules.
-
-#### Instructions on Setting the FIPS Local/Group Security Policy Flag
-
-While there are alternative methods for setting the FIPS local/group security policy flag, the following method is included as a guide to users with Administrative privileges. This description is for the Local Security Policy, but the Group Security Policy may be set in a similar manner.
-
-1. Open the 'Run' menu by pressing the combination 'Windows Key + R'.
-2. Type 'secpol.msc' and press 'Enter' or click the 'Ok' button.
-3. In the Local Security Policy management console window that opens, use the left tab to navigate to the Local Policies -\> Security Options.
-4. Scroll down the right pane and double-click 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing'.
-5. In the properties window, select the 'Enabled' option and click the 'Apply' button.
-
-#### Microsoft Components and Products That Utilize FIPS Local/Group Security Policy
-
-The following list details some of the Microsoft components that use the cryptographic functionality implemented by either CNG or legacy CAPI. When the FIPS Local/Group Security Policy is set, the following components will enforce the validated module Security Policy.
-
-- Schannel Security Package
-- Remote Desktop Protocol (RDP) Client
-- Encrypting File System (EFS)
-- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
-- BitLocker® Drive Full-volume Encryption
-- IPsec Settings of Windows Firewall
-
-#### Effects of Setting FIPS Local/Group Security Policy Flag
-
-When setting the FIPS local/group security policy flag, the behavior of several Microsoft components and products are affected. The most noticeable difference will be that the components enforcing this setting will only use those algorithms approved or allowed in FIPS mode. The specific changes to the products listed above are:
-
-- Schannel Security Package forced to negotiate sessions using TLS. The following supported Cipher Suites are disabled:
-
-- - TLS\_RSA\_WITH\_RC4\_128\_SHA
- - TLS\_RSA\_WITH\_RC4\_128\_MD5
- - SSL\_CK\_RC4\_128\_WITH\_MD5
- - SSL\_CK\_DES\_192\_EDE3\_CBC\_WITH\_MD5
- - TLS\_RSA\_WITH\_NULL\_MD5
- - TLS\_RSA\_WITH\_NULL\_SHA
-
-- The set of cryptographic algorithms that a Remote Desktop Protocol (RDP) server will use is scoped to:
-
-- - CALG\_RSA\_KEYX - RSA public key exchange algorithm
- - CALG\_3DES - Triple DES encryption algorithm
- - CALG\_AES\_128 - 128 bit AES
- - CALG\_AES\_256 - 256 bit AES
- - CALG\_SHA1 - SHA hashing algorithm
- - CALG\_SHA\_256 - 256 bit SHA hashing algorithm
- - CALG\_SHA\_384 - 384 bit SHA hashing algorithm
- - CALG\_SHA\_512 - 512 bit SHA hashing algorithm
-
-- Any Microsoft .NET Framework applications, such as Microsoft ASP.NET or Windows Communication Foundation (WCF), only allow algorithm implementations that are validated to FIPS 140, meaning only classes that end in "CryptoServiceProvider" or "Cng" can be used. Any attempt to create an instance of other cryptographic algorithm classes or create instances that use non-allowed algorithms will cause an InvalidOperationException exception.
-
-- Verification of ClickOnce applications fails unless the client computer has .NET Framework 2.0 SP1 or later service pack installed or .NET Framework 3.5 or later installed.
-
-- On Windows Vista and Windows Server 2008 and later, BitLocker Drive Encryption switches from AES-128 using the elephant diffuser to using the approved AES-256 encryption. Recovery passwords are not created or backed up. Instead, backup a recovery key on a local drive or on a network share. To use the recovery key, put the key on a USB device and plug the device into the computer.
-
-Please be aware that selection of FIPS mode can limit product functionality (See ).
-
-## Information for Software Developers
-
-This section is targeted at developers who wish to build their own applications using the FIPS 140 validated cryptographic modules.
-
-Each of the validated cryptographic modules defines a series of rules that must be followed. The security rules for each validated cryptographic module are specified in the Security Policy document. Links to each of the Security Policy documents is provided in the [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_fips_140) section below. Generally, the restriction in Microsoft validated cryptographic modules is limiting the use of cryptography to only FIPS Approved cryptographic algorithms, modes, and key sizes.
-
-### Using Microsoft Cryptographic Modules in a FIPS mode of operation
-
-No matter whether developing with native languages or using .NET, it is important to first check whether the CNG modules for the target system are FIPS validated. The list of validated CNG binaries is identified in the [CNG Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_cng_validated_cryptographic) section.
-
-When developing using CNG directly, it is the responsibility of the developer to follow the security rules outlined in the FIPS 140 Security Policy for each module. The security policy for each module is provided on the CMVP website. Links to each of the Security Policy documents is provided in the tables below. It is important to remember that setting the FIPS local/group security policy Flag (discussed above) does not affect the behavior of the modules when used for developing custom applications.
-
-If you are developing your application using .NET instead of using the native libraries, then setting the FIPS local policy flag will generate an exception when an improper .NET class is used for cryptography (i.e. the cryptographic classes whose names end in "Managed"). The names of these allowed classes end with "Cng", which use the CNG binaries or "CryptoServiceProvider", which use the legacy CAPI binaries.
-
-### Key Strengths and Validity Periods
-
-NIST Special Publication 800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, dated November 2015, \[[SP 800-131A](http://dx.doi.org/10.6028/nist.sp.800-131ar1)\], offers guidance for moving to stronger cryptographic keys and algorithms. This does not replace NIST SP 800-57, Recommendation for Key Management Part 1: General, \[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\], but gives more specific guidance. One of the most important topics discussed in these publications deals with the key strengths of FIPS Approved algorithms and their validity periods. When developing applications that use FIPS Approved algorithms, it is also extremely important to select appropriate key sizes based on the security lifetimes recommended by NIST.
-
-## FIPS 140 FAQ
-
-The following are answers to commonly asked questions for the FIPS 140-2 validation of Microsoft products.
-
-1. How does FIPS 140 relate to the Common Criteria?
- **Answer:** These are two separate security standards with different, but complementary, purposes. FIPS 140 is a standard designed specifically for validating product modules that implement cryptography. On the other hand, Common Criteria is designed to help evaluate security functions in IT products.
- In many cases, Common Criteria evaluations will rely on FIPS 140 validations to provide assurance that cryptographic functionality is implemented properly.
-2. How does FIPS 140 relate to Suite B?
- **Answer:** Suite B is simply a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information.
- The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140 standard.
-3. There are so many modules listed on the NIST website for each release, how are they related and how do I tell which one applies to me?
- **Answer:** Microsoft strives to validate all releases of its cryptographic modules. Each module provides a different set of cryptographic algorithms. If you are required to use only FIPS validated cryptographic modules, you simply need to verify that the version being used appears on the validation list.
- Please see the [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_fips_140)section for a complete list of Microsoft validated modules.
-4. My application links against crypt32.dll, cryptsp.dll, advapi32.dll, bcrypt.dll, bcryptprimitives.dll, or ncrypt.dll. What do I need to do to assure I’m using FIPS 140 validated cryptographic modules?
- **Answer:** crypt32.dll, cryptsp.dll, advapi32.dll, and ncrypt.dll are intermediary libraries that will offload all cryptographic operations to the FIPS validated cryptographic modules. Bcrypt.dll itself is a validated cryptographic module for Windows Vista and Windows Server 2008. For Windows 7 and Windows Server 2008 R2 and later, bcryptprimitives.dll is the validated module, but bcrypt.dll remains as one of the libraries to link against.
- You must first verify that the underlying CNG cryptographic module is validated. Once verified, you'll need to confirm that you're using the module correctly in FIPS mode (See [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#_information_for_software) section for details).
-5. What does "When operated in FIPS mode" mean on certificates?
- **Answer:** This caveat identifies that a required configuration and security rules must be followed in order to use the cryptographic module in a manner consistent with its FIPS 140 Security Policy. The security rules are defined in the Security Policy for the module and usually revolve around using only FIPS Approved cryptographic algorithms and key sizes. Please see the Security Policy for the specific security rules for each cryptographic module (See [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#_microsoft_fips_140) section for links to each policy).
-6. Which FIPS validated module is called when Windows 7 or Windows 8 is configured to use the FIPS setting in the wireless configuration?
- **Answer:** CNG is used. This setting tells the wireless driver to call FIPS 140-2 validated cryptographic modules instead of using the driver’s own cryptography, if any.
-7. Is BitLocker to Go FIPS 140-2 validated?
- **Answer:** There are two separate parts for BitLocker to Go. One part is simply a native feature of BitLocker and as such, it uses FIPS 140-2 validated cryptographic modules. The other part is the BitLocker to Go Reader application for down-level support of older operating systems such as Windows XP and Windows Vista. The Reader application does not use FIPS 140-2 validated cryptographic modules.
-8. Are applications FIPS 140-2 validated?
- **Answer:** Microsoft only has low-level cryptographic modules in Windows FIPS 140-2 validated, not high-level applications. A better question is whether a certain application calls a FIPS 140-2 validated cryptographic module in the underlying Windows OS. That question needs to be directed to the company/product group that created the application of interest.
-9. How can Systems Center Operations Manager 2012 be configured to use FIPS 140-2 validated cryptographic modules?
- **Answer:** See [https://technet.microsoft.com/library/hh914094.aspx](https://technet.microsoft.com/library/hh914094.aspx)
-
-## Microsoft FIPS 140 Validated Cryptographic Modules
-
-### Modules By Operating System
-
-The following tables identify the Cryptographic Modules for an operating system.
-
-#### Windows
-
-##### Windows 10 Creators Update (Version 1703)
-
-Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
-
-
-
-
-\[1\] Applies only to Home, Pro, Enterprise, Education and S
-
-\[2\] Applies only to Pro, Enterprise, Education, S, Mobile and Surface Hub
-
-\[3\] Applies only to Pro, Enterprise Education and S
-
-##### Windows 10 Anniversary Update (Version 1607)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
-10.0.14393 |
-#2937 |
-FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
-Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886) |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-10.0.14393 |
-#2936 |
-FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
-Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887) |
-
-
-| Boot Manager |
-10.0.14393 |
-#2931 |
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
-Other algorithms: MD5; PBKDF (non-compliant); VMK KDF |
-
-
-| BitLocker® Windows OS Loader (winload) |
-10.0.14393 |
-#2932 |
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: NDRNG; MD5 |
-
-
-| BitLocker® Windows Resume (winresume)[1] |
-10.0.14393 |
-#2933 |
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Dump Filter (dumpfve.sys)[2] |
-10.0.14393 |
-#2934 |
-FIPS Approved algorithms: AES (Certs. #4061 and #4064) |
-
-
-| Code Integrity (ci.dll) |
-10.0.14393 |
-#2935 |
-FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: AES (non-compliant); MD5
-Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) |
-
-
-| Secure Kernel Code Integrity (skci.dll)[3] |
-10.0.14393 |
-#2938 |
-FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
-
-Other algorithms: MD5
-Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) |
-
-
-
-
-
-\[1\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
-
-\[2\] Applies only to Pro, Enterprise, Enterprise LTSB and Mobile
-
-\[3\] Applies only to Pro, Enterprise and Enterprise LTSB
-
-##### Windows 10 November 2015 Update (Version 1511)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
-10.0.10586 |
-#2606 |
-FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
-Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664) |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-10.0.10586 |
-#2605 |
-FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
-Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663) |
-
-
-| Boot Manager[4] |
-10.0.10586 |
-#2700 |
-FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
-
-
-| BitLocker® Windows OS Loader (winload)[5] |
-10.0.10586 |
-#2701 |
-FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
-
-Other algorithms: MD5; NDRNG |
-
-
-| BitLocker® Windows Resume (winresume)[6] |
-10.0.10586 |
-#2702 |
-FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Dump Filter (dumpfve.sys)[7] |
-10.0.10586 |
-#2703 |
-FIPS Approved algorithms: AES (Certs. #3653) |
-
-
-| Code Integrity (ci.dll) |
-10.0.10586 |
-#2604 |
-FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
-
-Other algorithms: AES (non-compliant); MD5
-Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) |
-
-
-| Secure Kernel Code Integrity (skci.dll)[8] |
-10.0.10586 |
-#2607 |
-FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
-
-Other algorithms: MD5
-Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) |
-
-
-
-
-
-\[4\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub
-
-\[5\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub
-
-\[6\] Applies only to Home, Pro and Enterprise
-
-\[7\] Applies only to Pro, Enterprise, Mobile and Surface Hub
-
-\[8\] Applies only to Enterprise and Enterprise LTSB
-
-##### Windows 10 (Version 1507)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
-10.0.10240 |
-#2606 |
-FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
-Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575) |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-10.0.10240 |
-#2605 |
-FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
-
-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
-Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576) |
-
-
-| Boot Manager[9] |
-10.0.10240 |
-#2600 |
-FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
-
-
-| BitLocker® Windows OS Loader (winload)[10] |
-10.0.10240 |
-#2601 |
-FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
-
-Other algorithms: MD5; NDRNG |
-
-
-| BitLocker® Windows Resume (winresume)[11] |
-10.0.10240 |
-#2602 |
-FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Dump Filter (dumpfve.sys)[12] |
-10.0.10240 |
-#2603 |
-FIPS Approved algorithms: AES (Certs. #3497 and #3498) |
-
-
-| Code Integrity (ci.dll) |
-10.0.10240 |
-#2604 |
-FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
-
-Other algorithms: AES (non-compliant); MD5
-Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) |
-
-
-| Secure Kernel Code Integrity (skci.dll)[13] |
-10.0.10240 |
-#2607 |
-FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
-
-Other algorithms: MD5
-Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) |
-
-
-
-
-
-\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
-
-\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
-
-\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
-
-\[12\] Applies only to Pro, Enterprise and Enterprise LTSB
-
-\[13\] Applies only to Enterprise and Enterprise LTSB
-
-##### Windows 8.1
-
-Validated Editions: RT, Pro, Enterprise, Phone, Embedded
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
-6.3.9600 6.3.9600.17031 |
-#2357 |
-FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
-Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323) |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-6.3.9600 6.3.9600.17042 |
-#2356 |
-FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
-Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) |
-
-
-| Boot Manager |
-6.3.9600 6.3.9600.17031 |
-#2351 |
-FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
-
-
-| BitLocker® Windows OS Loader (winload) |
-6.3.9600 6.3.9600.17031 |
-#2352 |
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
-
-Other algorithms: MD5; NDRNG |
-
-
-| BitLocker® Windows Resume (winresume)[14] |
-6.3.9600 6.3.9600.17031 |
-#2353 |
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Dump Filter (dumpfve.sys) |
-6.3.9600 6.3.9600.17031 |
-#2354 |
-FIPS Approved algorithms: AES (Cert. #2832)
-
-Other algorithms: N/A |
-
-
-| Code Integrity (ci.dll) |
-6.3.9600 6.3.9600.17031 |
-#2355#2355 |
-FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
-
-Other algorithms: MD5
-Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) |
-
-
-
-
-
-\[14\] Applies only to Pro, Enterprise, and Embedded 8.
-
-##### Windows 8
-
-Validated Editions: RT, Home, Pro, Enterprise, Phone
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) |
-6.2.9200 |
-#1892 |
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert. ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
-
- |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-6.2.9200 |
-#1891 |
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RNG (Cert. ); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
-
-
-| Boot Manager |
-6.2.9200 |
-#1895 |
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Windows OS Loader (WINLOAD) |
-6.2.9200 |
-#1896 |
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG |
-
-
-| BitLocker® Windows Resume (WINRESUME)[15] |
-6.2.9200 |
-#1898 |
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Dump Filter (DUMPFVE.SYS) |
-6.2.9200 |
-#1899 |
-FIPS Approved algorithms: AES (Certs. #2196 and #2198)
-
-Other algorithms: N/A |
-
-
-| Code Integrity (CI.DLL) |
-6.2.9200 |
-#1897 |
-FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5 |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) |
-6.2.9200 |
-#1893 |
-FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert. ); Triple-DES MAC (Triple-DES Cert. , vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. , key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-| Enhanced Cryptographic Provider (RSAENH.DLL) |
-6.2.9200 |
-#1894 |
-FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
-
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-
-
-
-\[15\] Applies only to Home and Pro
-
-**Windows 7**
-
-Validated Editions: Windows 7, Windows 7 SP1
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) |
-6.1.7600.16385
-6.1.7601.17514 |
-1329 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-6.1.7600.16385
-6.1.7600.16915
-6.1.7600.21092
-6.1.7601.17514
-6.1.7601.17725
-6.1.7601.17919
-6.1.7601.21861
-6.1.7601.22076 |
-1328 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
-
-
-| Boot Manager |
-6.1.7600.16385
-6.1.7601.17514 |
-1319 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
-
-Other algorithms: MD5#1168 and ); HMAC (Cert. ); RSA (Cert. ); SHS (Cert. )
-
-Other algorithms: MD5 |
-
-
-| Winload OS Loader (winload.exe) |
-6.1.7600.16385
-6.1.7600.16757
-6.1.7600.20897
-6.1.7600.20916
-6.1.7601.17514
-6.1.7601.17556
-6.1.7601.21655
-6.1.7601.21675 |
-1326 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
-
-Other algorithms: MD5 |
-
-
-| BitLocker™ Drive Encryption |
-6.1.7600.16385
-6.1.7600.16429
-6.1.7600.16757
-6.1.7600.20536
-6.1.7600.20873
-6.1.7600.20897
-6.1.7600.20916
-6.1.7601.17514
-6.1.7601.17556
-6.1.7601.21634
-6.1.7601.21655
-6.1.7601.21675 |
-1332 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
-
-Other algorithms: Elephant Diffuser |
-
-
-| Code Integrity (CI.DLL) |
-6.1.7600.16385
-6.1.7600.17122
-6.1.7600.21320
-6.1.7601.17514
-6.1.7601.17950
-6.1.7601.22108 |
-1327 |
-FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
-
-Other algorithms: MD5 |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) |
-6.1.7600.16385
-(no change in SP1) |
-1331 |
-FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 |
-
-
-| Enhanced Cryptographic Provider (RSAENH.DLL) |
-6.1.7600.16385
-(no change in SP1) |
-1330 |
-FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-
-
-
-##### Windows Vista SP1
-
-Validated Editions: Ultimate Edition
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Boot Manager (bootmgr) |
-6.0.6001.18000 and 6.0.6002.18005 |
-978 |
-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753) |
-
-
-| Winload OS Loader (winload.exe) |
-6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596 |
-979 |
-FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
-
-Other algorithms: MD5 |
-
-
-| Code Integrity (ci.dll) |
-6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005 |
-980 |
-FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
-
-Other algorithms: MD5 |
-
-
-| Kernel Mode Security Support Provider Interface (ksecdd.sys) |
-6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 |
-1000 |
-FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and ); ECDSA (Cert. ); HMAC (Cert. ); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-| Cryptographic Primitives Library (bcrypt.dll) |
-6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 |
-1001 |
-FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) |
-
-
-| Enhanced Cryptographic Provider (RSAENH) |
-6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 |
-1002 |
-FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 |
-1003 |
-FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
-
-
-
-
-
-##### Windows Vista
-
-Validated Editions: Ultimate Edition
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Enhanced Cryptographic Provider (RSAENH) |
-6.0.6000.16386 |
-893 |
-FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
-6.0.6000.16386 |
-894 |
-FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
-
-
-| BitLocker™ Drive Encryption |
-6.0.6000.16386 |
-947 |
-FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
-
-Other algorithms: Elephant Diffuser |
-
-
-| Kernel Mode Security Support Provider Interface (ksecdd.sys) |
-6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067 |
-891 |
-FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
-
-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 |
-
-
-
-
-
-##### Windows XP SP3
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Kernel Mode Cryptographic Module (FIPS.SYS) |
-5.1.2600.5512 |
-997 |
-FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)
-Other algorithms: DES; MD5; HMAC MD5 |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
-5.1.2600.5507 |
-990 |
-FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)
-Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4 |
-
-
-| Enhanced Cryptographic Provider (RSAENH) |
-5.1.2600.5507 |
-989 |
-FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)
-Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits) |
-
-
-
-
-
-##### Windows XP SP2
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| DSS/Diffie-Hellman Enhanced Cryptographic Provider |
-5.1.2600.2133 |
-240 |
-FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)
-Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement) |
-
-
-| Microsoft Enhanced Cryptographic Provider |
-5.1.2600.2161 |
-238 |
-FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
-Other algorithms: DES (Cert. #156); RC2; RC4; MD5 |
-
-
-
-
-
-##### Windows XP SP1
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Microsoft Enhanced Cryptographic Provider |
-5.1.2600.1029 |
-238 |
-FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
-Other algorithms: DES (Cert. #156); RC2; RC4; MD5 |
-
-
-
-
-
-##### Windows XP
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Kernel Mode Cryptographic Module |
-5.1.2600.0 |
-241 |
-FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)
-Other algorithms: DES (Cert. #89) |
-
-
-
-
-
-##### Windows 2000 SP3
-
-
-
-
-##### Windows 2000 SP2
-
-
-
-
-##### Windows 2000 SP1
-
-
-
-
-##### Windows 2000
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider |
-5.0.2150.1 |
-76 |
-FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)
-Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
-
-
-
-
-
-##### Windows 95 and Windows 98
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider |
-5.0.1877.6 and 5.0.1877.7 |
-75 |
-FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)
-Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
-
-
-
-
-
-##### Windows NT 4.0
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Base Cryptographic Provider |
-5.0.1877.6 and 5.0.1877.7 |
-68 |
-FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
-
-Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
-
-
-
-
-
-#### Windows Server
-
-##### Windows Server 2016
-
-Validated Editions: Standard, Datacenter, Storage Server
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
-10.0.14393 |
-2937 |
-FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-10.0.14393 |
-2936 |
-FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
-
-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) |
-
-
-| Boot Manager |
-10.0.14393 |
-2931 |
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
-Other algorithms: MD5; PBKDF (non-compliant); VMK KDF |
-
-
-| BitLocker® Windows OS Loader (winload) |
-10.0.14393 |
-2932 |
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: NDRNG; MD5 |
-
-
-| BitLocker® Windows Resume (winresume) |
-10.0.14393 |
-2933 |
-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Dump Filter (dumpfve.sys) |
-10.0.14393 |
-2934 |
-FIPS Approved algorithms: AES (Certs. #4061 and #4064) |
-
-
-| Code Integrity (ci.dll) |
-10.0.14393 |
-2935 |
-FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
-
-Other algorithms: AES (non-compliant); MD5 |
-
-
-| Secure Kernel Code Integrity (skci.dll) |
-10.0.14393 |
-2938 |
-FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
-
-Other algorithms: MD5 |
-
-
-
-
-
-##### Windows Server 2012 R2
-
-Validated Editions: Server, Storage Server,
-
-**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
-6.3.9600 6.3.9600.17031 |
-2357 |
-FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-6.3.9600 6.3.9600.17042 |
-2356 |
-FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
-
-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) |
-
-
-| Boot Manager |
-6.3.9600 6.3.9600.17031 |
-2351 |
-FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
-
-
-| BitLocker® Windows OS Loader (winload) |
-6.3.9600 6.3.9600.17031 |
-2352 |
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
-
-Other algorithms: MD5; NDRNG |
-
-
-| BitLocker® Windows Resume (winresume)[16] |
-6.3.9600 6.3.9600.17031 |
-2353 |
-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Dump Filter (dumpfve.sys)[17] |
-6.3.9600 6.3.9600.17031 |
-2354 |
-FIPS Approved algorithms: AES (Cert. #2832)
-
-Other algorithms: N/A |
-
-
-| Code Integrity (ci.dll) |
-6.3.9600 6.3.9600.17031 |
-2355 |
-FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
-
-Other algorithms: MD5 |
-
-
-
-
-
-\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-**Windows Server 2012**
-
-Validated Editions: Server, Storage Server
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) |
-6.2.9200 |
-1892 |
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert. ); HMAC (Cert. #); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-6.2.9200 |
-1891 |
-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
-
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
-
-
-| Boot Manager |
-6.2.9200 |
-1895 |
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Windows OS Loader (WINLOAD) |
-6.2.9200 |
-1896 |
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG |
-
-
-| BitLocker® Windows Resume (WINRESUME) |
-6.2.9200 |
-1898 |
-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5 |
-
-
-| BitLocker® Dump Filter (DUMPFVE.SYS) |
-6.2.9200 |
-1899 |
-FIPS Approved algorithms: AES (Certs. #2196 and #2198)
-
-Other algorithms: N/A |
-
-
-| Code Integrity (CI.DLL) |
-6.2.9200 |
-1897 |
-FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
-
-Other algorithms: MD5 |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) |
-6.2.9200 |
-1893 |
-FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-| Enhanced Cryptographic Provider (RSAENH.DLL) |
-6.2.9200 |
-1894 |
-FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
-
-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-
-
-
-##### Windows Server 2008 R2
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Boot Manager (bootmgr) |
-6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.17514 |
-1321 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
-
-Other algorithms: MD5 |
-
-
-| Winload OS Loader (winload.exe) |
-6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 |
-1333 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
-
-Other algorithms: MD5 |
-
-
-| Code Integrity (ci.dll) |
-6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 |
-1334 |
-FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
-
-Other algorithms: MD5 |
-
-
-| Kernel Mode Cryptographic Primitives Library (cng.sys) |
-6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 |
-1335 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
-
-
-| Cryptographic Primitives Library (bcryptprimitives.dll) |
-66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.17514 |
-1336 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
-
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4 |
-
-
-| Enhanced Cryptographic Provider (RSAENH) |
-6.1.7600.16385 |
-1337 |
-FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
-6.1.7600.16385 |
-1338 |
-FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
-
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 |
-
-
-| BitLocker™ Drive Encryption |
-6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 |
-1339 |
-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
-
-Other algorithms: Elephant Diffuser |
-
-
-
-
-
-##### Windows Server 2008
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Boot Manager (bootmgr) |
-6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 |
-1004 |
-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
-
-Other algorithms: N/A |
-
-
-| Winload OS Loader (winload.exe) |
-6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 |
-1005 |
-FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
-
-Other algorithms: MD5 |
-
-
-| Code Integrity (ci.dll) |
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 |
-1006 |
-FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
-
-Other algorithms: MD5 |
-
-
-| Kernel Mode Security Support Provider Interface (ksecdd.sys) |
-6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 |
-1007 |
-FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert. ); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-| Cryptographic Primitives Library (bcrypt.dll) |
-6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 |
-1008 |
-FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
-6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 |
-1009 |
-FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
-
--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
-
-
-| Enhanced Cryptographic Provider (RSAENH) |
-6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 |
-1010 |
-FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
-
-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-
-
-
-##### Windows Server 2003 SP2
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
-5.2.3790.3959 |
-875 |
-FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)
-Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4 |
-
-
-| Kernel Mode Cryptographic Module (FIPS.SYS) |
-5.2.3790.3959 |
-869 |
-FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)
-Other algorithms: DES; HMAC-MD5 |
-
-
-| Enhanced Cryptographic Provider (RSAENH) |
-5.2.3790.3959 |
-868 |
-FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)
-Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
-
-
-
-
-
-##### Windows Server 2003 SP1
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Kernel Mode Cryptographic Module (FIPS.SYS) |
-5.2.3790.1830 [SP1] |
-405 |
-FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
-Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
-[1] x86
-[2] SP1 x86, x64, IA64 |
-
-
-| Enhanced Cryptographic Provider (RSAENH) |
-5.2.3790.1830 [Service Pack 1]) |
-382 |
-FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
-Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
-[1] x86
-[2] SP1 x86, x64, IA64 |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
-5.2.3790.1830 [Service Pack 1] |
-381 |
-FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
-Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
-[1] x86
-[2] SP1 x86, x64, IA64 |
-
-
-
-
-
-##### Windows Server 2003
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Kernel Mode Cryptographic Module (FIPS.SYS) |
-5.2.3790.0 |
-405 |
-FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
-Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
-[1] x86
-[2] SP1 x86, x64, IA64 |
-
-
-| Enhanced Cryptographic Provider (RSAENH) |
-5.2.3790.0 |
-382 |
-FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
-Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
-[1] x86
-[2] SP1 x86, x64, IA64 |
-
-
-| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
-5.2.3790.0 |
-381 |
-FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
-Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
-[1] x86
-[2] SP1 x86, x64, IA64 |
-
-
-
-
-
-#### Other Products
-
-##### Windows Embedded Compact 7 and Windows Embedded Compact 8
-
-
-
-
-
-##### Windows CE 6.0 and Windows Embedded Compact 7
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Enhanced Cryptographic Provider |
-6.00.1937 [1] and 7.00.1687 [2] |
-825 |
-FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])
-Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES |
-
-
-
-
-
-##### Outlook Cryptographic Provider
-
-
-
-
-
-
-
-
-
-
-| Cryptographic Module |
-Version (link to Security Policy) |
-FIPS Certificate # |
-Algorithms |
-
-
-| Outlook Cryptographic Provider (EXCHCSP) |
-SR-1A (3821)SR-1A (3821) |
-110 |
-FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)
-Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5 |
-
-
-
-
-
-
-### Cryptographic Algorithms
-
-The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.
-
-### Advanced Encryption Standard (AES)
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- AES-CBC:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CFB128:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CTR:
-
-- Counter Source: Internal
-- Key Lengths: 128, 192, 256 (bits)
- - AES-OFB:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- |
-Microsoft Surface Hub Virtual TPM Implementations #4904
-Version 10.0.15063.674 |
-
-
-
-- AES-CBC:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CFB128:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CTR:
-
-- Counter Source: Internal
-- Key Lengths: 128, 192, 256 (bits)
- - AES-OFB:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903
-Version 10.0.16299 |
-
-
-
-- AES-CBC:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CCM:
-
-- Key Lengths: 128, 192, 256 (bits)
-- Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
-- IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
-- Plain Text Length: 0-32
-- AAD Length: 0-65536
- - AES-CFB128:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CFB8:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CMAC:
-
-- Generation:
-
-- AES-128:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-192:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-256:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - Verification:
-
-- AES-128:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-192:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-256:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-CTR:
-
-- Counter Source: Internal
-- Key Lengths: 128, 192, 256 (bits)
- - AES-ECB:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-GCM:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
-- Tag Lengths: 96, 104, 112, 120, 128 (bits)
-- Plain Text Lengths: 0, 8, 1016, 1024 (bits)
-- AAD Lengths: 0, 8, 1016, 1024 (bits)
-- 96 bit IV supported
- - AES-XTS:
-
-- Key Size: 128:
-
-- Modes: Decrypt, Encrypt
-- Block Sizes: Full
- - Key Size: 256:
-
-- Modes: Decrypt, Encrypt
-- Block Sizes: Full
- |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902
-Version 10.0.15063.674 |
-
-
-
-- AES-CBC:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CCM:
-
-- Key Lengths: 128, 192, 256 (bits)
-- Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
-- IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
-- Plain Text Length: 0-32
-- AAD Length: 0-65536
- - AES-CFB128:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CFB8:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CMAC:
-
-- Generation:
-
-- AES-128:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-192:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-256:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - Verification:
-
-- AES-128:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-192:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-256:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-CTR:
-
-- Counter Source: Internal
-- Key Lengths: 128, 192, 256 (bits)
- - AES-ECB:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-GCM:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
-- Tag Lengths: 96, 104, 112, 120, 128 (bits)
-- Plain Text Lengths: 0, 8, 1016, 1024 (bits)
-- AAD Lengths: 0, 8, 1016, 1024 (bits)
-- 96 bit IV supported
- - AES-XTS:
-
-- Key Size: 128:
-
-- Modes: Decrypt, Encrypt
-- Block Sizes: Full
- - Key Size: 256:
-
-- Modes: Decrypt, Encrypt
-- Block Sizes: Full
- |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901
-Version 10.0.15254 |
-
-
-
-- AES-CBC:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CCM:
-
-- Key Lengths: 128, 192, 256 (bits)
-- Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
-- IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
-- Plain Text Length: 0-32
-- AAD Length: 0-65536
- - AES-CFB128:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CFB8:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-CMAC:
-
-- Generation:
-
-- AES-128:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-192:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-256:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - Verification:
-
-- AES-128:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-192:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-256:
-
-- Block Sizes: Full, Partial
-- Message Length: 0-65536
-- Tag Length: 16-16
- - AES-CTR:
-
-- Counter Source: Internal
-- Key Lengths: 128, 192, 256 (bits)
- - AES-ECB:
-
-- Modes: Decrypt, Encrypt
-- Key Lengths: 128, 192, 256 (bits)
- - AES-GCM:
-
-- Modes: Decrypt, Encrypt
-- IV Generation: External
-- Key Lengths: 128, 192, 256 (bits)
-- Tag Lengths: 96, 104, 112, 120, 128 (bits)
-- Plain Text Lengths: 0, 8, 1016, 1024 (bits)
-- AAD Lengths: 0, 8, 1016, 1024 (bits)
-- 96 bit IV supported
- - AES-XTS:
-
-- Key Size: 128:
-
-- Modes: Decrypt, Encrypt
-- Block Sizes: Full
- - Key Size: 256:
-
-- Modes: Decrypt, Encrypt
-- Block Sizes: Full
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897
-Version 10.0.16299 |
-
-
-AES-KW:
-
-- Modes: Decrypt, Encrypt
-- CIPHK transformation direction: Forward
-- Key Lengths: 128, 192, 256 (bits)
-- Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
-
-AES Val#4902 |
-Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900
-Version 10.0.15063.674 |
-
-
-AES-KW:
-
-- Modes: Decrypt, Encrypt
-- CIPHK transformation direction: Forward
-- Key Lengths: 128, 192, 256 (bits)
-- Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
-
-AES Val#4901 |
-Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899
-Version 10.0.15254 |
-
-
-AES-KW:
-
-- Modes: Decrypt, Encrypt
-- CIPHK transformation direction: Forward
-- Key Lengths: 128, 192, 256 (bits)
-- Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
-
-AES Val#4897 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
-Version 10.0.16299 |
-
-
-AES-CCM:
-
-- Key Lengths: 256 (bits)
-- Tag Lengths: 128 (bits)
-- IV Lengths: 96 (bits)
-- Plain Text Length: 0-32
-- AAD Length: 0-65536
-
-AES Val#4902 |
-Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896
-Version 10.0.15063.674 |
-
-
-AES-CCM:
-
-- Key Lengths: 256 (bits)
-- Tag Lengths: 128 (bits)
-- IV Lengths: 96 (bits)
-- Plain Text Length: 0-32
-- AAD Length: 0-65536
-
-AES Val#4901 |
-Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895
-Version 10.0.15254 |
-
-
-AES-CCM:
-
-- Key Lengths: 256 (bits)
-- Tag Lengths: 128 (bits)
-- IV Lengths: 96 (bits)
-- Plain Text Length: 0-32
-- AAD Length: 0-65536
-
-AES Val#4897 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
-Version 10.0.16299 |
-
-
-CBC ( e/d; 128 , 192 , 256 );
-CFB128 ( e/d; 128 , 192 , 256 );
-OFB ( e/d; 128 , 192 , 256 );
-CTR ( int only; 128 , 192 , 256 ) |
-Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627
-Version 10.0.15063 |
-
-
-KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
-AES Val#4624 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626
-Version 10.0.15063 |
-
-
-CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
-AES Val#4624
- |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625
-Version 10.0.15063 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 );
-CFB128 ( e/d; 128 , 192 , 256 );
-CTR ( int only; 128 , 192 , 256 )
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
-GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported
-GMAC_Supported
-XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) ) |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
-Version 10.0.15063 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 ); |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434
-Version 7.00.2872 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 ); |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433
-Version 8.00.6246 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CTR ( int only; 128 , 192 , 256 ) |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431
-Version 7.00.2872 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CTR ( int only; 128 , 192 , 256 ) |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430
-Version 8.00.6246 |
-
-
-CBC ( e/d; 128 , 192 , 256 );
-CFB128 ( e/d; 128 , 192 , 256 );
-OFB ( e/d; 128 , 192 , 256 );
-CTR ( int only; 128 , 192 , 256 ) |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
-Version 10.0.14393 |
-
-
-ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
-GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 0 , 0 ) ; 96BitIV_Supported
-GMAC_Supported
-XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) ) |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
-Version 10.0.14393 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 );
- |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
-Version 10.0.14393 |
-
-
-KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )
-AES Val#4064 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062
-Version 10.0.14393 |
-
-
-CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
-AES Val#4064 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061
-Version 10.0.14393 |
-
-
-KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
-AES Val#3629 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652
-Version 10.0.10586 |
-
-
-CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
-AES Val#3629 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653
-Version 10.0.10586 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 );
- |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
-Version 10.0.10586 |
-
-
-ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
-GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 0 , 0 ) ; 96BitIV_Supported
-GMAC_Supported
-XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) ) |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
-
-
-Version 10.0.10586 |
-
-
-KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
-AES Val#3497 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507
-Version 10.0.10240 |
-
-
-CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
-AES Val#3497 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498
-Version 10.0.10240 |
-
-
-ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-CMAC(Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
-GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 0 , 0 ) ; 96BitIV_Supported
-GMAC_Supported
-XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) ) |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
-Version 10.0.10240 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 );
- |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
-Version 10.0.10240 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 );
- |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853
-Version 6.3.9600 |
-
-
-CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
-AES Val#2832 |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848
-Version 6.3.9600 |
-
-
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
-GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported ;
-OtherIVLen_Supported
-GMAC_Supported |
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
-Version 6.3.9600 |
-
-
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-AES Val#2197
-CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
-AES Val#2197
-GCM(KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
-IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
-GMAC_Supported |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216 |
-
-
-CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
-AES Val#2196 |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 );
-CFB128 ( e/d; 128 , 192 , 256 );
-CTR ( int only; 128 , 192 , 256 ) |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 );
- |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196 |
-
-
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
-AES Val#1168 |
-Windows Server 2008 R2 and SP1 CNG algorithms #1187
-Windows 7 Ultimate and SP1 CNG algorithms #1178 |
-
-
-CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
-AES Val#1168 |
-Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 );
- |
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 |
-
-
-GCM
-GMAC |
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed |
-
-
-| CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 ) |
-Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760 |
-
-
-| CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 ) |
-Windows Server 2008 CNG algorithms #757
-Windows Vista Ultimate SP1 CNG algorithms #756 |
-
-
-CBC ( e/d; 128 , 256 );
-CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 ) |
-Windows Vista Ultimate BitLocker Drive Encryption #715
-Windows Vista Ultimate BitLocker Drive Encryption #424 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CFB8 ( e/d; 128 , 192 , 256 ); |
-Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739
-Windows Vista Symmetric Algorithm Implementation #553 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 );
-CTR ( int only; 128 , 192 , 256 ) |
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023 |
-
-
-ECB ( e/d; 128 , 192 , 256 );
-CBC ( e/d; 128 , 192 , 256 ); |
-Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818
-Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781
-Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548
-Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516
-Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507
-Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290
-Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224
-Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80
-Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33 |
-
-
-
-
-
-Deterministic Random Bit Generator (DRBG)
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- Counter:
-
-- Modes: AES-256
-- Derivation Function States: Derivation Function not used
-- Prediction Resistance Modes: Not Enabled
-
-Prerequisite: AES #4904 |
-Microsoft Surface Hub Virtual TPM Implementations #1734
-Version 10.0.15063.674 |
-
-
-
-- Counter:
-
-- Modes: AES-256
-- Derivation Function States: Derivation Function not used
-- Prediction Resistance Modes: Not Enabled
-
-Prerequisite: AES #4903 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733
-Version 10.0.16299 |
-
-
-
-- Counter:
-
-- Modes: AES-256
-- Derivation Function States: Derivation Function used
-- Prediction Resistance Modes: Not Enabled
-
-Prerequisite: AES #4902 |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732
-Version 10.0.15063.674 |
-
-
-
-- Counter:
-
-- Modes: AES-256
-- Derivation Function States: Derivation Function used
-- Prediction Resistance Modes: Not Enabled
-
-Prerequisite: AES #4901 |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731
-Version 10.0.15254 |
-
-
-
-- Counter:
-
-- Modes: AES-256
-- Derivation Function States: Derivation Function used
-- Prediction Resistance Modes: Not Enabled
-
-Prerequisite: AES #4897 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730
-Version 10.0.16299 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4627 ) ] |
-Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556
-Version 10.0.15063 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4624 ) ] |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555
-Version 10.0.15063 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4434 ) ] |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433
-Version 7.00.2872 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4433 ) ] |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432
-Version 8.00.6246 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4431 ) ] |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430
-Version 7.00.2872 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4430 ) ] |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429
-Version 8.00.6246 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4074 ) ] |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
-Version 10.0.14393 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4064 ) ] |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217
-Version 10.0.14393 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3629 ) ] |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955
-Version 10.0.10586 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3497 ) ] |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868
-Version 10.0.10240 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2832 ) ] |
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
-Version 6.3.9600 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ] |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ] |
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193 |
-
-
-| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ] |
-Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23 |
-
-
-| DRBG (SP 800–90) |
-Windows Vista Ultimate SP1, vendor-affirmed |
-
-
-
-
-
-#### Digital Signature Algorithm (DSA)
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- DSA:
-
-- 186-4:
-
-- PQGGen:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - PQGVer:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - SigGen:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - SigVer:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - KeyPair:
-
-- L = 2048, N = 256
-- L = 3072, N = 256
-
-Prerequisite: SHS #4011, DRBG #1732 |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303
-Version 10.0.15063.674 |
-
-
-
-- DSA:
-
-- 186-4:
-
-- PQGGen:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - PQGVer:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - SigGen:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - SigVer:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - KeyPair:
-
--
--
-- L = 2048, N = 256
-- L = 3072, N = 256
-
-Prerequisite: SHS #4010, DRBG #1731 |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302
-Version 10.0.15254 |
-
-
-
-- DSA:
-
-- 186-4:
-
-- PQGGen:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - PQGVer:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - SigGen:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - SigVer:
-
-- L = 2048, N = 256 SHA: SHA-256
-- L = 3072, N = 256 SHA: SHA-256
- - KeyPair:
-
-- L = 2048, N = 256
-- L = 3072, N = 256
-
-Prerequisite: SHS #4009, DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301
-Version 10.0.16299 |
-
-
-FIPS186-4:
-PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-KeyPairGen: [ (2048,256) ; (3072,256) ]
-SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SHS: Val#3790
-DRBG: Val# 1555 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223
-Version 10.0.15063 |
-
-
-FIPS186-4:
-PQG(ver)PARMS TESTED: [ (1024,160) SHA( 1 ); ]
-SIG(ver)PARMS TESTED: [ (1024,160) SHA( 1 ); ]
-SHS: Val# 3649 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
-Version 7.00.2872 |
-
-
-FIPS186-4:
-PQG(ver)PARMS TESTED: [ (1024,160) SHA( 1 ); ]
-SIG(ver)PARMS TESTED: [ (1024,160) SHA( 1 ); ]
-SHS: Val#3648 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
-Version 8.00.6246 |
-
-
-FIPS186-4:
-PQG(gen)PARMS TESTED: [
-(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-KeyPairGen: [ (2048,256) ; (3072,256) ]
-SIG(gen)PARMS TESTED: [ (2048,256)
-SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SHS: Val# 3347
-DRBG: Val# 1217 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098
-Version 10.0.14393 |
-
-
-FIPS186-4:
-PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]
-KeyPairGen: [ (2048,256) ; (3072,256) ] SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SHS: Val# 3047
-DRBG: Val# 955 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024
-Version 10.0.10586 |
-
-
-FIPS186-4:
-PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-KeyPairGen: [ (2048,256) ; (3072,256) ]
-SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SHS: Val# 2886
-DRBG: Val# 868 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
-Version 10.0.10240 |
-
-
-FIPS186-4:
-PQG(gen)PARMS TESTED: [
-(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED: [ (2048,256)
-SHA( 256 ); (3072,256) SHA( 256 ) ]
-KeyPairGen: [ (2048,256) ; (3072,256) ]
-SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SHS: Val# 2373
-DRBG: Val# 489 |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
-Version 6.3.9600 |
-
-
-FIPS186-2:
-PQG(ver) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: #1903
-DRBG: #258
-FIPS186-4:
-PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
-PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
-SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
-SHS: #1903
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687. |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687 |
-
-
-FIPS186-2:
-PQG(ver) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: #1902
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686 |
-
-
-FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 1773
-DRBG: Val# 193
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645. |
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645 |
-
-
-FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 1081
-DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386. |
-Windows Server 2008 R2 and SP1 CNG algorithms #391
-Windows 7 Ultimate and SP1 CNG algorithms #386 |
-
-
-FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 1081
-RNG: Val# 649
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385. |
-Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390
-Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385 |
-
-
-FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283. |
-Windows Server 2008 CNG algorithms #284
-Windows Vista Ultimate SP1 CNG algorithms #283 |
-
-
-FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 753
-RNG: Val# 435
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281. |
-Windows Server 2008 Enhanced DSS (DSSENH) #282
-Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281 |
-
-
-FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 618
-RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226. |
-Windows Vista CNG algorithms #227
-Windows Vista Enhanced DSS (DSSENH) #226 |
-
-
-FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 784
-RNG: Val# 448
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292. |
-Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292 |
-
-
-FIPS186-2:
-SIG(ver) MOD(1024);
-SHS: Val# 783
-RNG: Val# 447
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291. |
-Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291 |
-
-
-FIPS186-2:
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: Val# 611
-RNG: Val# 314 |
-Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221 |
-
-
-FIPS186-2:
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: Val# 385 |
-Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146 |
-
-
-FIPS186-2:
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SIG(ver) MOD(1024);
-SHS: Val# 181
-
- |
-Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95 |
-
-
-FIPS186-2:
-PQG(gen) MOD(1024);
-PQG(ver) MOD(1024);
-KEYGEN(Y) MOD(1024);
-SIG(gen) MOD(1024);
-SHS: SHA-1 (BYTE)
-SIG(ver) MOD(1024);
-SHS: SHA-1 (BYTE) |
-Windows 2000 DSSENH.DLL #29
-Windows 2000 DSSBASE.DLL #28
-Windows NT 4 SP6 DSSENH.DLL #26
-Windows NT 4 SP6 DSSBASE.DLL #25 |
-
-
-FIPS186-2: PRIME;
-FIPS186-2:
-KEYGEN(Y):
-SHS: SHA-1 (BYTE)
-SIG(gen):
-SIG(ver) MOD(1024);
-SHS: SHA-1 (BYTE) |
-Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17 |
-
-
-
-
-
-#### Elliptic Curve Digital Signature Algorithm (ECDSA)
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384, P-521
-- Generation Methods: Extra Random Bits
- - Public Key Validation:
-
-- Curves: P-256, P-384, P-521
- - Signature Generation:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
- - Signature Verification:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: SHS #2373, DRBG #489 |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
-Version 6.3.9600 |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384
-- Generation Methods: Testing Candidates
-
-Prerequisite: SHS #4011, DRBG #1734 |
-Microsoft Surface Hub Virtual TPM Implementations #1253
-Version 10.0.15063.674 |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384
-- Generation Methods: Testing Candidates
-
-Prerequisite: SHS #4009, DRBG #1733 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252
-Version 10.0.16299 |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384, P-521
-- Generation Methods: Extra Random Bits
- - Public Key Validation:
-
-- Curves: P-256, P-384, P-521
- - Signature Generation:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
- - Signature Verification:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: SHS #4011, DRBG #1732 |
-Microsoft Surface Hub MsBignum Cryptographic Implementations #1251
-Version 10.0.15063.674 |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384, P-521
-- Generation Methods: Extra Random Bits
- - Public Key Validation:
-
-- Curves: P-256, P-384, P-521
- - Signature Generation:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
- - Signature Verification:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: SHS #4011, DRBG #1732 |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250
-Version 10.0.15063.674 |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384, P-521
-- Generation Methods: Extra Random Bits
- - Public Key Validation:
-
-- Curves: P-256, P-384, P-521
- - Signature Generation:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
- - Signature Verification:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: SHS #4010, DRBG #1731 |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249
-Version 10.0.15254 |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384, P-521
-- Generation Methods: Extra Random Bits
- - Public Key Validation:
-
-- Curves: P-256, P-384, P-521
- - Signature Generation:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
- - Signature Verification:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: SHS #4010, DRBG #1731 |
-Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248
-Version 10.0.15254 |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384, P-521
-- Generation Methods: Extra Random Bits
- - Public Key Validation:
-
-- Curves: P-256, P-384, P-521
- - Signature Generation:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
- - Signature Verification:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: SHS #4009, DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247
-Version 10.0.16299 |
-
-
-
-- ECDSA:
-
-- 186-4:
-
-- Key Pair Generation:
-
-- Curves: P-256, P-384, P-521
-- Generation Methods: Extra Random Bits
- - Public Key Validation:
-
-- Curves: P-256, P-384, P-521
- - Signature Generation:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
- - Signature Verification:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: SHS #4009, DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246
-Version 10.0.16299 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 TestingCandidates )
-SHS: Val#3790
-DRBG: Val# 1555 |
-Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136
-Version 10.0.15063 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val#3790
-DRBG: Val# 1555 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135
-Version 10.0.15063 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val#3790
-DRBG: Val# 1555 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133
-Version 10.0.15063 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
-SHS:Val# 3649
-DRBG:Val# 1430 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073
-Version 7.00.2872 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
-SHS:Val#3648
-DRBG:Val# 1429 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072
-Version 8.00.6246 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 TestingCandidates )
-PKV: CURVES( P-256 P-384 )
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )
-SHS: Val# 3347
-DRBG: Val# 1222 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
-Version 10.0.14393 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-PKV: CURVES( P-256 P-384 P-521 )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val# 3347
-DRBG: Val# 1217 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911
-Version 10.0.14393 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val# 3047
-DRBG: Val# 955 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760
-Version 10.0.10586 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val# 2886
-DRBG: Val# 868 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706
-Version 10.0.10240 |
-
-
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val#2373
-DRBG: Val# 489 |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
-Version 6.3.9600 |
-
-
-FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: #1903
-DRBG: #258
-SIG(ver):CURVES( P-256 P-384 P-521 )
-SHS: #1903
-DRBG: #258
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: #1903
-DRBG: #258
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341. |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341 |
-
-
-FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: Val#1773
-DRBG: Val# 193
-SIG(ver): CURVES( P-256 P-384 P-521 )
-SHS: Val#1773
-DRBG: Val# 193
-FIPS186-4:
-PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
-SHS: Val#1773
-DRBG: Val# 193
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295. |
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295 |
-
-
-FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: Val#1081
-DRBG: Val# 23
-SIG(ver): CURVES( P-256 P-384 P-521 )
-SHS: Val#1081
-DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141. |
-Windows Server 2008 R2 and SP1 CNG algorithms #142
-Windows 7 Ultimate and SP1 CNG algorithms #141 |
-
-
-FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: Val#753
-SIG(ver): CURVES( P-256 P-384 P-521 )
-SHS: Val#753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82. |
-Windows Server 2008 CNG algorithms #83
-Windows Vista Ultimate SP1 CNG algorithms #82 |
-
-
-FIPS186-2:
-PKG: CURVES( P-256 P-384 P-521 )
-SHS: Val#618
-RNG: Val# 321
-SIG(ver): CURVES( P-256 P-384 P-521 )
-SHS: Val#618
-RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60. |
-Windows Vista CNG algorithms #60 |
-
-
-
-
-
-#### Keyed-Hash Message Authentication Code (HMAC)
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- HMAC-SHA-1:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-256:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-384:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
-
-Prerequisite: SHS #4011 |
-Microsoft Surface Hub Virtual TPM Implementations #3271
-Version 10.0.15063.674 |
-
-
-
-- HMAC-SHA-1:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-256:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-384:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
-
-Prerequisite: SHS #4009 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270
-Version 10.0.16299 |
-
-
-
-- HMAC-SHA-1:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-256:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-384:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-512:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
-
-Prerequisite: SHS #4011 |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269
-Version 10.0.15063.674 |
-
-
-
-- HMAC-SHA-1:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-256:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-384:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-512:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
-
-Prerequisite: SHS #4010 |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268
-Version 10.0.15254 |
-
-
-
-- HMAC-SHA-1:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-256:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-384:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
- - HMAC-SHA2-512:
-
-- Key Sizes < Block Size
-- Key Sizes > Block Size
-- Key Sizes = Block Size
-
-Prerequisite: SHS #4009 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267
-Version 10.0.16299 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3790
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790 |
-Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062
-Version 10.0.15063 |
-
-
-HMAC-SHA1(Key Sizes Ranges Tested: KSBS ) SHS Val#3790
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#3790 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061
-Version 10.0.15063 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3652
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3652
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3652
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3652 |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946
-Version 7.00.2872 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3651
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3651
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3651
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3651 |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945
-Version 8.00.6246 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3649
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal# 3649 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943
-Version 7.00.2872 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3648
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3648
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3648
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3648 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942
-Version 8.00.6246 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
-SHS Val# 3347
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
-SHS Val# 3347
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
-SHS Val# 3347 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
-Version 10.0.14393 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3347
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651
-Version 10.0.14393 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
-SHS Val# 3047
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
-SHS Val# 3047
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
-SHS Val# 3047
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
-SHS Val# 3047 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381
-Version 10.0.10586 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
-SHSVal# 2886
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
-SHSVal# 2886
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
- SHSVal# 2886
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
-SHSVal# 2886 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233
-Version 10.0.10240 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
-SHS Val#2373
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
-SHS Val#2373
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
-SHS Val#2373
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
-SHS Val#2373 |
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
-Version 6.3.9600 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#2764
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#2764 |
-Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122
-Version 5.2.29344 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902
-HMAC-SHA256 ( Key Size Ranges Tested: KS#1902 |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS#1902
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS#1902
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS#1902
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS#1902 |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
-SHS#1903
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
-SHS#1903
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
-SHS#1903
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
-SHS#1903 |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1773
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
-Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1773 |
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1774
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1774 |
-Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1081
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1081 |
-Windows Server 2008 R2 and SP1 CNG algorithms #686
-Windows 7 and SP1 CNG algorithms #677
-Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687
-Windows 7 Enhanced Cryptographic Provider (RSAENH) #673 |
-
-
-HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081
-HMAC-SHA256 ( Key Size Ranges Tested: KSVal#1081 |
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#816
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#816
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#816
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#816 |
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753
-HMAC-SHA256 ( Key Size Ranges Tested: KSVal#753 |
-Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS )SHS Val#753 |
-Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408
-Windows Vista Enhanced Cryptographic Provider (RSAENH) #407 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHSVal#618
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618 |
-Windows Vista Enhanced Cryptographic Provider (RSAENH) #297 |
-
-
-| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#785 |
-Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429
-Windows XP, vendor-affirmed |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#783
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#783
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#783
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#783 |
-Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#613
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#613
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#613
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#613 |
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289 |
-
-
-| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#610 |
-Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#753 |
-Windows Server 2008 CNG algorithms #413
-Windows Vista Ultimate SP1 CNG algorithms #412 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737
-HMAC-SHA256 ( Key Size Ranges Tested: KSVal#737 |
-Windows Vista Ultimate BitLocker Drive Encryption #386 |
-
-
-HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#618
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618 |
-Windows Vista CNG algorithms #298 |
-
-
-HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#589
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHSVal#589
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#589
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#589 |
-Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267 |
-
-
-HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#578
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#578
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#578
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#578 |
-Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260 |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495
-HMAC-SHA256 ( Key Size Ranges Tested: KSVal#495 |
-Windows Vista BitLocker Drive Encryption #199 |
-
-
-| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#364 |
-Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99
-Windows XP, vendor-affirmed |
-
-
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#305
-HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#305
-HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#305
-HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#305 |
-Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31 |
-
-
-
-
-
-#### Key Agreement Scheme (KAS)
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- KAS ECC:
-
-- Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
-- Schemes:
-
-- Full Unified:
-
-- Key Agreement Roles: Initiator, Responder
-- KDFs: Concatenation
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
-
-Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734 |
-Microsoft Surface Hub Virtual TPM Implementations #150
-Version 10.0.15063.674 |
-
-
-
-- KAS ECC:
-
-- Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
-- Schemes:
-
-- Full Unified:
-
-- Key Agreement Roles: Initiator, Responder
-- KDFs: Concatenation
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
-
-Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149
-Version 10.0.16299 |
-
-
-
-- KAS ECC:
-
-- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
-- Schemes:
-
-- Ephemeral Unified:
-
-- Key Agreement Roles: Initiator, Responder
-- KDFs: Concatenation
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
- - One Pass DH:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
- - Static Unified:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
-
-Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732
-
-- KAS FFC:
-
-- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
-- Schemes:
-
-- dhEphem:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
- - dhOneFlow:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
- - dhStatic:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
-
-Prerequisite: SHS #4011, DSA #1303, DRBG #1732 |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #148
-Version 10.0.15063.674 |
-
-
-
-- KAS ECC:
-
-- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
-- Schemes:
-
-- Ephemeral Unified:
-
-- Key Agreement Roles: Initiator, Responder
-- KDFs: Concatenation
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
- - One Pass DH:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
- - Static Unified:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
-
-Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731
-
-- KAS FFC:
-
-- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
-- Schemes:
-
-- dhEphem:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
- - dhOneFlow:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
- - dhStatic:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
-
-Prerequisite: SHS #4010, DSA #1302, DRBG #1731 |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147
-Version 10.0.15254 |
-
-
-
-- KAS ECC:
-
-- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
-- Schemes:
-
-- Ephemeral Unified:
-
-- Key Agreement Roles: Initiator, Responder
-- KDFs: Concatenation
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
- - One Pass DH:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
- - Static Unified:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- EC:
-
-- Curve: P-256
-- SHA: SHA-256
-- MAC: HMAC
- - ED:
-
-- Curve: P-384
-- SHA: SHA-384
-- MAC: HMAC
- - EE:
-
-- Curve: P-521
-- SHA: SHA-512
-- MAC: HMAC
-
-Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730
-
-- KAS FFC:
-
-- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
-- Schemes:
-
-- dhEphem:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
- - dhOneFlow:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
- - dhStatic:
-
-- Key Agreement Roles: Initiator, Responder
-- Parameter Sets:
-
-- FB:
-
-- SHA: SHA-256
-- MAC: HMAC
- - FC:
-
-- SHA: SHA-256
-- MAC: HMAC
-
-Prerequisite: SHS #4009, DSA #1301, DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146
-Version 10.0.16299 |
-
-
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration ) SCHEMES [ FullUnified ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ]
-SHS Val#3790
-DSA Val#1135
-DRBG Val#1556 |
-Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128
-Version 10.0.15063 |
-
-
-FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS Val#3790
-DSA Val#1223
-DRBG Val#1555
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-
-SHS Val#3790
-ECDSA Val#1133
-DRBG Val#1555 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127
-Version 10.0.15063 |
-
-
-FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS Val# 3649
-DSA Val#1188
-DRBG Val#1430
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ] |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115
-Version 7.00.2872 |
-
-
-FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder> ) ( FB:SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB:SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS Val#3648
-DSA Val#1187
-DRBG Val#1429
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-
-SHS Val#3648
-ECDSA Val#1072
-DRBG Val#1429 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114
-Version 8.00.6246 |
-
-
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration )
-SCHEMES [ FullUnified ( No_KC < KARole(s): Initiator / Responder > < KDF: CONCAT > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ]
-SHS Val# 3347 ECDSA Val#920 DRBG Val#1222 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
-Version 10.0.14393 |
-
-
-FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation )
-SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic (No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS Val# 3347 DSA Val#1098 DRBG Val#1217
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92
-Version 10.0.14393 |
-
-
-FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS Val# 3047 DSA Val#1024 DRBG Val#955
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-SHS Val# 3047 ECDSA Val#760 DRBG Val#955 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72
-Version 10.0.10586 |
-
-
-FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS Val# 2886 DSA Val#983 DRBG Val#868
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-SHS Val# 2886 ECDSA Val#706 DRBG Val#868 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64
-Version 10.0.10240 |
-
-
-FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS Val#2373 DSA Val#855 DRBG Val#489
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-[ StaticUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-SHS Val#2373 ECDSA Val#505 DRBG Val#489 |
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
-Version 6.3.9600 |
-
-
-FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
-( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
-[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
-SHS #1903 DSA Val#687 DRBG #258
-ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
-[ OnePassDH( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
-[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
-
-SHS #1903 ECDSA Val#341 DRBG #258 |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36 |
-
-
-KAS (SP 800–56A)
-key agreement
-key establishment methodology provides 80 to 256 bits of encryption strength |
-Windows 7 and SP1, vendor-affirmed
-Windows Server 2008 R2 and SP1, vendor-affirmed |
-
-
-
-
-
-SP 800-108 Key-Based Key Derivation Functions (KBKDF)
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- Counter:
-
-- MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
-
-MAC prerequisite: HMAC #3271
-
-
-- Counter Location: Before Fixed Data
-- R Length: 32 (bits)
-- SPs used to generate K: SP 800-56A, SP 800-90A
-
- K prerequisite: DRBG #1734, KAS #150 |
-Microsoft Surface Hub Virtual TPM Implementations #161
-Version 10.0.15063.674 |
-
-
-
-- Counter:
-
-- MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
-
-MAC prerequisite: HMAC #3270
-
-
-- Counter Location: Before Fixed Data
-- R Length: 32 (bits)
-- SPs used to generate K: SP 800-56A, SP 800-90A
-
- K prerequisite: DRBG #1733, KAS #149 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160
-Version 10.0.16299 |
-
-
-
-- Counter:
-
-- MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
-
-MAC prerequisite: AES #4902, HMAC #3269
-
-
-- Counter Location: Before Fixed Data
-- R Length: 32 (bits)
-- SPs used to generate K: SP 800-56A, SP 800-90A
-- K prerequisite: KAS #148
-
- |
-Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159
-Version 10.0.15063.674 |
-
-
-
-- Counter:
-
-- MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
-
-MAC prerequisite: AES #4901, HMAC #3268
-
-
-- Counter Location: Before Fixed Data
-- R Length: 32 (bits)
-- SPs used to generate K: SP 800-56A, SP 800-90A
-
- K prerequisite: KAS #147 |
-Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158
-Version 10.0.15254 |
-
-
-
-- Counter:
-
-- MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
-
-MAC prerequisite: AES #4897, HMAC #3267
-
-
-- Counter Location: Before Fixed Data
-- R Length: 32 (bits)
-- SPs used to generate K: SP 800-56A, SP 800-90A
-
- K prerequisite: KAS #146 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157
-Version 10.0.16299 |
-
-
-CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-
-KAS Val#128
-DRBG Val#1556
-MAC Val#3062 |
-Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141
-Version 10.0.15063 |
-
-
-CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-
-KAS Val#127
-AES Val#4624
-DRBG Val#1555
-MAC Val#3061 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140
-Version 10.0.15063 |
-
-
-CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-KAS Val#93 DRBG Val#1222 MAC Val#2661 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
-Version 10.0.14393 |
-
-
-CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101
-Version 10.0.14393 |
-
-
-CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72
-Version 10.0.10586 |
-
-
-CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66
-Version 10.0.10240 |
-
-
-CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-DRBG Val#489 MAC Val#1773 |
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
-Version 6.3.9600 |
-
-
-CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
-DRBG #258 HMAC Val#1345 |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3 |
-
-
-
-
-
-Random Number Generator (RNG)
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-FIPS 186-2 General Purpose
-[ (x-Original); (SHA-1) ] |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110 |
-
-
-FIPS 186-2
-[ (x-Original); (SHA-1) ] |
-Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060
-Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292
-Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286
-Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66 |
-
-
-FIPS 186-2
-[ (x-Change Notice); (SHA-1) ]
-FIPS 186-2 General Purpose
-[ (x-Change Notice); (SHA-1) ] |
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649
-Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435
-Windows Vista RNG implementation #321 |
-
-
-FIPS 186-2 General Purpose
-[ (x-Change Notice); (SHA-1) ] |
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470
-Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449
-Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316
-Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313 |
-
-
-FIPS 186-2
-[ (x-Change Notice); (SHA-1) ] |
-Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448
-Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314 |
-
-
-
-
-
-#### RSA
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-RSA:
-
-- 186-4:
-
-- Signature Generation PKCS1.5:
-
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384
- - Signature Generation PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
- - Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384
- - Signature Verification PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-
-Prerequisite: SHS #4011, DRBG #1734 |
-Microsoft Surface Hub Virtual TPM Implementations #2677
-Version 10.0.15063.674 |
-
-
-RSA:
-
-- 186-4:
-
-- Signature Generation PKCS1.5:
-
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384
- - Signature Generation PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 240 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
- - Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384
- - Signature Verification PSS:
-
-- Mod 1024:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
- - Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-
-Prerequisite: SHS #4009, DRBG #1733 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676
-Version 10.0.16299 |
-
-
-RSA:
-
-- 186-4:
-
-- Key Generation:
-- Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-
-Prerequisite: SHS #4011, DRBG #1732 |
-Microsoft Surface Hub RSA32 Algorithm Implementations #2675
-Version 10.0.15063.674 |
-
-
-RSA:
-
-- 186-4:
-
-- Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-
-Prerequisite: SHS #4009, DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674
-Version 10.0.16299 |
-
-
-RSA:
-
-- 186-4:
-
-- Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-
-Prerequisite: SHS #4010, DRBG #1731 |
-Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673
-Version 10.0.15254 |
-
-
-RSA:
-
-- 186-4:
-
-- Key Generation:
-
-- Public Key Exponent: Fixed (10001)
-- Provable Primes with Conditions:
-
-- Mod lengths: 2048, 3072 (bits)
-- Primality Tests: C.3
- - Signature Generation PKCS1.5:
-
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Generation PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Verification PSS:
-
-- Mod 1024:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 496 (bits)
- - Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
-
-Prerequisite: SHS #4011, DRBG #1732 |
-Microsoft Surface Hub MsBignum Cryptographic Implementations #2672
-Version 10.0.15063.674 |
-
-
-RSA:
-
-- 186-4:
-
-- Key Generation:
-
-- Probable Random Primes:
-
-- Mod lengths: 2048, 3072 (bits)
-- Primality Tests: C.2
- - Signature Generation PKCS1.5:
-
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Generation PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Verification PSS:
-
-- Mod 1024:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 496 (bits)
- - Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
-
-Prerequisite: SHS #4011, DRBG #1732 |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671
-Version 10.0.15063.674 |
-
-
-RSA:
-
-- 186-4:
-
-- Key Generation:
-
-- Probable Random Primes:
-
-- Mod lengths: 2048, 3072 (bits)
-- Primality Tests: C.2
- - Signature Generation PKCS1.5:
-
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Generation PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Verification PSS:
-
-- Mod 1024:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 496 (bits)
- - Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
-
-Prerequisite: SHS #4010, DRBG #1731 |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670
-Version 10.0.15254 |
-
-
-RSA:
-
-- 186-4:
-
-- Key Generation:
-
-- Public Key Exponent: Fixed (10001)
-- Provable Primes with Conditions:
-
-- Mod lengths: 2048, 3072 (bits)
-- Primality Tests: C.3
- - Signature Generation PKCS1.5:
-
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Generation PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Verification PSS:
-
-- Mod 1024:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 496 (bits)
- - Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
-
-Prerequisite: SHS #4010, DRBG #1731 |
-Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669
-Version 10.0.15254 |
-
-
-
-- 186-4:
-
-- Key Generation:
-
-- Public Key Exponent: Fixed (10001)
-- Provable Primes with Conditions:
-
-- Mod lengths: 2048, 3072 (bits)
-- Primality Tests: C.3
- - Signature Generation PKCS1.5:
-
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Generation PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Verification PSS:
-
-- Mod 1024:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 496 (bits)
- - Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
-
-Prerequisite: SHS #4009, DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668
-Version 10.0.16299 |
-
-
-
-- 186-4:
-
-- Key Generation:
-
-- Probable Random Primes:
-
-- Mod lengths: 2048, 3072 (bits)
-- Primality Tests: C.2
- - Signature Generation PKCS1.5:
-
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Generation PSS:
-
-- Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Signature Verification PKCS1.5:
-
-- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
-- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
- - Signature Verification PSS:
-
-- Mod 1024:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 496 (bits)
- - Mod 2048:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
- - Mod 3072:
-
-- SHA-1: Salt Length: 160 (bits)
-- SHA-256: Salt Length: 256 (bits)
-- SHA-384: Salt Length: 384 (bits)
-- SHA-512: Salt Length: 512 (bits)
-
-Prerequisite: SHS #4009, DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667
-Version 10.0.16299 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
-SHA Val#3790 |
-Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524
-Version 10.0.15063 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3790 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523
-Version 10.0.15063 |
-
-
-FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-SHA Val#3790
-DRBG: Val# 1555 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522
-Version 10.0.15063 |
-
-
-FIPS186-4:
-186-4KEY(gen):
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-SHA Val#3790 |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521
-Version 10.0.15063 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
-FIPS186-4:
-ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
-SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3652 |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415
-Version 7.00.2872 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
-FIPS186-4:
-ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
-SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3651 |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414
-Version 8.00.6246 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val# 3649 , SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
-FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val# 3649
-DRBG: Val# 1430 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412
-Version 7.00.2872 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
-FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
- SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3648
-DRBG: Val# 1429 |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411
-Version 8.00.6246 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
-SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
-SHA Val# 3347 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
-Version 10.0.14393 |
-
-
-FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
-SHA Val# 3347 DRBG: Val# 1217 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195
-Version 10.0.14393 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3346 |
-soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194
-Version 10.0.14393 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val# 3347 DRBG: Val# 1217 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193
-Version 10.0.14393 |
-
-
-FIPS186-4:
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-SHA Val# 3347 DRBG: Val# 1217 |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192
-Version 10.0.14393 |
-
-
-FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
-SHA Val# 3047 DRBG: Val# 955 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889
-Version 10.0.10586 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#3048 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871
-Version 10.0.10586 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val# 3047 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888
-Version 10.0.10586 |
-
-
-FIPS186-4:
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-SHA Val# 3047 |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887
-Version 10.0.10586 |
-
-
-FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
-SHA Val# 2886 DRBG: Val# 868 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798
-Version 10.0.10240 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#2871 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784
-Version 10.0.10240 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#2871 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783
-Version 10.0.10240 |
-
-
-FIPS186-4:
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-SHA Val# 2886 |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802
-Version 10.0.10240 |
-
-
-FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e ;
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
-SHA Val#2373 DRBG: Val# 489 |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
-Version 6.3.9600 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#2373 |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494
-Version 6.3.9600 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
-SHA Val#2373 |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
-Version 6.3.9600 |
-
-
-FIPS186-4:
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
-SHA Val#2373 |
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
-Version 6.3.9600 |
-
-
-FIPS186-4:
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
-Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
-SHA #1903
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134. |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134 |
-
-
-FIPS186-4:
-186-4KEY(gen): FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
-SHA #1903 DRBG: #258 |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132. |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052. |
-Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051. |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568. |
-Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560. |
-Windows Server 2008 R2 and SP1 CNG algorithms #567
-Windows 7 and SP1 CNG algorithms #560 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559. |
-Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557. |
-Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395. |
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371. |
-Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357. |
-Windows Server 2008 CNG algorithms #358
-Windows Vista SP1 CNG algorithms #357 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354. |
-Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355
-Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353. |
-Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258. |
-Windows Vista RSA key generation implementation #258 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257. |
-Windows Vista CNG algorithms #257 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255. |
-Windows Vista Enhanced Cryptographic Provider (RSAENH) #255 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245. |
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230. |
-Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222. |
-Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222 |
-
-
-FIPS186-2:
-ALG[RSASSA-PKCS1_V1_5]:
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81. |
-Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81 |
-
-
-FIPS186-2:
-ALG[ANSIX9.31]:
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
-Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52. |
-Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52 |
-
-
-FIPS186-2:
-– PKCS#1 v1.5, signature generation and verification
-– Mod sizes: 1024, 1536, 2048, 3072, 4096
-– SHS: SHA–1/256/384/512 |
-Windows XP, vendor-affirmed
-Windows 2000, vendor-affirmed |
-
-
-
-
-
-#### Secure Hash Standard (SHS)
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- SHA-1:
-
-- Supports Empty Message
- - SHA-256:
-
-- Supports Empty Message
- - SHA-384:
-
-- Supports Empty Message
- - SHA-512:
-
-- Supports Empty Message
- |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011
-Version 10.0.15063.674 |
-
-
-
-- SHA-1:
-
-- Supports Empty Message
- - SHA-256:
-
-- Supports Empty Message
- - SHA-384:
-
-- Supports Empty Message
- - SHA-512:
-
-- Supports Empty Message
- |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010
-Version 10.0.15254 |
-
-
-
-- SHA-1:
-
-- Supports Empty Message
- - SHA-256:
-
-- Supports Empty Message
- - SHA-384:
-
-- Supports Empty Message
- - SHA-512:
-
-- Supports Empty Message
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009
-Version 10.0.16299 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790
-Version 10.0.15063 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652
-Version 7.00.2872 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651
-Version 8.00.6246 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649
-Version 7.00.2872 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648
-Version 8.00.6246 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
-Version 10.0.14393 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
-Version 10.0.14393 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
-Version 10.0.10586 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
-Version 10.0.10586 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
-Version 10.0.10240 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
-Version 10.0.10240 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
-Version 6.3.9600 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
-Version 6.3.9600 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only)
-Implementation does not support zero-length (null) messages. |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816 |
-
-
-| SHA-1 (BYTE-only) |
-Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785
-Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753
-Windows Vista Symmetric Algorithm Implementation #618 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only) |
-Windows Vista BitLocker Drive Encryption #737
-Windows Vista Beta 2 BitLocker Drive Encryption #495 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613
-Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364 |
-
-
-| SHA-1 (BYTE-only) |
-Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611
-Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610
-Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385
-Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371
-Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181
-Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177
-Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176 |
-
-
-SHA-1 (BYTE-only)
-SHA-256 (BYTE-only)
-SHA-384 (BYTE-only)
-SHA-512 (BYTE-only) |
-Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589
-Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578
-Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305 |
-
-
-| SHA-1 (BYTE-only) |
-Windows XP Microsoft Enhanced Cryptographic Provider #83
-Crypto Driver for Windows 2000 (fips.sys) #35
-Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32
-Windows 2000 RSAENH.DLL #24
-Windows 2000 RSABASE.DLL #23
-Windows NT 4 SP6 RSAENH.DLL #21
-Windows NT 4 SP6 RSABASE.DLL #20 |
-
-
-
-
-
-#### Triple DES
-
-
-
-
-
-
-
-
-| Modes / States / Key Sizes |
-Algorithm Implementation and Certificate # |
-
-
-
-- TDES-CBC:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-CFB64:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-CFB8:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-ECB:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558
-Version 10.0.15063.674 |
-
-
-
-- TDES-CBC:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-CFB64:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-CFB8:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-ECB:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557
-Version 10.0.15254 |
-
-
-
-- TDES-CBC:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-CFB64:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-CFB8:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- - TDES-ECB:
-
-- Modes: Decrypt, Encrypt
-- Keying Option: 1
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556
-Version 10.0.16299 |
-
-
-| TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, ) |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
-Version 10.0.15063 |
-
-
-TECB( KO 1 e/d, ) ;
-TCBC( KO 1 e/d, ) |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
-Version 8.00.6246 |
-
-
-TECB( KO 1 e/d, ) ;
-TCBC( KO 1 e/d, ) |
-Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
-Version 8.00.6246 |
-
-
-TECB( KO 1 e/d, ) ;
-TCBC( KO 1 e/d, ) ;
-CTR ( int only ) |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
-Version 7.00.2872 |
-
-
-TECB( KO 1 e/d, ) ;
-TCBC( KO 1 e/d, ) |
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
-Version 8.00.6246 |
-
-
-TECB( KO 1 e/d, ) ;
-TCBC( KO 1 e/d, ) ;
-TCFB8( KO 1 e/d, ) ;
-TCFB64( KO 1 e/d, ) |
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
-
-
-Version 10.0.14393 |
-
-
-TECB( KO 1 e/d, ) ;
-TCBC( KO 1 e/d, ) ;
-TCFB8( KO 1 e/d, ) ;
-TCFB64( KO 1 e/d, ) |
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
-
-
-Version 10.0.10586 |
-
-
-TECB( KO 1 e/d, ) ;
-TCBC( KO 1 e/d, ) ;
-TCFB8( KO 1 e/d, ) ;
-TCFB64( KO 1 e/d, ) |
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
-
-
-Version 10.0.10240 |
-
-
-TECB( KO 1 e/d, ) ;
-TCBC( KO 1 e/d, ) ;
-TCFB8( KO 1 e/d, ) ;
-TCFB64( KO 1 e/d, ) |
-Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
-Version 6.3.9600 |
-
-
-TECB( e/d; KO 1,2 ) ;
-TCBC( e/d; KO 1,2 ) ;
-TCFB8( e/d; KO 1,2 ) ;
-TCFB64( e/d; KO 1,2 ) |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387 |
-
-
-TECB( e/d; KO 1,2 ) ;
-TCBC( e/d; KO 1,2 ) ;
-TCFB8( e/d; KO 1,2 ) |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386 |
-
-
-TECB( e/d; KO 1,2 ) ;
-TCBC( e/d; KO 1,2 ) ;
-TCFB8( e/d; KO 1,2 ) |
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846 |
-
-
-TECB( e/d; KO 1,2 ) ;
-TCBC( e/d; KO 1,2 ) ;
-TCFB8( e/d; KO 1,2 ) |
-Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656 |
-
-
-TECB( e/d; KO 1,2 ) ;
-TCBC( e/d; KO 1,2 ) ;
-TCFB8( e/d; KO 1,2 ) |
-Windows Vista Symmetric Algorithm Implementation #549 |
-
-
-| Triple DES MAC |
-Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed |
-
-
-TECB( e/d; KO 1,2 ) ;
-TCBC( e/d; KO 1,2 ) |
-Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308
-Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691
-Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677
-Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676
-Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675
-Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544
-Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543
-Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542
-Windows CE 6.0 and Window CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526
-Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517
-Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381
-Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370
-Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365
-Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315
-Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201
-Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199
-Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192
-Windows XP Microsoft Enhanced Cryptographic Provider #81
-Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18
-Crypto Driver for Windows 2000 (fips.sys) #16 |
-
-
-
-
-
-#### SP 800-132 Password Based Key Derivation Function (PBKDF)
-
-
-
- |
- Modes / States / Key Sizes
- |
-
- Algorithm Implementation and Certificate #
- |
-
-
- |
- PBKDF (vendor affirmed) |
-
- Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
(Software Version: 10.0.14393)
- Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)
- Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
(Software Version: 10.0.14393)
- Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931
(Software Version: 10.0.14393)
- |
-
-
- |
- PBKDF (vendor affirmed) |
-
- Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)
- Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed
- |
-
-
-
-
-#### Component Validation List
-
-
-
-
-
-
-
-
-| Publication / Component Validated / Description |
-Implementation and Certificate # |
-
-
-
-- ECDSA SigGen:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: DRBG #489 |
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540
-Version 6.3.9600 |
-
-
-
-- RSASP1:
-
-- Modulus Size: 2048 (bits)
-- Padding Algorithms: PKCS 1.5
- |
-Microsoft Surface Hub Virtual TPM Implementations #1519
-Version 10.0.15063.674 |
-
-
-
-- RSASP1:
-
-- Modulus Size: 2048 (bits)
-- Padding Algorithms: PKCS 1.5
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518
-Version 10.0.16299 |
-
-
-
-- RSADP:
-
-- Modulus Size: 2048 (bits)
- |
-Microsoft Surface Hub MsBignum Cryptographic Implementations #1517
-Version 10.0.15063.674 |
-
-
-
-- RSASP1:
-
-- Modulus Size: 2048 (bits)
-- Padding Algorithms: PKCS 1.5
- |
-Microsoft Surface Hub MsBignum Cryptographic Implementations #1516
-Version 10.0.15063.674 |
-
-
-
-- ECDSA SigGen:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
- Prerequisite: DRBG #1732 |
-Microsoft Surface Hub MsBignum Cryptographic Implementations #1515
-Version 10.0.15063.674 |
-
-
-
-- ECDSA SigGen:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: DRBG #1732 |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514
-Version 10.0.15063.674 |
-
-
-
-- RSADP:
-
-- Modulus Size: 2048 (bits)
- |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513
-Version 10.0.15063.674 |
-
-
-
-- RSASP1:
-
-- Modulus Size: 2048 (bits)
-- Padding Algorithms: PKCS 1.5
- |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512
-Version 10.0.15063.674 |
-
-
-
-- IKEv1:
-
-- Methods: Digital Signature, Pre-shared Key, Public Key Encryption
-- Pre-shared Key Length: 64-2048
-- Diffie-Hellman shared secrets:
-
-- Diffie-Hellman shared secret:
-
-- Length: 2048 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 256 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 384 (bits)
-- SHA Functions: SHA-384
-
-Prerequisite: SHS #4011, HMAC #3269
-
-- IKEv2:
-
-- Derived Keying Material length: 192-1792
-- Diffie-Hellman shared secrets:
-
-- Diffie-Hellman shared secret:
-
-- Length: 2048 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 256 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 384 (bits)
-- SHA Functions: SHA-384
-
-Prerequisite: SHS #4011, HMAC #3269
-
-- TLS:
-
-- Supports TLS 1.0/1.1
-- Supports TLS 1.2:
-
-- SHA Functions: SHA-256, SHA-384
-
-Prerequisite: SHS #4011, HMAC #3269 |
-Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511
-Version 10.0.15063.674 |
-
-
-
-- ECDSA SigGen:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: DRBG #1731 |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510
-Version 10.0.15254 |
-
-
-
-- RSADP:
-
-- Modulus Size: 2048 (bits)
- |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509
-Version 10.0.15254 |
-
-
-
-- RSASP1:
-
-- Modulus Size: 2048 (bits)
-- Padding Algorithms: PKCS 1.5
- |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508
-Version 10.0.15254 |
-
-
-
-- IKEv1:
-
-- Methods: Digital Signature, Pre-shared Key, Public Key Encryption
-- Pre-shared Key Length: 64-2048
-- Diffie-Hellman shared secrets:
-
-- Diffie-Hellman shared secret:
-
-- Length: 2048 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 256 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 384 (bits)
-- SHA Functions: SHA-384
-
-Prerequisite: SHS #4010, HMAC #3268
-
-- IKEv2:
-
-- Derived Keying Material length: 192-1792
-- Diffie-Hellman shared secrets:
-
-- Diffie-Hellman shared secret:
-
-- Length: 2048 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 256 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 384 (bits)
-- SHA Functions: SHA-384
-
-Prerequisite: SHS #4010, HMAC #3268
-
-- TLS:
-
-- Supports TLS 1.0/1.1
-- Supports TLS 1.2:
-
-- SHA Functions: SHA-256, SHA-384
-
-Prerequisite: SHS #4010, HMAC #3268 |
-Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507
-Version 10.0.15254 |
-
-
-
-- ECDSA SigGen:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: DRBG #1731 |
-Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506
-Version 10.0.15254 |
-
-
-
-- RSADP:
-
-- Modulus Size: 2048 (bits)
- |
-Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505
-Version 10.0.15254 |
-
-
-
-- RSASP1:
-
-- Modulus Size: 2048 (bits)
-- Padding Algorithms: PKCS 1.5
- |
-Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504
-Version 10.0.15254 |
-
-
-
-- ECDSA SigGen:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503
-Version 10.0.16299 |
-
-
-
-- RSADP:
-
-- Modulus Size: 2048 (bits)
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502
-Version 10.0.16299 |
-
-
-
-- RSASP1:
-
-- Modulus Size: 2048 (bits)
-- Padding Algorithms: PKCS 1.5
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501
-Version 10.0.16299 |
-
-
-
-- ECDSA SigGen:
-
-- P-256 SHA: SHA-256
-- P-384 SHA: SHA-384
-- P-521 SHA: SHA-512
-
-Prerequisite: DRBG #1730 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499
-Version 10.0.16299 |
-
-
-
-- RSADP:
-
-- Modulus Size: 2048 (bits)
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498
-Version 10.0.16299
- |
-
-
-
-- RSASP1:
-
-- Modulus Size: 2048 (bits)
-- Padding Algorithms: PKCS 1.5
- |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1497
-Version 10.0.16299 |
-
-
-
-- IKEv1:
-
-- Methods: Digital Signature, Pre-shared Key, Public Key Encryption
-- Pre-shared Key Length: 64-2048
-- Diffie-Hellman shared secrets:
-
-- Diffie-Hellman shared secret:
-
-- Length: 2048 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 256 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 384 (bits)
-- SHA Functions: SHA-384
-
-Prerequisite: SHS #4009, HMAC #3267
-
-- IKEv2:
-
-- Derived Keying Material length: 192-1792
-- Diffie-Hellman shared secrets:
-
-- Diffie-Hellman shared secret:
-
-- Length: 2048 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 256 (bits)
-- SHA Functions: SHA-256
- - Diffie-Hellman shared secret:
-
-- Length: 384 (bits)
-- SHA Functions: SHA-384
-
-Prerequisite: SHS #4009, HMAC #3267
-
-- TLS:
-
-- Supports TLS 1.0/1.1
-- Supports TLS 1.2:
-
-- SHA Functions: SHA-256, SHA-384
-
-Prerequisite: SHS #4009, HMAC #3267 |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1496
-Version 10.0.16299 |
-
-
-FIPS186-4 ECDSA
-Signature Generation of hash sized messages
-ECDSA SigGen Component: CURVES( P-256 P-384 P-521 ) |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
-Version 10.0. 15063
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
-Version 10.0. 15063
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
-Version 10.0.14393
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
-Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
-Version 10.0.10586
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
-Version 6.3.9600 |
-
-
-FIPS186-4 RSA; PKCS#1 v2.1
-RSASP1 Signature Primitive
-RSASP1: (Mod2048: PKCS1.5 PKCSPSS) |
-Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285
-Version 10.0.15063
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282
-Version 10.0.15063
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
-Version 10.0.15063
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
-Version 10.0.14393
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
-Version 10.0.14393
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
-Version 10.0.10586
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
-Version 10.0.10240
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289
-Version 6.3.9600 |
-
-
-FIPS186-4 RSA; RSADP
-RSADP Primitive
-RSADP: (Mod2048) |
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283
-Version 10.0.15063
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
-Version 10.0.15063
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
-Version 10.0.14393
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
-Version 10.0.14393
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663
-Version 10.0.10586
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576
-Version 10.0.10240 |
-
-
-SP800-135
-Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS |
-Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1496
-Version 10.0.16299
-Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
-Version 10.0.15063
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140
-Version 7.00.2872
-Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139
-Version 8.00.6246
-Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886
-Version 10.0.14393
-Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664
-Version 10.0.10586
-Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
-Version 10.0.10240
-Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
-Version 6.3.9600 |
-
-
-
-
-
-## References
-
-\[[FIPS 140](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)\] - FIPS 140-2, Security Requirements for Cryptographic Modules
-
-\[[FIPS FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)\] - Cryptographic Module Validation Program (CMVP) FAQ
-
-\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised)
-
-\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
-
-## Additional Microsoft References
-
-Enabling FIPS mode -
-
-Cipher Suites in Schannel - [https://msdn.microsoft.com/library/aa374757(VS.85).aspx](https://msdn.microsoft.com/library/aa374757\(vs.85\).aspx)
-
+---
+title: FIPS 140 Validation
+description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140.
+ms.prod: w10
+audience: ITPro
+author: dulcemontemayor
+ms.author: dansimp
+manager: dansimp
+ms.collection: M365-identity-device-management
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 11/05/2019
+ms.reviewer:
+---
+
+# FIPS 140-2 Validation
+
+## FIPS 140-2 standard overview
+
+The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996.
+
+The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program), a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover eleven areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.
+
+## Microsoft’s approach to FIPS 140-2 validation
+
+Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since the inception of the standard in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.
+
+## Using Windows in a FIPS 140-2 approved mode of operation
+
+Windows 10 and Windows server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.” Achieving this mode of operation requires administrators to complete all four steps outlined below.
+
+### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed
+
+Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. This is accomplished by cross-checking the version number of the cryptographic module with the table of validated modules at the end of this topic, organized by operating system release.
+
+### Step 2: Ensure all security policies for all cryptographic modules are followed
+
+Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found by following the links in the table of validated modules at the end of this topic. Click on the module version number to view the published SPD for the module.
+
+### Step 3: Enable the FIPS security policy
+
+Windows provides the security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing).
+
+### Step 4: Ensure only FIPS validated cryptographic algorithms are used
+
+Neither the operating system nor the cryptographic modules can enforce a FIPS approved mode of operation, regardless of the FIPS security policy setting. To run in a FIPS approved mode, an application or service must check for the policy flag and enforce the security policies of the validated modules. If an application or service uses a non-approved cryptographic algorithm or does not follow the security policies of the validated modules, it is not operating in a FIPS approved mode.
+
+## Frequently asked questions
+
+### How long does it take to certify cryptographic modules?
+
+Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors.
+
+### When does Microsoft undertake a FIPS 140 validation?
+
+The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server. As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules.
+
+### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”?
+
+“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
+
+### I need to know if a Windows service or application is FIPS 140-2 validated.
+
+The cryptographic modules leveraged in Windows are validated through the CMVP, not individual services, applications, hardware peripherals, or other solutions. For a solution to be considered compliant, it must call a FIPS 140-2 validated cryptographic module in the underlying OS and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module.
+
+### What does "When operated in FIPS mode" mean on a certificate?
+
+This caveat identifies required configuration and security rules that must be followed to use the cryptographic module in a way that is consistent with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module.
+
+### What is the relationship between FIPS 140-2 and Common Criteria?
+
+These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
+
+### How does FIPS 140 relate to Suite B?
+
+Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140-2 standard.
+
+## Microsoft FIPS 140-2 validated cryptographic modules
+
+The following tables identify the cryptographic modules used in an operating system, organized by release.
+
+## Modules used by Windows
+
+##### Windows 10 Spring 2018 Update (Version 1803)
+
+Validated Editions: Home, Pro, Enterprise, Education
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library |
+10.0.17134 |
+#3197 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Kernel Mode Cryptographic Primitives Library |
+10.0.17134 |
+#3196 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Code Integrity |
+10.0.17134 |
+#3195 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Windows OS Loader |
+10.0.17134 |
+#3480 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Secure Kernel Code Integrity |
+10.0.17134 |
+#3096 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| BitLocker Dump Filter |
+10.0.17134 |
+#3092 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Boot Manager |
+10.0.17134 |
+#3089 |
+See Security Policy and Certificate page for algorithm information |
+
+
+
+
+
+##### Windows 10 Fall Creators Update (Version 1709)
+
+Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library |
+10.0.16299 |
+#3197 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Kernel Mode Cryptographic Primitives Library |
+10.0.16299 |
+#3196 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Code Integrity |
+10.0.16299 |
+#3195 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Windows OS Loader |
+10.0.16299 |
+#3194 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Secure Kernel Code Integrity |
+10.0.16299 |
+#3096 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| BitLocker Dump Filter |
+10.0.16299 |
+#3092 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Windows Resume |
+10.0.16299 |
+#3091 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Boot Manager |
+10.0.16299 |
+#3089 |
+See Security Policy and Certificate page for algorithm information |
+
+
+
+
+
+##### Windows 10 Creators Update (Version 1703)
+
+Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
+
+
+
+
+\[1\] Applies only to Home, Pro, Enterprise, Education and S
+
+\[2\] Applies only to Pro, Enterprise, Education, S, Mobile and Surface Hub
+
+\[3\] Applies only to Pro, Enterprise Education and S
+
+##### Windows 10 Anniversary Update (Version 1607)
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
+10.0.14393 |
+#2937 |
+FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
+Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886) |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+10.0.14393 |
+#2936 |
+FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
+Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887) |
+
+
+| Boot Manager |
+10.0.14393 |
+#2931 |
+FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
+Other algorithms: MD5; PBKDF (non-compliant); VMK KDF |
+
+
+| BitLocker® Windows OS Loader (winload) |
+10.0.14393 |
+#2932 |
+FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: NDRNG; MD5 |
+
+
+| BitLocker® Windows Resume (winresume)[1] |
+10.0.14393 |
+#2933 |
+FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Dump Filter (dumpfve.sys)[2] |
+10.0.14393 |
+#2934 |
+FIPS Approved algorithms: AES (Certs. #4061 and #4064) |
+
+
+| Code Integrity (ci.dll) |
+10.0.14393 |
+#2935 |
+FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: AES (non-compliant); MD5
+Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) |
+
+
+| Secure Kernel Code Integrity (skci.dll)[3] |
+10.0.14393 |
+#2938 |
+FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+
+Other algorithms: MD5
+Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) |
+
+
+
+
+
+\[1\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+
+\[2\] Applies only to Pro, Enterprise, Enterprise LTSB and Mobile
+
+\[3\] Applies only to Pro, Enterprise and Enterprise LTSB
+
+##### Windows 10 November 2015 Update (Version 1511)
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
+10.0.10586 |
+#2606 |
+FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
+Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664) |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+10.0.10586 |
+#2605 |
+FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
+Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663) |
+
+
+| Boot Manager[4] |
+10.0.10586 |
+#2700 |
+FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
+
+
+| BitLocker® Windows OS Loader (winload)[5] |
+10.0.10586 |
+#2701 |
+FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+
+Other algorithms: MD5; NDRNG |
+
+
+| BitLocker® Windows Resume (winresume)[6] |
+10.0.10586 |
+#2702 |
+FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Dump Filter (dumpfve.sys)[7] |
+10.0.10586 |
+#2703 |
+FIPS Approved algorithms: AES (Certs. #3653) |
+
+
+| Code Integrity (ci.dll) |
+10.0.10586 |
+#2604 |
+FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+
+Other algorithms: AES (non-compliant); MD5
+Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) |
+
+
+| Secure Kernel Code Integrity (skci.dll)[8] |
+10.0.10586 |
+#2607 |
+FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+
+Other algorithms: MD5
+Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) |
+
+
+
+
+
+\[4\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub
+
+\[5\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub
+
+\[6\] Applies only to Home, Pro and Enterprise
+
+\[7\] Applies only to Pro, Enterprise, Mobile and Surface Hub
+
+\[8\] Applies only to Enterprise and Enterprise LTSB
+
+##### Windows 10 (Version 1507)
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
+10.0.10240 |
+#2606 |
+FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
+Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575) |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+10.0.10240 |
+#2605 |
+FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+
+Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
+Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576) |
+
+
+| Boot Manager[9] |
+10.0.10240 |
+#2600 |
+FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
+
+
+| BitLocker® Windows OS Loader (winload)[10] |
+10.0.10240 |
+#2601 |
+FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+
+Other algorithms: MD5; NDRNG |
+
+
+| BitLocker® Windows Resume (winresume)[11] |
+10.0.10240 |
+#2602 |
+FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Dump Filter (dumpfve.sys)[12] |
+10.0.10240 |
+#2603 |
+FIPS Approved algorithms: AES (Certs. #3497 and #3498) |
+
+
+| Code Integrity (ci.dll) |
+10.0.10240 |
+#2604 |
+FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+
+Other algorithms: AES (non-compliant); MD5
+Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) |
+
+
+| Secure Kernel Code Integrity (skci.dll)[13] |
+10.0.10240 |
+#2607 |
+FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+
+Other algorithms: MD5
+Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) |
+
+
+
+
+
+\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+
+\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+
+\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+
+\[12\] Applies only to Pro, Enterprise and Enterprise LTSB
+
+\[13\] Applies only to Enterprise and Enterprise LTSB
+
+##### Windows 8.1
+
+Validated Editions: RT, Pro, Enterprise, Phone, Embedded
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
+6.3.9600 6.3.9600.17031 |
+#2357 |
+FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
+Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323) |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+6.3.9600 6.3.9600.17042 |
+#2356 |
+FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
+Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) |
+
+
+| Boot Manager |
+6.3.9600 6.3.9600.17031 |
+#2351 |
+FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
+
+
+| BitLocker® Windows OS Loader (winload) |
+6.3.9600 6.3.9600.17031 |
+#2352 |
+FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+
+Other algorithms: MD5; NDRNG |
+
+
+| BitLocker® Windows Resume (winresume)[14] |
+6.3.9600 6.3.9600.17031 |
+#2353 |
+FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Dump Filter (dumpfve.sys) |
+6.3.9600 6.3.9600.17031 |
+#2354 |
+FIPS Approved algorithms: AES (Cert. #2832)
+
+Other algorithms: N/A |
+
+
+| Code Integrity (ci.dll) |
+6.3.9600 6.3.9600.17031 |
+#2355#2355 |
+FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+
+Other algorithms: MD5
+Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) |
+
+
+
+
+
+\[14\] Applies only to Pro, Enterprise, and Embedded 8.
+
+##### Windows 8
+
+Validated Editions: RT, Home, Pro, Enterprise, Phone
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) |
+6.2.9200 |
+#1892 |
+FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert. ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
+
+ |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+6.2.9200 |
+#1891 |
+FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RNG (Cert. ); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
+
+
+| Boot Manager |
+6.2.9200 |
+#1895 |
+FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Windows OS Loader (WINLOAD) |
+6.2.9200 |
+#1896 |
+FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG |
+
+
+| BitLocker® Windows Resume (WINRESUME)[15] |
+6.2.9200 |
+#1898 |
+FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Dump Filter (DUMPFVE.SYS) |
+6.2.9200 |
+#1899 |
+FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+
+Other algorithms: N/A |
+
+
+| Code Integrity (CI.DLL) |
+6.2.9200 |
+#1897 |
+FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5 |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) |
+6.2.9200 |
+#1893 |
+FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert. ); Triple-DES MAC (Triple-DES Cert. , vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. , key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+| Enhanced Cryptographic Provider (RSAENH.DLL) |
+6.2.9200 |
+#1894 |
+FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+
+
+
+\[15\] Applies only to Home and Pro
+
+**Windows 7**
+
+Validated Editions: Windows 7, Windows 7 SP1
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) |
+6.1.7600.16385
+6.1.7601.17514 |
+1329 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+6.1.7600.16385
+6.1.7600.16915
+6.1.7600.21092
+6.1.7601.17514
+6.1.7601.17725
+6.1.7601.17919
+6.1.7601.21861
+6.1.7601.22076 |
+1328 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
+
+
+| Boot Manager |
+6.1.7600.16385
+6.1.7601.17514 |
+1319 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5#1168 and ); HMAC (Cert. ); RSA (Cert. ); SHS (Cert. )
+
+Other algorithms: MD5 |
+
+
+| Winload OS Loader (winload.exe) |
+6.1.7600.16385
+6.1.7600.16757
+6.1.7600.20897
+6.1.7600.20916
+6.1.7601.17514
+6.1.7601.17556
+6.1.7601.21655
+6.1.7601.21675 |
+1326 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5 |
+
+
+| BitLocker™ Drive Encryption |
+6.1.7600.16385
+6.1.7600.16429
+6.1.7600.16757
+6.1.7600.20536
+6.1.7600.20873
+6.1.7600.20897
+6.1.7600.20916
+6.1.7601.17514
+6.1.7601.17556
+6.1.7601.21634
+6.1.7601.21655
+6.1.7601.21675 |
+1332 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+
+Other algorithms: Elephant Diffuser |
+
+
+| Code Integrity (CI.DLL) |
+6.1.7600.16385
+6.1.7600.17122
+6.1.7600.21320
+6.1.7601.17514
+6.1.7601.17950
+6.1.7601.22108 |
+1327 |
+FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
+
+Other algorithms: MD5 |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) |
+6.1.7600.16385
+(no change in SP1) |
+1331 |
+FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 |
+
+
+| Enhanced Cryptographic Provider (RSAENH.DLL) |
+6.1.7600.16385
+(no change in SP1) |
+1330 |
+FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+
+
+
+##### Windows Vista SP1
+
+Validated Editions: Ultimate Edition
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Boot Manager (bootmgr) |
+6.0.6001.18000 and 6.0.6002.18005 |
+978 |
+FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753) |
+
+
+| Winload OS Loader (winload.exe) |
+6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596 |
+979 |
+FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
+
+Other algorithms: MD5 |
+
+
+| Code Integrity (ci.dll) |
+6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005 |
+980 |
+FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
+
+Other algorithms: MD5 |
+
+
+| Kernel Mode Security Support Provider Interface (ksecdd.sys) |
+6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 |
+1000 |
+FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and ); ECDSA (Cert. ); HMAC (Cert. ); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+| Cryptographic Primitives Library (bcrypt.dll) |
+6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 |
+1001 |
+FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) |
+
+
+| Enhanced Cryptographic Provider (RSAENH) |
+6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 |
+1002 |
+FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
+6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 |
+1003 |
+FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
+
+
+
+
+
+##### Windows Vista
+
+Validated Editions: Ultimate Edition
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Enhanced Cryptographic Provider (RSAENH) |
+6.0.6000.16386 |
+893 |
+FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
+6.0.6000.16386 |
+894 |
+FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
+
+
+| BitLocker™ Drive Encryption |
+6.0.6000.16386 |
+947 |
+FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
+
+Other algorithms: Elephant Diffuser |
+
+
+| Kernel Mode Security Support Provider Interface (ksecdd.sys) |
+6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067 |
+891 |
+FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+
+Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 |
+
+
+
+
+
+##### Windows XP SP3
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Kernel Mode Cryptographic Module (FIPS.SYS) |
+5.1.2600.5512 |
+997 |
+FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)
+Other algorithms: DES; MD5; HMAC MD5 |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
+5.1.2600.5507 |
+990 |
+FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)
+Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4 |
+
+
+| Enhanced Cryptographic Provider (RSAENH) |
+5.1.2600.5507 |
+989 |
+FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)
+Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits) |
+
+
+
+
+
+##### Windows XP SP2
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| DSS/Diffie-Hellman Enhanced Cryptographic Provider |
+5.1.2600.2133 |
+240 |
+FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)
+Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement) |
+
+
+| Microsoft Enhanced Cryptographic Provider |
+5.1.2600.2161 |
+238 |
+FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
+Other algorithms: DES (Cert. #156); RC2; RC4; MD5 |
+
+
+
+
+
+##### Windows XP SP1
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Microsoft Enhanced Cryptographic Provider |
+5.1.2600.1029 |
+238 |
+FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)
+Other algorithms: DES (Cert. #156); RC2; RC4; MD5 |
+
+
+
+
+
+##### Windows XP
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Kernel Mode Cryptographic Module |
+5.1.2600.0 |
+241 |
+FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)
+Other algorithms: DES (Cert. #89) |
+
+
+
+
+
+##### Windows 2000 SP3
+
+
+
+
+##### Windows 2000 SP2
+
+
+
+
+##### Windows 2000 SP1
+
+
+
+
+##### Windows 2000
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider |
+5.0.2150.1 |
+76 |
+FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)
+Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
+
+
+
+
+
+##### Windows 95 and Windows 98
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider |
+5.0.1877.6 and 5.0.1877.7 |
+75 |
+FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)
+Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
+
+
+
+
+
+##### Windows NT 4.0
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Base Cryptographic Provider |
+5.0.1877.6 and 5.0.1877.7 |
+68 |
+FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
+
+Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
+
+
+
+
+## Modules used by Windows Server
+
+##### Windows Server (Version 1803)
+
+Validated Editions: Standard, Datacenter
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library |
+10.0.17134 |
+#3197 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Kernel Mode Cryptographic Primitives Library |
+10.0.17134 |
+#3196 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Code Integrity |
+10.0.17134 |
+#3195 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Windows OS Loader |
+10.0.17134 |
+#3480 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Secure Kernel Code Integrity |
+10.0.17134 |
+#3096 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| BitLocker Dump Filter |
+10.0.17134 |
+#3092 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Boot Manager |
+10.0.17134 |
+#3089 |
+See Security Policy and Certificate page for algorithm information |
+
+
+
+
+
+##### Windows Server (Version 1709)
+
+Validated Editions: Standard, Datacenter
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library |
+10.0.16299 |
+#3197 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Kernel Mode Cryptographic Primitives Library |
+10.0.16299 |
+#3196 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Code Integrity |
+10.0.16299 |
+#3195 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Windows OS Loader |
+10.0.16299 |
+#3194 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Secure Kernel Code Integrity |
+10.0.16299 |
+#3096 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| BitLocker Dump Filter |
+10.0.16299 |
+#3092 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Windows Resume |
+10.0.16299 |
+#3091 |
+See Security Policy and Certificate page for algorithm information |
+
+
+| Boot Manager |
+10.0.16299 |
+#3089 |
+See Security Policy and Certificate page for algorithm information |
+
+
+
+
+
+##### Windows Server 2016
+
+Validated Editions: Standard, Datacenter, Storage Server
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
+10.0.14393 |
+2937 |
+FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+10.0.14393 |
+2936 |
+FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+
+Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) |
+
+
+| Boot Manager |
+10.0.14393 |
+2931 |
+FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)
+Other algorithms: MD5; PBKDF (non-compliant); VMK KDF |
+
+
+| BitLocker® Windows OS Loader (winload) |
+10.0.14393 |
+2932 |
+FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: NDRNG; MD5 |
+
+
+| BitLocker® Windows Resume (winresume) |
+10.0.14393 |
+2933 |
+FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Dump Filter (dumpfve.sys) |
+10.0.14393 |
+2934 |
+FIPS Approved algorithms: AES (Certs. #4061 and #4064) |
+
+
+| Code Integrity (ci.dll) |
+10.0.14393 |
+2935 |
+FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+
+Other algorithms: AES (non-compliant); MD5 |
+
+
+| Secure Kernel Code Integrity (skci.dll) |
+10.0.14393 |
+2938 |
+FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+
+Other algorithms: MD5 |
+
+
+
+
+
+##### Windows Server 2012 R2
+
+Validated Editions: Server, Storage Server,
+
+**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) |
+6.3.9600 6.3.9600.17031 |
+2357 |
+FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+6.3.9600 6.3.9600.17042 |
+2356 |
+FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+
+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) |
+
+
+| Boot Manager |
+6.3.9600 6.3.9600.17031 |
+2351 |
+FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
+
+
+| BitLocker® Windows OS Loader (winload) |
+6.3.9600 6.3.9600.17031 |
+2352 |
+FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+
+Other algorithms: MD5; NDRNG |
+
+
+| BitLocker® Windows Resume (winresume)[16] |
+6.3.9600 6.3.9600.17031 |
+2353 |
+FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Dump Filter (dumpfve.sys)[17] |
+6.3.9600 6.3.9600.17031 |
+2354 |
+FIPS Approved algorithms: AES (Cert. #2832)
+
+Other algorithms: N/A |
+
+
+| Code Integrity (ci.dll) |
+6.3.9600 6.3.9600.17031 |
+2355 |
+FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+
+Other algorithms: MD5 |
+
+
+
+
+
+\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+**Windows Server 2012**
+
+Validated Editions: Server, Storage Server
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) |
+6.2.9200 |
+1892 |
+FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert. ); HMAC (Cert. #); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+6.2.9200 |
+1891 |
+FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
+
+
+| Boot Manager |
+6.2.9200 |
+1895 |
+FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Windows OS Loader (WINLOAD) |
+6.2.9200 |
+1896 |
+FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG |
+
+
+| BitLocker® Windows Resume (WINRESUME) |
+6.2.9200 |
+1898 |
+FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5 |
+
+
+| BitLocker® Dump Filter (DUMPFVE.SYS) |
+6.2.9200 |
+1899 |
+FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+
+Other algorithms: N/A |
+
+
+| Code Integrity (CI.DLL) |
+6.2.9200 |
+1897 |
+FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+
+Other algorithms: MD5 |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) |
+6.2.9200 |
+1893 |
+FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+| Enhanced Cryptographic Provider (RSAENH.DLL) |
+6.2.9200 |
+1894 |
+FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+
+Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+
+
+
+##### Windows Server 2008 R2
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Boot Manager (bootmgr) |
+6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.17514 |
+1321 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5 |
+
+
+| Winload OS Loader (winload.exe) |
+6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 |
+1333 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5 |
+
+
+| Code Integrity (ci.dll) |
+6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 |
+1334 |
+FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
+
+Other algorithms: MD5 |
+
+
+| Kernel Mode Cryptographic Primitives Library (cng.sys) |
+6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 |
+1335 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
+
+
+| Cryptographic Primitives Library (bcryptprimitives.dll) |
+66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.17514 |
+1336 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4 |
+
+
+| Enhanced Cryptographic Provider (RSAENH) |
+6.1.7600.16385 |
+1337 |
+FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
+6.1.7600.16385 |
+1338 |
+FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 |
+
+
+| BitLocker™ Drive Encryption |
+6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 |
+1339 |
+FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+
+Other algorithms: Elephant Diffuser |
+
+
+
+
+
+##### Windows Server 2008
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Boot Manager (bootmgr) |
+6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 |
+1004 |
+FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: N/A |
+
+
+| Winload OS Loader (winload.exe) |
+6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 |
+1005 |
+FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: MD5 |
+
+
+| Code Integrity (ci.dll) |
+6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 |
+1006 |
+FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
+
+Other algorithms: MD5 |
+
+
+| Kernel Mode Security Support Provider Interface (ksecdd.sys) |
+6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 |
+1007 |
+FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert. ); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and ); SHS (Cert. ); Triple-DES (Cert. )
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+| Cryptographic Primitives Library (bcrypt.dll) |
+6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 |
+1008 |
+FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
+6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 |
+1009 |
+FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+
+-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
+
+
+| Enhanced Cryptographic Provider (RSAENH) |
+6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 |
+1010 |
+FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
+
+Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+
+
+
+##### Windows Server 2003 SP2
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
+5.2.3790.3959 |
+875 |
+FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)
+Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4 |
+
+
+| Kernel Mode Cryptographic Module (FIPS.SYS) |
+5.2.3790.3959 |
+869 |
+FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)
+Other algorithms: DES; HMAC-MD5 |
+
+
+| Enhanced Cryptographic Provider (RSAENH) |
+5.2.3790.3959 |
+868 |
+FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)
+Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
+
+
+
+
+
+##### Windows Server 2003 SP1
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Kernel Mode Cryptographic Module (FIPS.SYS) |
+5.2.3790.1830 [SP1] |
+405 |
+FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
+Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
+[1] x86
+[2] SP1 x86, x64, IA64 |
+
+
+| Enhanced Cryptographic Provider (RSAENH) |
+5.2.3790.1830 [Service Pack 1]) |
+382 |
+FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
+Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
+[1] x86
+[2] SP1 x86, x64, IA64 |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
+5.2.3790.1830 [Service Pack 1] |
+381 |
+FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
+Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
+[1] x86
+[2] SP1 x86, x64, IA64 |
+
+
+
+
+
+##### Windows Server 2003
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Kernel Mode Cryptographic Module (FIPS.SYS) |
+5.2.3790.0 |
+405 |
+FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])
+Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
+[1] x86
+[2] SP1 x86, x64, IA64 |
+
+
+| Enhanced Cryptographic Provider (RSAENH) |
+5.2.3790.0 |
+382 |
+FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])
+Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
+[1] x86
+[2] SP1 x86, x64, IA64 |
+
+
+| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) |
+5.2.3790.0 |
+381 |
+FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)
+Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
+[1] x86
+[2] SP1 x86, x64, IA64 |
+
+
+
+
+
+#### Other Products
+
+##### Windows Embedded Compact 7 and Windows Embedded Compact 8
+
+
+
+
+
+##### Windows CE 6.0 and Windows Embedded Compact 7
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Enhanced Cryptographic Provider |
+6.00.1937 [1] and 7.00.1687 [2] |
+825 |
+FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])
+Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES |
+
+
+
+
+
+##### Outlook Cryptographic Provider
+
+
+
+
+
+
+
+
+
+
+| Cryptographic Module |
+Version (link to Security Policy) |
+FIPS Certificate # |
+Algorithms |
+
+
+| Outlook Cryptographic Provider (EXCHCSP) |
+SR-1A (3821)SR-1A (3821) |
+110 |
+FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)
+Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5 |
+
+
+
+
+
+
+### Cryptographic Algorithms
+
+The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.
+
+### Advanced Encryption Standard (AES)
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- AES-CBC:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CFB128:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CTR:
+
+- Counter Source: Internal
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-OFB:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ |
+Microsoft Surface Hub Virtual TPM Implementations #4904
+Version 10.0.15063.674 |
+
+
+
+- AES-CBC:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CFB128:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CTR:
+
+- Counter Source: Internal
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-OFB:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903
+Version 10.0.16299 |
+
+
+
+- AES-CBC:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CCM:
+
+- Key Lengths: 128, 192, 256 (bits)
+- Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
+- IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
+- Plain Text Length: 0-32
+- AAD Length: 0-65536
+ - AES-CFB128:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CFB8:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CMAC:
+
+- Generation:
+
+- AES-128:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-192:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-256:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - Verification:
+
+- AES-128:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-192:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-256:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-CTR:
+
+- Counter Source: Internal
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-ECB:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-GCM:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+- Tag Lengths: 96, 104, 112, 120, 128 (bits)
+- Plain Text Lengths: 0, 8, 1016, 1024 (bits)
+- AAD Lengths: 0, 8, 1016, 1024 (bits)
+- 96 bit IV supported
+ - AES-XTS:
+
+- Key Size: 128:
+
+- Modes: Decrypt, Encrypt
+- Block Sizes: Full
+ - Key Size: 256:
+
+- Modes: Decrypt, Encrypt
+- Block Sizes: Full
+ |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902
+Version 10.0.15063.674 |
+
+
+
+- AES-CBC:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CCM:
+
+- Key Lengths: 128, 192, 256 (bits)
+- Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
+- IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
+- Plain Text Length: 0-32
+- AAD Length: 0-65536
+ - AES-CFB128:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CFB8:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CMAC:
+
+- Generation:
+
+- AES-128:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-192:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-256:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - Verification:
+
+- AES-128:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-192:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-256:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-CTR:
+
+- Counter Source: Internal
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-ECB:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-GCM:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+- Tag Lengths: 96, 104, 112, 120, 128 (bits)
+- Plain Text Lengths: 0, 8, 1016, 1024 (bits)
+- AAD Lengths: 0, 8, 1016, 1024 (bits)
+- 96 bit IV supported
+ - AES-XTS:
+
+- Key Size: 128:
+
+- Modes: Decrypt, Encrypt
+- Block Sizes: Full
+ - Key Size: 256:
+
+- Modes: Decrypt, Encrypt
+- Block Sizes: Full
+ |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901
+Version 10.0.15254 |
+
+
+
+- AES-CBC:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CCM:
+
+- Key Lengths: 128, 192, 256 (bits)
+- Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
+- IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
+- Plain Text Length: 0-32
+- AAD Length: 0-65536
+ - AES-CFB128:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CFB8:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-CMAC:
+
+- Generation:
+
+- AES-128:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-192:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-256:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - Verification:
+
+- AES-128:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-192:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-256:
+
+- Block Sizes: Full, Partial
+- Message Length: 0-65536
+- Tag Length: 16-16
+ - AES-CTR:
+
+- Counter Source: Internal
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-ECB:
+
+- Modes: Decrypt, Encrypt
+- Key Lengths: 128, 192, 256 (bits)
+ - AES-GCM:
+
+- Modes: Decrypt, Encrypt
+- IV Generation: External
+- Key Lengths: 128, 192, 256 (bits)
+- Tag Lengths: 96, 104, 112, 120, 128 (bits)
+- Plain Text Lengths: 0, 8, 1016, 1024 (bits)
+- AAD Lengths: 0, 8, 1016, 1024 (bits)
+- 96 bit IV supported
+ - AES-XTS:
+
+- Key Size: 128:
+
+- Modes: Decrypt, Encrypt
+- Block Sizes: Full
+ - Key Size: 256:
+
+- Modes: Decrypt, Encrypt
+- Block Sizes: Full
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897
+Version 10.0.16299 |
+
+
+AES-KW:
+
+- Modes: Decrypt, Encrypt
+- CIPHK transformation direction: Forward
+- Key Lengths: 128, 192, 256 (bits)
+- Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
+
+AES Val#4902 |
+Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900
+Version 10.0.15063.674 |
+
+
+AES-KW:
+
+- Modes: Decrypt, Encrypt
+- CIPHK transformation direction: Forward
+- Key Lengths: 128, 192, 256 (bits)
+- Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
+
+AES Val#4901 |
+Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899
+Version 10.0.15254 |
+
+
+AES-KW:
+
+- Modes: Decrypt, Encrypt
+- CIPHK transformation direction: Forward
+- Key Lengths: 128, 192, 256 (bits)
+- Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
+
+AES Val#4897 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
+Version 10.0.16299 |
+
+
+AES-CCM:
+
+- Key Lengths: 256 (bits)
+- Tag Lengths: 128 (bits)
+- IV Lengths: 96 (bits)
+- Plain Text Length: 0-32
+- AAD Length: 0-65536
+
+AES Val#4902 |
+Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896
+Version 10.0.15063.674 |
+
+
+AES-CCM:
+
+- Key Lengths: 256 (bits)
+- Tag Lengths: 128 (bits)
+- IV Lengths: 96 (bits)
+- Plain Text Length: 0-32
+- AAD Length: 0-65536
+
+AES Val#4901 |
+Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895
+Version 10.0.15254 |
+
+
+AES-CCM:
+
+- Key Lengths: 256 (bits)
+- Tag Lengths: 128 (bits)
+- IV Lengths: 96 (bits)
+- Plain Text Length: 0-32
+- AAD Length: 0-65536
+
+AES Val#4897 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
+Version 10.0.16299 |
+
+
+CBC ( e/d; 128 , 192 , 256 );
+CFB128 ( e/d; 128 , 192 , 256 );
+OFB ( e/d; 128 , 192 , 256 );
+CTR ( int only; 128 , 192 , 256 ) |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627
+Version 10.0.15063 |
+
+
+KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
+AES Val#4624 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626
+Version 10.0.15063 |
+
+
+CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
+AES Val#4624
+ |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625
+Version 10.0.15063 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 );
+CFB128 ( e/d; 128 , 192 , 256 );
+CTR ( int only; 128 , 192 , 256 )
+CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
+GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported
+GMAC_Supported
+XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) ) |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
+Version 10.0.15063 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 ); |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434
+Version 7.00.2872 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 ); |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433
+Version 8.00.6246 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CTR ( int only; 128 , 192 , 256 ) |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431
+Version 7.00.2872 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CTR ( int only; 128 , 192 , 256 ) |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430
+Version 8.00.6246 |
+
+
+CBC ( e/d; 128 , 192 , 256 );
+CFB128 ( e/d; 128 , 192 , 256 );
+OFB ( e/d; 128 , 192 , 256 );
+CTR ( int only; 128 , 192 , 256 ) |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
+Version 10.0.14393 |
+
+
+ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
+CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
+GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported
+XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) ) |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
+Version 10.0.14393 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 );
+ |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
+Version 10.0.14393 |
+
+
+KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )
+AES Val#4064 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062
+Version 10.0.14393 |
+
+
+CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
+AES Val#4064 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061
+Version 10.0.14393 |
+
+
+KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
+AES Val#3629 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652
+Version 10.0.10586 |
+
+
+CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
+AES Val#3629 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653
+Version 10.0.10586 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 );
+ |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
+Version 10.0.10586 |
+
+
+ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
+CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
+GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported
+XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) ) |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
+
+
+Version 10.0.10586 |
+
+
+KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
+AES Val#3497 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507
+Version 10.0.10240 |
+
+
+CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
+AES Val#3497 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498
+Version 10.0.10240 |
+
+
+ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
+CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+CMAC(Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
+GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 0 , 0 ) ; 96BitIV_Supported
+GMAC_Supported
+XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) ) |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
+Version 10.0.10240 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 );
+ |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
+Version 10.0.10240 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 );
+ |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853
+Version 6.3.9600 |
+
+
+CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
+AES Val#2832 |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848
+Version 6.3.9600 |
+
+
+CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
+GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported ;
+OtherIVLen_Supported
+GMAC_Supported |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
+Version 6.3.9600 |
+
+
+CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+AES Val#2197
+CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
+AES Val#2197
+GCM(KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
+(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
+IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
+GMAC_Supported |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216 |
+
+
+CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
+AES Val#2196 |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 );
+CFB128 ( e/d; 128 , 192 , 256 );
+CTR ( int only; 128 , 192 , 256 ) |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 );
+ |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196 |
+
+
+CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+AES Val#1168 |
+Windows Server 2008 R2 and SP1 CNG algorithms #1187
+Windows 7 Ultimate and SP1 CNG algorithms #1178 |
+
+
+CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
+AES Val#1168 |
+Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 );
+ |
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 |
+
+
+GCM
+GMAC |
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed |
+
+
+| CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 ) |
+Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760 |
+
+
+| CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 ) |
+Windows Server 2008 CNG algorithms #757
+Windows Vista Ultimate SP1 CNG algorithms #756 |
+
+
+CBC ( e/d; 128 , 256 );
+CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 ) |
+Windows Vista Ultimate BitLocker Drive Encryption #715
+Windows Vista Ultimate BitLocker Drive Encryption #424 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CFB8 ( e/d; 128 , 192 , 256 ); |
+Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739
+Windows Vista Symmetric Algorithm Implementation #553 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 );
+CTR ( int only; 128 , 192 , 256 ) |
+Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023 |
+
+
+ECB ( e/d; 128 , 192 , 256 );
+CBC ( e/d; 128 , 192 , 256 ); |
+Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818
+Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781
+Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548
+Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516
+Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507
+Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290
+Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224
+Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80
+Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33 |
+
+
+
+
+
+Deterministic Random Bit Generator (DRBG)
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- Counter:
+
+- Modes: AES-256
+- Derivation Function States: Derivation Function not used
+- Prediction Resistance Modes: Not Enabled
+
+Prerequisite: AES #4904 |
+Microsoft Surface Hub Virtual TPM Implementations #1734
+Version 10.0.15063.674 |
+
+
+
+- Counter:
+
+- Modes: AES-256
+- Derivation Function States: Derivation Function not used
+- Prediction Resistance Modes: Not Enabled
+
+Prerequisite: AES #4903 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733
+Version 10.0.16299 |
+
+
+
+- Counter:
+
+- Modes: AES-256
+- Derivation Function States: Derivation Function used
+- Prediction Resistance Modes: Not Enabled
+
+Prerequisite: AES #4902 |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732
+Version 10.0.15063.674 |
+
+
+
+- Counter:
+
+- Modes: AES-256
+- Derivation Function States: Derivation Function used
+- Prediction Resistance Modes: Not Enabled
+
+Prerequisite: AES #4901 |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731
+Version 10.0.15254 |
+
+
+
+- Counter:
+
+- Modes: AES-256
+- Derivation Function States: Derivation Function used
+- Prediction Resistance Modes: Not Enabled
+
+Prerequisite: AES #4897 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730
+Version 10.0.16299 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4627 ) ] |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556
+Version 10.0.15063 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4624 ) ] |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555
+Version 10.0.15063 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4434 ) ] |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433
+Version 7.00.2872 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4433 ) ] |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432
+Version 8.00.6246 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4431 ) ] |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430
+Version 7.00.2872 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4430 ) ] |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429
+Version 8.00.6246 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4074 ) ] |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
+Version 10.0.14393 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4064 ) ] |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217
+Version 10.0.14393 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3629 ) ] |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955
+Version 10.0.10586 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3497 ) ] |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868
+Version 10.0.10240 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2832 ) ] |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
+Version 6.3.9600 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ] |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ] |
+Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193 |
+
+
+| CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ] |
+Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23 |
+
+
+| DRBG (SP 800–90) |
+Windows Vista Ultimate SP1, vendor-affirmed |
+
+
+
+
+
+#### Digital Signature Algorithm (DSA)
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- DSA:
+
+- 186-4:
+
+- PQGGen:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - PQGVer:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - SigGen:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - SigVer:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - KeyPair:
+
+- L = 2048, N = 256
+- L = 3072, N = 256
+
+Prerequisite: SHS #4011, DRBG #1732 |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303
+Version 10.0.15063.674 |
+
+
+
+- DSA:
+
+- 186-4:
+
+- PQGGen:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - PQGVer:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - SigGen:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - SigVer:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - KeyPair:
+
+-
+-
+- L = 2048, N = 256
+- L = 3072, N = 256
+
+Prerequisite: SHS #4010, DRBG #1731 |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302
+Version 10.0.15254 |
+
+
+
+- DSA:
+
+- 186-4:
+
+- PQGGen:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - PQGVer:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - SigGen:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - SigVer:
+
+- L = 2048, N = 256 SHA: SHA-256
+- L = 3072, N = 256 SHA: SHA-256
+ - KeyPair:
+
+- L = 2048, N = 256
+- L = 3072, N = 256
+
+Prerequisite: SHS #4009, DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301
+Version 10.0.16299 |
+
+
+FIPS186-4:
+PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen: [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SHS: Val#3790
+DRBG: Val# 1555 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223
+Version 10.0.15063 |
+
+
+FIPS186-4:
+PQG(ver)PARMS TESTED: [ (1024,160) SHA( 1 ); ]
+SIG(ver)PARMS TESTED: [ (1024,160) SHA( 1 ); ]
+SHS: Val# 3649 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
+Version 7.00.2872 |
+
+
+FIPS186-4:
+PQG(ver)PARMS TESTED: [ (1024,160) SHA( 1 ); ]
+SIG(ver)PARMS TESTED: [ (1024,160) SHA( 1 ); ]
+SHS: Val#3648 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
+Version 8.00.6246 |
+
+
+FIPS186-4:
+PQG(gen)PARMS TESTED: [
+(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen: [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED: [ (2048,256)
+SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SHS: Val# 3347
+DRBG: Val# 1217 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098
+Version 10.0.14393 |
+
+
+FIPS186-4:
+PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]
+KeyPairGen: [ (2048,256) ; (3072,256) ] SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SHS: Val# 3047
+DRBG: Val# 955 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024
+Version 10.0.10586 |
+
+
+FIPS186-4:
+PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen: [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SHS: Val# 2886
+DRBG: Val# 868 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
+Version 10.0.10240 |
+
+
+FIPS186-4:
+PQG(gen)PARMS TESTED: [
+(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED: [ (2048,256)
+SHA( 256 ); (3072,256) SHA( 256 ) ]
+KeyPairGen: [ (2048,256) ; (3072,256) ]
+SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SHS: Val# 2373
+DRBG: Val# 489 |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
+Version 6.3.9600 |
+
+
+FIPS186-2:
+PQG(ver) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: #1903
+DRBG: #258
+FIPS186-4:
+PQG(gen)PARMS TESTED: [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
+PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
+SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
+SHS: #1903
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687. |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687 |
+
+
+FIPS186-2:
+PQG(ver) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: #1902
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686 |
+
+
+FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1773
+DRBG: Val# 193
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645. |
+Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645 |
+
+
+FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1081
+DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386. |
+Windows Server 2008 R2 and SP1 CNG algorithms #391
+Windows 7 Ultimate and SP1 CNG algorithms #386 |
+
+
+FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 1081
+RNG: Val# 649
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385. |
+Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390
+Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385 |
+
+
+FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283. |
+Windows Server 2008 CNG algorithms #284
+Windows Vista Ultimate SP1 CNG algorithms #283 |
+
+
+FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 753
+RNG: Val# 435
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281. |
+Windows Server 2008 Enhanced DSS (DSSENH) #282
+Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281 |
+
+
+FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 618
+RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226. |
+Windows Vista CNG algorithms #227
+Windows Vista Enhanced DSS (DSSENH) #226 |
+
+
+FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 784
+RNG: Val# 448
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292. |
+Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292 |
+
+
+FIPS186-2:
+SIG(ver) MOD(1024);
+SHS: Val# 783
+RNG: Val# 447
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291. |
+Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291 |
+
+
+FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 611
+RNG: Val# 314 |
+Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221 |
+
+
+FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 385 |
+Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146 |
+
+
+FIPS186-2:
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SIG(ver) MOD(1024);
+SHS: Val# 181
+
+ |
+Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95 |
+
+
+FIPS186-2:
+PQG(gen) MOD(1024);
+PQG(ver) MOD(1024);
+KEYGEN(Y) MOD(1024);
+SIG(gen) MOD(1024);
+SHS: SHA-1 (BYTE)
+SIG(ver) MOD(1024);
+SHS: SHA-1 (BYTE) |
+Windows 2000 DSSENH.DLL #29
+Windows 2000 DSSBASE.DLL #28
+Windows NT 4 SP6 DSSENH.DLL #26
+Windows NT 4 SP6 DSSBASE.DLL #25 |
+
+
+FIPS186-2: PRIME;
+FIPS186-2:
+KEYGEN(Y):
+SHS: SHA-1 (BYTE)
+SIG(gen):
+SIG(ver) MOD(1024);
+SHS: SHA-1 (BYTE) |
+Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17 |
+
+
+
+
+
+#### Elliptic Curve Digital Signature Algorithm (ECDSA)
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384, P-521
+- Generation Methods: Extra Random Bits
+ - Public Key Validation:
+
+- Curves: P-256, P-384, P-521
+ - Signature Generation:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+ - Signature Verification:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: SHS #2373, DRBG #489 |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263
+Version 6.3.9600 |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384
+- Generation Methods: Testing Candidates
+
+Prerequisite: SHS #4011, DRBG #1734 |
+Microsoft Surface Hub Virtual TPM Implementations #1253
+Version 10.0.15063.674 |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384
+- Generation Methods: Testing Candidates
+
+Prerequisite: SHS #4009, DRBG #1733 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252
+Version 10.0.16299 |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384, P-521
+- Generation Methods: Extra Random Bits
+ - Public Key Validation:
+
+- Curves: P-256, P-384, P-521
+ - Signature Generation:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+ - Signature Verification:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: SHS #4011, DRBG #1732 |
+Microsoft Surface Hub MsBignum Cryptographic Implementations #1251
+Version 10.0.15063.674 |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384, P-521
+- Generation Methods: Extra Random Bits
+ - Public Key Validation:
+
+- Curves: P-256, P-384, P-521
+ - Signature Generation:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+ - Signature Verification:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: SHS #4011, DRBG #1732 |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250
+Version 10.0.15063.674 |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384, P-521
+- Generation Methods: Extra Random Bits
+ - Public Key Validation:
+
+- Curves: P-256, P-384, P-521
+ - Signature Generation:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+ - Signature Verification:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: SHS #4010, DRBG #1731 |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249
+Version 10.0.15254 |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384, P-521
+- Generation Methods: Extra Random Bits
+ - Public Key Validation:
+
+- Curves: P-256, P-384, P-521
+ - Signature Generation:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+ - Signature Verification:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: SHS #4010, DRBG #1731 |
+Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248
+Version 10.0.15254 |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384, P-521
+- Generation Methods: Extra Random Bits
+ - Public Key Validation:
+
+- Curves: P-256, P-384, P-521
+ - Signature Generation:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+ - Signature Verification:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: SHS #4009, DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247
+Version 10.0.16299 |
+
+
+
+- ECDSA:
+
+- 186-4:
+
+- Key Pair Generation:
+
+- Curves: P-256, P-384, P-521
+- Generation Methods: Extra Random Bits
+ - Public Key Validation:
+
+- Curves: P-256, P-384, P-521
+ - Signature Generation:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+ - Signature Verification:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: SHS #4009, DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246
+Version 10.0.16299 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 TestingCandidates )
+SHS: Val#3790
+DRBG: Val# 1555 |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136
+Version 10.0.15063 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#3790
+DRBG: Val# 1555 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135
+Version 10.0.15063 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#3790
+DRBG: Val# 1555 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133
+Version 10.0.15063 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
+SHS:Val# 3649
+DRBG:Val# 1430 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073
+Version 7.00.2872 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
+SHS:Val#3648
+DRBG:Val# 1429 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072
+Version 8.00.6246 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 TestingCandidates )
+PKV: CURVES( P-256 P-384 )
+SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )
+SHS: Val# 3347
+DRBG: Val# 1222 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
+Version 10.0.14393 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+PKV: CURVES( P-256 P-384 P-521 )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val# 3347
+DRBG: Val# 1217 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911
+Version 10.0.14393 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val# 3047
+DRBG: Val# 955 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760
+Version 10.0.10586 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val# 2886
+DRBG: Val# 868 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706
+Version 10.0.10240 |
+
+
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#2373
+DRBG: Val# 489 |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
+Version 6.3.9600 |
+
+
+FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: #1903
+DRBG: #258
+SIG(ver):CURVES( P-256 P-384 P-521 )
+SHS: #1903
+DRBG: #258
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: #1903
+DRBG: #258
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341. |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341 |
+
+
+FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#1773
+DRBG: Val# 193
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#1773
+DRBG: Val# 193
+FIPS186-4:
+PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
+SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
+SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
+SHS: Val#1773
+DRBG: Val# 193
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295. |
+Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295 |
+
+
+FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#1081
+DRBG: Val# 23
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#1081
+DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141. |
+Windows Server 2008 R2 and SP1 CNG algorithms #142
+Windows 7 Ultimate and SP1 CNG algorithms #141 |
+
+
+FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#753
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82. |
+Windows Server 2008 CNG algorithms #83
+Windows Vista Ultimate SP1 CNG algorithms #82 |
+
+
+FIPS186-2:
+PKG: CURVES( P-256 P-384 P-521 )
+SHS: Val#618
+RNG: Val# 321
+SIG(ver): CURVES( P-256 P-384 P-521 )
+SHS: Val#618
+RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60. |
+Windows Vista CNG algorithms #60 |
+
+
+
+
+
+#### Keyed-Hash Message Authentication Code (HMAC)
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- HMAC-SHA-1:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-256:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-384:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+
+Prerequisite: SHS #4011 |
+Microsoft Surface Hub Virtual TPM Implementations #3271
+Version 10.0.15063.674 |
+
+
+
+- HMAC-SHA-1:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-256:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-384:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+
+Prerequisite: SHS #4009 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270
+Version 10.0.16299 |
+
+
+
+- HMAC-SHA-1:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-256:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-384:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-512:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+
+Prerequisite: SHS #4011 |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269
+Version 10.0.15063.674 |
+
+
+
+- HMAC-SHA-1:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-256:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-384:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-512:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+
+Prerequisite: SHS #4010 |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268
+Version 10.0.15254 |
+
+
+
+- HMAC-SHA-1:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-256:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-384:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+ - HMAC-SHA2-512:
+
+- Key Sizes < Block Size
+- Key Sizes > Block Size
+- Key Sizes = Block Size
+
+Prerequisite: SHS #4009 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267
+Version 10.0.16299 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3790
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790 |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062
+Version 10.0.15063 |
+
+
+HMAC-SHA1(Key Sizes Ranges Tested: KSBS ) SHS Val#3790
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#3790 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061
+Version 10.0.15063 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3652
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3652
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3652
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3652 |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946
+Version 7.00.2872 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3651
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3651
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3651
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3651 |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945
+Version 8.00.6246 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3649
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal# 3649 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943
+Version 7.00.2872 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3648
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3648
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3648
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3648 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942
+Version 8.00.6246 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
+SHS Val# 3347
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
+SHS Val# 3347
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
+SHS Val# 3347 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
+Version 10.0.14393 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3347
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651
+Version 10.0.14393 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
+SHS Val# 3047
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
+SHS Val# 3047
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
+SHS Val# 3047
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
+SHS Val# 3047 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381
+Version 10.0.10586 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
+SHSVal# 2886
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
+SHSVal# 2886
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
+ SHSVal# 2886
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
+SHSVal# 2886 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233
+Version 10.0.10240 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
+SHS Val#2373
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
+SHS Val#2373
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
+SHS Val#2373
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
+SHS Val#2373 |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
+Version 6.3.9600 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#2764
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#2764 |
+Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122
+Version 5.2.29344 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902
+HMAC-SHA256 ( Key Size Ranges Tested: KS#1902 |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS#1902
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS#1902
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS#1902
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS#1902 |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
+SHS#1903
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
+SHS#1903
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
+SHS#1903
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
+SHS#1903 |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1773
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
+Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1773 |
+Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1774
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1774 |
+Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1081
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1081 |
+Windows Server 2008 R2 and SP1 CNG algorithms #686
+Windows 7 and SP1 CNG algorithms #677
+Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687
+Windows 7 Enhanced Cryptographic Provider (RSAENH) #673 |
+
+
+HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081
+HMAC-SHA256 ( Key Size Ranges Tested: KSVal#1081 |
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#816
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#816
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#816
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#816 |
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753
+HMAC-SHA256 ( Key Size Ranges Tested: KSVal#753 |
+Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS )SHS Val#753 |
+Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408
+Windows Vista Enhanced Cryptographic Provider (RSAENH) #407 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHSVal#618
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618 |
+Windows Vista Enhanced Cryptographic Provider (RSAENH) #297 |
+
+
+| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#785 |
+Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429
+Windows XP, vendor-affirmed |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#783
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#783
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#783
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#783 |
+Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#613
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#613
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#613
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#613 |
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289 |
+
+
+| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#610 |
+Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#753 |
+Windows Server 2008 CNG algorithms #413
+Windows Vista Ultimate SP1 CNG algorithms #412 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737
+HMAC-SHA256 ( Key Size Ranges Tested: KSVal#737 |
+Windows Vista Ultimate BitLocker Drive Encryption #386 |
+
+
+HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#618
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618 |
+Windows Vista CNG algorithms #298 |
+
+
+HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#589
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHSVal#589
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#589
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#589 |
+Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267 |
+
+
+HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#578
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#578
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#578
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#578 |
+Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260 |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495
+HMAC-SHA256 ( Key Size Ranges Tested: KSVal#495 |
+Windows Vista BitLocker Drive Encryption #199 |
+
+
+| HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#364 |
+Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99
+Windows XP, vendor-affirmed |
+
+
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#305
+HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#305
+HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#305
+HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#305 |
+Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31 |
+
+
+
+
+
+#### Key Agreement Scheme (KAS)
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- KAS ECC:
+
+- Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
+- Schemes:
+
+- Full Unified:
+
+- Key Agreement Roles: Initiator, Responder
+- KDFs: Concatenation
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+
+Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734 |
+Microsoft Surface Hub Virtual TPM Implementations #150
+Version 10.0.15063.674 |
+
+
+
+- KAS ECC:
+
+- Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
+- Schemes:
+
+- Full Unified:
+
+- Key Agreement Roles: Initiator, Responder
+- KDFs: Concatenation
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+
+Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149
+Version 10.0.16299 |
+
+
+
+- KAS ECC:
+
+- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
+- Schemes:
+
+- Ephemeral Unified:
+
+- Key Agreement Roles: Initiator, Responder
+- KDFs: Concatenation
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+ - One Pass DH:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+ - Static Unified:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+
+Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732
+
+- KAS FFC:
+
+- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
+- Schemes:
+
+- dhEphem:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - dhOneFlow:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - dhStatic:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+
+Prerequisite: SHS #4011, DSA #1303, DRBG #1732 |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #148
+Version 10.0.15063.674 |
+
+
+
+- KAS ECC:
+
+- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
+- Schemes:
+
+- Ephemeral Unified:
+
+- Key Agreement Roles: Initiator, Responder
+- KDFs: Concatenation
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+ - One Pass DH:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+ - Static Unified:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+
+Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731
+
+- KAS FFC:
+
+- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
+- Schemes:
+
+- dhEphem:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - dhOneFlow:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - dhStatic:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+
+Prerequisite: SHS #4010, DSA #1302, DRBG #1731 |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147
+Version 10.0.15254 |
+
+
+
+- KAS ECC:
+
+- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
+- Schemes:
+
+- Ephemeral Unified:
+
+- Key Agreement Roles: Initiator, Responder
+- KDFs: Concatenation
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+ - One Pass DH:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+ - Static Unified:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- EC:
+
+- Curve: P-256
+- SHA: SHA-256
+- MAC: HMAC
+ - ED:
+
+- Curve: P-384
+- SHA: SHA-384
+- MAC: HMAC
+ - EE:
+
+- Curve: P-521
+- SHA: SHA-512
+- MAC: HMAC
+
+Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730
+
+- KAS FFC:
+
+- Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
+- Schemes:
+
+- dhEphem:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - dhOneFlow:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - dhStatic:
+
+- Key Agreement Roles: Initiator, Responder
+- Parameter Sets:
+
+- FB:
+
+- SHA: SHA-256
+- MAC: HMAC
+ - FC:
+
+- SHA: SHA-256
+- MAC: HMAC
+
+Prerequisite: SHS #4009, DSA #1301, DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146
+Version 10.0.16299 |
+
+
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration ) SCHEMES [ FullUnified ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ]
+SHS Val#3790
+DSA Val#1135
+DRBG Val#1556 |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128
+Version 10.0.15063 |
+
+
+FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS Val#3790
+DSA Val#1223
+DRBG Val#1555
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS Val#3790
+ECDSA Val#1133
+DRBG Val#1555 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127
+Version 10.0.15063 |
+
+
+FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS Val# 3649
+DSA Val#1188
+DRBG Val#1430
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ] |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115
+Version 7.00.2872 |
+
+
+FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhHybridOneFlow ( No_KC < KARole(s): Initiator / Responder> ) ( FB:SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FB:SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS Val#3648
+DSA Val#1187
+DRBG Val#1429
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS Val#3648
+ECDSA Val#1072
+DRBG Val#1429 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114
+Version 8.00.6246 |
+
+
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration )
+SCHEMES [ FullUnified ( No_KC < KARole(s): Initiator / Responder > < KDF: CONCAT > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ]
+SHS Val# 3347 ECDSA Val#920 DRBG Val#1222 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
+Version 10.0.14393 |
+
+
+FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation )
+SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic (No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS Val# 3347 DSA Val#1098 DRBG Val#1217
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92
+Version 10.0.14393 |
+
+
+FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS Val# 3047 DSA Val#1024 DRBG Val#955
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+SHS Val# 3047 ECDSA Val#760 DRBG Val#955 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72
+Version 10.0.10586 |
+
+
+FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS Val# 2886 DSA Val#983 DRBG Val#868
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+SHS Val# 2886 ECDSA Val#706 DRBG Val#868 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64
+Version 10.0.10240 |
+
+
+FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC < KARole(s): Initiator / Responder > ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS Val#2373 DSA Val#855 DRBG Val#489
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder > ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+SHS Val#2373 ECDSA Val#505 DRBG Val#489 |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
+Version 6.3.9600 |
+
+
+FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
+( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
+[ dhStatic ( No_KC < KARole(s): Initiator / Responder> ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
+SHS #1903 DSA Val#687 DRBG #258
+ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
+[ OnePassDH( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
+[ StaticUnified ( No_KC < KARole(s): Initiator / Responder> ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
+
+SHS #1903 ECDSA Val#341 DRBG #258 |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36 |
+
+
+KAS (SP 800–56A)
+key agreement
+key establishment methodology provides 80 to 256 bits of encryption strength |
+Windows 7 and SP1, vendor-affirmed
+Windows Server 2008 R2 and SP1, vendor-affirmed |
+
+
+
+
+
+SP 800-108 Key-Based Key Derivation Functions (KBKDF)
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- Counter:
+
+- MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
+
+MAC prerequisite: HMAC #3271
+
+
+- Counter Location: Before Fixed Data
+- R Length: 32 (bits)
+- SPs used to generate K: SP 800-56A, SP 800-90A
+
+ K prerequisite: DRBG #1734, KAS #150 |
+Microsoft Surface Hub Virtual TPM Implementations #161
+Version 10.0.15063.674 |
+
+
+
+- Counter:
+
+- MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
+
+MAC prerequisite: HMAC #3270
+
+
+- Counter Location: Before Fixed Data
+- R Length: 32 (bits)
+- SPs used to generate K: SP 800-56A, SP 800-90A
+
+ K prerequisite: DRBG #1733, KAS #149 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160
+Version 10.0.16299 |
+
+
+
+- Counter:
+
+- MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
+
+MAC prerequisite: AES #4902, HMAC #3269
+
+
+- Counter Location: Before Fixed Data
+- R Length: 32 (bits)
+- SPs used to generate K: SP 800-56A, SP 800-90A
+- K prerequisite: KAS #148
+
+ |
+Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159
+Version 10.0.15063.674 |
+
+
+
+- Counter:
+
+- MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
+
+MAC prerequisite: AES #4901, HMAC #3268
+
+
+- Counter Location: Before Fixed Data
+- R Length: 32 (bits)
+- SPs used to generate K: SP 800-56A, SP 800-90A
+
+ K prerequisite: KAS #147 |
+Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158
+Version 10.0.15254 |
+
+
+
+- Counter:
+
+- MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
+
+MAC prerequisite: AES #4897, HMAC #3267
+
+
+- Counter Location: Before Fixed Data
+- R Length: 32 (bits)
+- SPs used to generate K: SP 800-56A, SP 800-90A
+
+ K prerequisite: KAS #146 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157
+Version 10.0.16299 |
+
+
+CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+
+KAS Val#128
+DRBG Val#1556
+MAC Val#3062 |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141
+Version 10.0.15063 |
+
+
+CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+
+KAS Val#127
+AES Val#4624
+DRBG Val#1555
+MAC Val#3061 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140
+Version 10.0.15063 |
+
+
+CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+KAS Val#93 DRBG Val#1222 MAC Val#2661 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
+Version 10.0.14393 |
+
+
+CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101
+Version 10.0.14393 |
+
+
+CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72
+Version 10.0.10586 |
+
+
+CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66
+Version 10.0.10240 |
+
+
+CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+DRBG Val#489 MAC Val#1773 |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
+Version 6.3.9600 |
+
+
+CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
+DRBG #258 HMAC Val#1345 |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3 |
+
+
+
+
+
+Random Number Generator (RNG)
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+FIPS 186-2 General Purpose
+[ (x-Original); (SHA-1) ] |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110 |
+
+
+FIPS 186-2
+[ (x-Original); (SHA-1) ] |
+Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060
+Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292
+Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286
+Windows CE 5.00 and Window CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66 |
+
+
+FIPS 186-2
+[ (x-Change Notice); (SHA-1) ]
+FIPS 186-2 General Purpose
+[ (x-Change Notice); (SHA-1) ] |
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649
+Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435
+Windows Vista RNG implementation #321 |
+
+
+FIPS 186-2 General Purpose
+[ (x-Change Notice); (SHA-1) ] |
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470
+Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449
+Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316
+Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313 |
+
+
+FIPS 186-2
+[ (x-Change Notice); (SHA-1) ] |
+Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448
+Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314 |
+
+
+
+
+
+#### RSA
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+RSA:
+
+- 186-4:
+
+- Signature Generation PKCS1.5:
+
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384
+ - Signature Generation PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+ - Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384
+ - Signature Verification PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+
+Prerequisite: SHS #4011, DRBG #1734 |
+Microsoft Surface Hub Virtual TPM Implementations #2677
+Version 10.0.15063.674 |
+
+
+RSA:
+
+- 186-4:
+
+- Signature Generation PKCS1.5:
+
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384
+ - Signature Generation PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 240 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+ - Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384
+ - Signature Verification PSS:
+
+- Mod 1024:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+ - Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+
+Prerequisite: SHS #4009, DRBG #1733 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676
+Version 10.0.16299 |
+
+
+RSA:
+
+- 186-4:
+
+- Key Generation:
+- Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+
+Prerequisite: SHS #4011, DRBG #1732 |
+Microsoft Surface Hub RSA32 Algorithm Implementations #2675
+Version 10.0.15063.674 |
+
+
+RSA:
+
+- 186-4:
+
+- Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+
+Prerequisite: SHS #4009, DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674
+Version 10.0.16299 |
+
+
+RSA:
+
+- 186-4:
+
+- Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+
+Prerequisite: SHS #4010, DRBG #1731 |
+Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673
+Version 10.0.15254 |
+
+
+RSA:
+
+- 186-4:
+
+- Key Generation:
+
+- Public Key Exponent: Fixed (10001)
+- Provable Primes with Conditions:
+
+- Mod lengths: 2048, 3072 (bits)
+- Primality Tests: C.3
+ - Signature Generation PKCS1.5:
+
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Generation PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Verification PSS:
+
+- Mod 1024:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 496 (bits)
+ - Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+
+Prerequisite: SHS #4011, DRBG #1732 |
+Microsoft Surface Hub MsBignum Cryptographic Implementations #2672
+Version 10.0.15063.674 |
+
+
+RSA:
+
+- 186-4:
+
+- Key Generation:
+
+- Probable Random Primes:
+
+- Mod lengths: 2048, 3072 (bits)
+- Primality Tests: C.2
+ - Signature Generation PKCS1.5:
+
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Generation PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Verification PSS:
+
+- Mod 1024:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 496 (bits)
+ - Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+
+Prerequisite: SHS #4011, DRBG #1732 |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671
+Version 10.0.15063.674 |
+
+
+RSA:
+
+- 186-4:
+
+- Key Generation:
+
+- Probable Random Primes:
+
+- Mod lengths: 2048, 3072 (bits)
+- Primality Tests: C.2
+ - Signature Generation PKCS1.5:
+
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Generation PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Verification PSS:
+
+- Mod 1024:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 496 (bits)
+ - Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+
+Prerequisite: SHS #4010, DRBG #1731 |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670
+Version 10.0.15254 |
+
+
+RSA:
+
+- 186-4:
+
+- Key Generation:
+
+- Public Key Exponent: Fixed (10001)
+- Provable Primes with Conditions:
+
+- Mod lengths: 2048, 3072 (bits)
+- Primality Tests: C.3
+ - Signature Generation PKCS1.5:
+
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Generation PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Verification PSS:
+
+- Mod 1024:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 496 (bits)
+ - Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+
+Prerequisite: SHS #4010, DRBG #1731 |
+Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669
+Version 10.0.15254 |
+
+
+
+- 186-4:
+
+- Key Generation:
+
+- Public Key Exponent: Fixed (10001)
+- Provable Primes with Conditions:
+
+- Mod lengths: 2048, 3072 (bits)
+- Primality Tests: C.3
+ - Signature Generation PKCS1.5:
+
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Generation PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Verification PSS:
+
+- Mod 1024:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 496 (bits)
+ - Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+
+Prerequisite: SHS #4009, DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668
+Version 10.0.16299 |
+
+
+
+- 186-4:
+
+- Key Generation:
+
+- Probable Random Primes:
+
+- Mod lengths: 2048, 3072 (bits)
+- Primality Tests: C.2
+ - Signature Generation PKCS1.5:
+
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Generation PSS:
+
+- Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Signature Verification PKCS1.5:
+
+- Mod 1024 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 2048 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+- Mod 3072 SHA: SHA-1, SHA-256, SHA-384, SHA-512
+ - Signature Verification PSS:
+
+- Mod 1024:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 496 (bits)
+ - Mod 2048:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+ - Mod 3072:
+
+- SHA-1: Salt Length: 160 (bits)
+- SHA-256: Salt Length: 256 (bits)
+- SHA-384: Salt Length: 384 (bits)
+- SHA-512: Salt Length: 512 (bits)
+
+Prerequisite: SHS #4009, DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667
+Version 10.0.16299 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
+SHA Val#3790 |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524
+Version 10.0.15063 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3790 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523
+Version 10.0.15063 |
+
+
+FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val#3790
+DRBG: Val# 1555 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522
+Version 10.0.15063 |
+
+
+FIPS186-4:
+186-4KEY(gen):
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val#3790 |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521
+Version 10.0.15063 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
+FIPS186-4:
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
+SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3652 |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415
+Version 7.00.2872 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
+FIPS186-4:
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
+SIG(gen) with SHA-1 affirmed for use with protocols only. Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3651 |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414
+Version 8.00.6246 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val# 3649 , SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
+FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val# 3649
+DRBG: Val# 1430 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412
+Version 7.00.2872 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
+FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e (10001) ;
+PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+ SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3648
+DRBG: Val# 1429 |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411
+Version 8.00.6246 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
+Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
+SHA Val# 3347 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
+Version 10.0.14393 |
+
+
+FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+SHA Val# 3347 DRBG: Val# 1217 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195
+Version 10.0.14393 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3346 |
+soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194
+Version 10.0.14393 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val# 3347 DRBG: Val# 1217 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193
+Version 10.0.14393 |
+
+
+FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val# 3347 DRBG: Val# 1217 |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192
+Version 10.0.14393 |
+
+
+FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+SHA Val# 3047 DRBG: Val# 955 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889
+Version 10.0.10586 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#3048 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871
+Version 10.0.10586 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val# 3047 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888
+Version 10.0.10586 |
+
+
+FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val# 3047 |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887
+Version 10.0.10586 |
+
+
+FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ( 10001 ) ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+SHA Val# 2886 DRBG: Val# 868 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798
+Version 10.0.10240 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#2871 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784
+Version 10.0.10240 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#2871 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783
+Version 10.0.10240 |
+
+
+FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val# 2886 |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802
+Version 10.0.10240 |
+
+
+FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e ;
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+SHA Val#2373 DRBG: Val# 489 |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
+Version 6.3.9600 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#2373 |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494
+Version 6.3.9600 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
+SHA Val#2373 |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
+Version 6.3.9600 |
+
+
+FIPS186-4:
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+ Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
+SHA Val#2373 |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
+Version 6.3.9600 |
+
+
+FIPS186-4:
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
+SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
+[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
+Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
+SHA #1903
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134. |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134 |
+
+
+FIPS186-4:
+186-4KEY(gen): FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
+PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
+SHA #1903 DRBG: #258 |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132. |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052. |
+Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051. |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568. |
+Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560. |
+Windows Server 2008 R2 and SP1 CNG algorithms #567
+Windows 7 and SP1 CNG algorithms #560 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559. |
+Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557. |
+Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395. |
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371. |
+Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357. |
+Windows Server 2008 CNG algorithms #358
+Windows Vista SP1 CNG algorithms #357 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354. |
+Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355
+Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353. |
+Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258. |
+Windows Vista RSA key generation implementation #258 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257. |
+Windows Vista CNG algorithms #257 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255. |
+Windows Vista Enhanced Cryptographic Provider (RSAENH) #255 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245. |
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230. |
+Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222. |
+Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222 |
+
+
+FIPS186-2:
+ALG[RSASSA-PKCS1_V1_5]:
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81. |
+Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81 |
+
+
+FIPS186-2:
+ALG[ANSIX9.31]:
+SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
+SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
+Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52. |
+Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52 |
+
+
+FIPS186-2:
+– PKCS#1 v1.5, signature generation and verification
+– Mod sizes: 1024, 1536, 2048, 3072, 4096
+– SHS: SHA–1/256/384/512 |
+Windows XP, vendor-affirmed
+Windows 2000, vendor-affirmed |
+
+
+
+
+
+#### Secure Hash Standard (SHS)
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- SHA-1:
+
+- Supports Empty Message
+ - SHA-256:
+
+- Supports Empty Message
+ - SHA-384:
+
+- Supports Empty Message
+ - SHA-512:
+
+- Supports Empty Message
+ |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011
+Version 10.0.15063.674 |
+
+
+
+- SHA-1:
+
+- Supports Empty Message
+ - SHA-256:
+
+- Supports Empty Message
+ - SHA-384:
+
+- Supports Empty Message
+ - SHA-512:
+
+- Supports Empty Message
+ |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010
+Version 10.0.15254 |
+
+
+
+- SHA-1:
+
+- Supports Empty Message
+ - SHA-256:
+
+- Supports Empty Message
+ - SHA-384:
+
+- Supports Empty Message
+ - SHA-512:
+
+- Supports Empty Message
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009
+Version 10.0.16299 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790
+Version 10.0.15063 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652
+Version 7.00.2872 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651
+Version 8.00.6246 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649
+Version 7.00.2872 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648
+Version 8.00.6246 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347
+Version 10.0.14393 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346
+Version 10.0.14393 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048
+Version 10.0.10586 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047
+Version 10.0.10586 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886
+Version 10.0.10240 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871
+Version 10.0.10240 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396
+Version 6.3.9600 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
+Version 6.3.9600 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only)
+Implementation does not support zero-length (null) messages. |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774
+Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816 |
+
+
+| SHA-1 (BYTE-only) |
+Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785
+Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753
+Windows Vista Symmetric Algorithm Implementation #618 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only) |
+Windows Vista BitLocker Drive Encryption #737
+Windows Vista Beta 2 BitLocker Drive Encryption #495 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613
+Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364 |
+
+
+| SHA-1 (BYTE-only) |
+Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611
+Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610
+Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385
+Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371
+Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181
+Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177
+Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176 |
+
+
+SHA-1 (BYTE-only)
+SHA-256 (BYTE-only)
+SHA-384 (BYTE-only)
+SHA-512 (BYTE-only) |
+Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589
+Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578
+Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305 |
+
+
+| SHA-1 (BYTE-only) |
+Windows XP Microsoft Enhanced Cryptographic Provider #83
+Crypto Driver for Windows 2000 (fips.sys) #35
+Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32
+Windows 2000 RSAENH.DLL #24
+Windows 2000 RSABASE.DLL #23
+Windows NT 4 SP6 RSAENH.DLL #21
+Windows NT 4 SP6 RSABASE.DLL #20 |
+
+
+
+
+
+#### Triple DES
+
+
+
+
+
+
+
+
+| Modes / States / Key Sizes |
+Algorithm Implementation and Certificate # |
+
+
+
+- TDES-CBC:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-CFB64:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-CFB8:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-ECB:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558
+Version 10.0.15063.674 |
+
+
+
+- TDES-CBC:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-CFB64:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-CFB8:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-ECB:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557
+Version 10.0.15254 |
+
+
+
+- TDES-CBC:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-CFB64:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-CFB8:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ - TDES-ECB:
+
+- Modes: Decrypt, Encrypt
+- Keying Option: 1
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556
+Version 10.0.16299 |
+
+
+| TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, ) |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
+Version 10.0.15063 |
+
+
+TECB( KO 1 e/d, ) ;
+TCBC( KO 1 e/d, ) |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
+Version 8.00.6246 |
+
+
+TECB( KO 1 e/d, ) ;
+TCBC( KO 1 e/d, ) |
+Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
+Version 8.00.6246 |
+
+
+TECB( KO 1 e/d, ) ;
+TCBC( KO 1 e/d, ) ;
+CTR ( int only ) |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
+Version 7.00.2872 |
+
+
+TECB( KO 1 e/d, ) ;
+TCBC( KO 1 e/d, ) |
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
+Version 8.00.6246 |
+
+
+TECB( KO 1 e/d, ) ;
+TCBC( KO 1 e/d, ) ;
+TCFB8( KO 1 e/d, ) ;
+TCFB64( KO 1 e/d, ) |
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
+
+
+Version 10.0.14393 |
+
+
+TECB( KO 1 e/d, ) ;
+TCBC( KO 1 e/d, ) ;
+TCFB8( KO 1 e/d, ) ;
+TCFB64( KO 1 e/d, ) |
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
+
+
+Version 10.0.10586 |
+
+
+TECB( KO 1 e/d, ) ;
+TCBC( KO 1 e/d, ) ;
+TCFB8( KO 1 e/d, ) ;
+TCFB64( KO 1 e/d, ) |
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
+
+
+Version 10.0.10240 |
+
+
+TECB( KO 1 e/d, ) ;
+TCBC( KO 1 e/d, ) ;
+TCFB8( KO 1 e/d, ) ;
+TCFB64( KO 1 e/d, ) |
+Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
+Version 6.3.9600 |
+
+
+TECB( e/d; KO 1,2 ) ;
+TCBC( e/d; KO 1,2 ) ;
+TCFB8( e/d; KO 1,2 ) ;
+TCFB64( e/d; KO 1,2 ) |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387 |
+
+
+TECB( e/d; KO 1,2 ) ;
+TCBC( e/d; KO 1,2 ) ;
+TCFB8( e/d; KO 1,2 ) |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386 |
+
+
+TECB( e/d; KO 1,2 ) ;
+TCBC( e/d; KO 1,2 ) ;
+TCFB8( e/d; KO 1,2 ) |
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846 |
+
+
+TECB( e/d; KO 1,2 ) ;
+TCBC( e/d; KO 1,2 ) ;
+TCFB8( e/d; KO 1,2 ) |
+Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656 |
+
+
+TECB( e/d; KO 1,2 ) ;
+TCBC( e/d; KO 1,2 ) ;
+TCFB8( e/d; KO 1,2 ) |
+Windows Vista Symmetric Algorithm Implementation #549 |
+
+
+| Triple DES MAC |
+Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmed
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed |
+
+
+TECB( e/d; KO 1,2 ) ;
+TCBC( e/d; KO 1,2 ) |
+Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308
+Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691
+Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677
+Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676
+Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675
+Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544
+Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543
+Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542
+Windows CE 6.0 and Window CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526
+Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517
+Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381
+Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370
+Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365
+Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315
+Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201
+Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199
+Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192
+Windows XP Microsoft Enhanced Cryptographic Provider #81
+Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18
+Crypto Driver for Windows 2000 (fips.sys) #16 |
+
+
+
+
+
+#### SP 800-132 Password Based Key Derivation Function (PBKDF)
+
+
+
+ |
+ Modes / States / Key Sizes
+ |
+
+ Algorithm Implementation and Certificate #
+ |
+
+
+ |
+ PBKDF (vendor affirmed) |
+
+ Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937
(Software Version: 10.0.14393)
+ Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)
+ Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935
(Software Version: 10.0.14393)
+ Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2931
(Software Version: 10.0.14393)
+ |
+
+
+ |
+ PBKDF (vendor affirmed) |
+
+ Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936
(Software Version: 10.0.14393)
+ Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed
+ |
+
+
+
+
+#### Component Validation List
+
+
+
+
+
+
+
+
+| Publication / Component Validated / Description |
+Implementation and Certificate # |
+
+
+
+- ECDSA SigGen:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: DRBG #489 |
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540
+Version 6.3.9600 |
+
+
+
+- RSASP1:
+
+- Modulus Size: 2048 (bits)
+- Padding Algorithms: PKCS 1.5
+ |
+Microsoft Surface Hub Virtual TPM Implementations #1519
+Version 10.0.15063.674 |
+
+
+
+- RSASP1:
+
+- Modulus Size: 2048 (bits)
+- Padding Algorithms: PKCS 1.5
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518
+Version 10.0.16299 |
+
+
+
+- RSADP:
+
+- Modulus Size: 2048 (bits)
+ |
+Microsoft Surface Hub MsBignum Cryptographic Implementations #1517
+Version 10.0.15063.674 |
+
+
+
+- RSASP1:
+
+- Modulus Size: 2048 (bits)
+- Padding Algorithms: PKCS 1.5
+ |
+Microsoft Surface Hub MsBignum Cryptographic Implementations #1516
+Version 10.0.15063.674 |
+
+
+
+- ECDSA SigGen:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+ Prerequisite: DRBG #1732 |
+Microsoft Surface Hub MsBignum Cryptographic Implementations #1515
+Version 10.0.15063.674 |
+
+
+
+- ECDSA SigGen:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: DRBG #1732 |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514
+Version 10.0.15063.674 |
+
+
+
+- RSADP:
+
+- Modulus Size: 2048 (bits)
+ |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513
+Version 10.0.15063.674 |
+
+
+
+- RSASP1:
+
+- Modulus Size: 2048 (bits)
+- Padding Algorithms: PKCS 1.5
+ |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512
+Version 10.0.15063.674 |
+
+
+
+- IKEv1:
+
+- Methods: Digital Signature, Pre-shared Key, Public Key Encryption
+- Pre-shared Key Length: 64-2048
+- Diffie-Hellman shared secrets:
+
+- Diffie-Hellman shared secret:
+
+- Length: 2048 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 256 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 384 (bits)
+- SHA Functions: SHA-384
+
+Prerequisite: SHS #4011, HMAC #3269
+
+- IKEv2:
+
+- Derived Keying Material length: 192-1792
+- Diffie-Hellman shared secrets:
+
+- Diffie-Hellman shared secret:
+
+- Length: 2048 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 256 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 384 (bits)
+- SHA Functions: SHA-384
+
+Prerequisite: SHS #4011, HMAC #3269
+
+- TLS:
+
+- Supports TLS 1.0/1.1
+- Supports TLS 1.2:
+
+- SHA Functions: SHA-256, SHA-384
+
+Prerequisite: SHS #4011, HMAC #3269 |
+Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511
+Version 10.0.15063.674 |
+
+
+
+- ECDSA SigGen:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: DRBG #1731 |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510
+Version 10.0.15254 |
+
+
+
+- RSADP:
+
+- Modulus Size: 2048 (bits)
+ |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509
+Version 10.0.15254 |
+
+
+
+- RSASP1:
+
+- Modulus Size: 2048 (bits)
+- Padding Algorithms: PKCS 1.5
+ |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508
+Version 10.0.15254 |
+
+
+
+- IKEv1:
+
+- Methods: Digital Signature, Pre-shared Key, Public Key Encryption
+- Pre-shared Key Length: 64-2048
+- Diffie-Hellman shared secrets:
+
+- Diffie-Hellman shared secret:
+
+- Length: 2048 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 256 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 384 (bits)
+- SHA Functions: SHA-384
+
+Prerequisite: SHS #4010, HMAC #3268
+
+- IKEv2:
+
+- Derived Keying Material length: 192-1792
+- Diffie-Hellman shared secrets:
+
+- Diffie-Hellman shared secret:
+
+- Length: 2048 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 256 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 384 (bits)
+- SHA Functions: SHA-384
+
+Prerequisite: SHS #4010, HMAC #3268
+
+- TLS:
+
+- Supports TLS 1.0/1.1
+- Supports TLS 1.2:
+
+- SHA Functions: SHA-256, SHA-384
+
+Prerequisite: SHS #4010, HMAC #3268 |
+Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507
+Version 10.0.15254 |
+
+
+
+- ECDSA SigGen:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: DRBG #1731 |
+Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506
+Version 10.0.15254 |
+
+
+
+- RSADP:
+
+- Modulus Size: 2048 (bits)
+ |
+Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505
+Version 10.0.15254 |
+
+
+
+- RSASP1:
+
+- Modulus Size: 2048 (bits)
+- Padding Algorithms: PKCS 1.5
+ |
+Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504
+Version 10.0.15254 |
+
+
+
+- ECDSA SigGen:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503
+Version 10.0.16299 |
+
+
+
+- RSADP:
+
+- Modulus Size: 2048 (bits)
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502
+Version 10.0.16299 |
+
+
+
+- RSASP1:
+
+- Modulus Size: 2048 (bits)
+- Padding Algorithms: PKCS 1.5
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501
+Version 10.0.16299 |
+
+
+
+- ECDSA SigGen:
+
+- P-256 SHA: SHA-256
+- P-384 SHA: SHA-384
+- P-521 SHA: SHA-512
+
+Prerequisite: DRBG #1730 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499
+Version 10.0.16299 |
+
+
+
+- RSADP:
+
+- Modulus Size: 2048 (bits)
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498
+Version 10.0.16299
+ |
+
+
+
+- RSASP1:
+
+- Modulus Size: 2048 (bits)
+- Padding Algorithms: PKCS 1.5
+ |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1497
+Version 10.0.16299 |
+
+
+
+- IKEv1:
+
+- Methods: Digital Signature, Pre-shared Key, Public Key Encryption
+- Pre-shared Key Length: 64-2048
+- Diffie-Hellman shared secrets:
+
+- Diffie-Hellman shared secret:
+
+- Length: 2048 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 256 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 384 (bits)
+- SHA Functions: SHA-384
+
+Prerequisite: SHS #4009, HMAC #3267
+
+- IKEv2:
+
+- Derived Keying Material length: 192-1792
+- Diffie-Hellman shared secrets:
+
+- Diffie-Hellman shared secret:
+
+- Length: 2048 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 256 (bits)
+- SHA Functions: SHA-256
+ - Diffie-Hellman shared secret:
+
+- Length: 384 (bits)
+- SHA Functions: SHA-384
+
+Prerequisite: SHS #4009, HMAC #3267
+
+- TLS:
+
+- Supports TLS 1.0/1.1
+- Supports TLS 1.2:
+
+- SHA Functions: SHA-256, SHA-384
+
+Prerequisite: SHS #4009, HMAC #3267 |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1496
+Version 10.0.16299 |
+
+
+FIPS186-4 ECDSA
+Signature Generation of hash sized messages
+ECDSA SigGen Component: CURVES( P-256 P-384 P-521 ) |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
+Version 10.0. 15063
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
+Version 10.0. 15063
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
+Version 10.0.14393
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
+Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
+Version 10.0.10586
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
+Version 6.3.9600 |
+
+
+FIPS186-4 RSA; PKCS#1 v2.1
+RSASP1 Signature Primitive
+RSASP1: (Mod2048: PKCS1.5 PKCSPSS) |
+Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285
+Version 10.0.15063
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282
+Version 10.0.15063
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
+Version 10.0.15063
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
+Version 10.0.14393
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
+Version 10.0.14393
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
+Version 10.0.10586
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
+Version 10.0.10240
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289
+Version 6.3.9600 |
+
+
+FIPS186-4 RSA; RSADP
+RSADP Primitive
+RSADP: (Mod2048) |
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283
+Version 10.0.15063
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
+Version 10.0.15063
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
+Version 10.0.14393
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
+Version 10.0.14393
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #663
+Version 10.0.10586
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576
+Version 10.0.10240 |
+
+
+SP800-135
+Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS |
+Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1496
+Version 10.0.16299
+Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
+Version 10.0.15063
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140
+Version 7.00.2872
+Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139
+Version 8.00.6246
+Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886
+Version 10.0.14393
+Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp #664
+Version 10.0.10586
+Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
+Version 10.0.10240
+Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
+Version 6.3.9600 |
+
+
+
+
+
+## References
+
+\[[FIPS 140](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)\] - FIPS 140-2, Security Requirements for Cryptographic Modules
+
+\[[FIPS FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)\] - Cryptographic Module Validation Program (CMVP) FAQ
+
+\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised)
+
+\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
index e526a20669..1e42b10a63 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
@@ -33,7 +33,7 @@ API calls per connection | 100 | 60 seconds
Microsoft and any contributors grant you a license to the Microsoft documentation and other content in this repository under the Creative Commons Attribution 4.0 International Public License, see the LICENSE file.
-Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653.
+Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. Microsoft's general trademark guidelines can be found at https://go.microsoft.com/fwlink/?LinkID=254653.
Privacy information can be found at https://privacy.microsoft.com/en-us/
Microsoft and any contributors reserve all others rights, whether under their respective copyrights, patents, or trademarks, whether by implication, estoppel or otherwise.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index 95e0136a97..698e0aeb8d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -111,7 +111,7 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec
-|-
Common URLs for all locations | ```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com```
```notify.windows.com```
```settings-win.data.microsoft.com```
European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```usseu1northprod.blob.core.windows.net```
```usseu1westprod.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
```wseu1northprod.blob.core.windows.net```
```wseu1westprod.blob.core.windows.net```
-United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```ussuk1southprod. blob.core.windows.net```
```ussuk1westprod. blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod. blob.core.windows.net```
```wsuk1westprod. blob.core.windows.net```
+United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net```
United States | ```us.vortex-win.data.microsoft.com```
```ussus1eastprod.blob.core.windows.net```
```ussus1westprod.blob.core.windows.net```
```ussus2eastprod.blob.core.windows.net```
```ussus2westprod.blob.core.windows.net```
```ussus3eastprod.blob.core.windows.net```
```ussus3westprod.blob.core.windows.net```
```ussus4eastprod.blob.core.windows.net```
```ussus4westprod.blob.core.windows.net```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com```
```wsus1eastprod.blob.core.windows.net```
```wsus1westprod.blob.core.windows.net```
```wsus2eastprod.blob.core.windows.net```
```wsus2westprod.blob.core.windows.net```
If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 7e89edf437..45538af5d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -28,7 +28,7 @@ ms.topic: article
- Windows Server, 2019
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
+> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
Microsoft Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Microsoft Defender Security Center console.
@@ -43,6 +43,9 @@ The service supports the onboarding of the following servers:
For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
+> [!NOTE]
+> An Azure Security Center Standard license is required, per node, to enroll Microsoft Defender ATP on a supported Windows Server platform, see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services)
+
## Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016
There are two options to onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP:
@@ -70,19 +73,19 @@ You'll need to take the following steps if you choose to onboard servers through
- For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
- >[!NOTE]
- >This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2.
+> [!NOTE]
+> This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2.
- Turn on server monitoring from Microsoft Defender Security Center.
- If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), simply attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
->[!TIP]
+> [!TIP]
> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
### Configure and update System Center Endpoint Protection clients
->[!IMPORTANT]
->This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
+> [!IMPORTANT]
+> This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
@@ -138,8 +141,8 @@ Agent Resource | Ports
## Windows Server, version 1803 and Windows Server 2019
To onboard Windows Server, version 1803 or Windows Server 2019, please refer to the supported methods and versions below.
->[!NOTE]
->The Onboarding package for Windows Server 2019 through System Center Configuration Manager currently ships a script. For more information on how to deploy scripts in System Center Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
+> [!NOTE]
+> The Onboarding package for Windows Server 2019 through System Center Configuration Manager currently ships a script. For more information on how to deploy scripts in System Center Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
Supported tools include:
- Local script
@@ -178,21 +181,18 @@ Support for Windows Server, version 1803 and Windows 2019 provides deeper insigh
## Integration with Azure Security Center
Microsoft Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
->[!NOTE]
->You'll need to have the appropriate license to enable this feature.
-
The following capabilities are included in this integration:
- Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
- >[!NOTE]
- > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
+> [!NOTE]
+> Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
- Servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers. In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
->[!IMPORTANT]
->- When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default.
->- If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
+> [!IMPORTANT]
+> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default.
+> - If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
@@ -203,8 +203,8 @@ For other server versions, you have two options to offboard servers from the ser
- Uninstall the MMA agent
- Remove the Microsoft Defender ATP workspace configuration
->[!NOTE]
->Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
+> [!NOTE]
+> Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
### Uninstall servers by uninstalling the MMA agent
To offboard the server, you can uninstall the MMA agent from the server or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the server will no longer send sensor data to Microsoft Defender ATP.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 18f3479e90..94b0798855 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -19,7 +19,7 @@ ms.topic: conceptual
# Enable Microsoft Defender ATP Insider Machine
-The following instructions specify how to configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine. For scale deployment we recommend using Jamf, or Intune.
+Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac machine to be an "Insider" machine as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
>[!IMPORTANT]
>Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
index c46302a04f..38b96e9451 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
@@ -53,6 +53,9 @@ When you have configured exploit protection to your desired state (including bot
3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved.
+> [!IMPORTANT]
+> If you want to use Default configuration, use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file.
+
> [!NOTE]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index f073ddf397..c64de21b8c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -27,11 +27,14 @@ This topic describes how to install, configure, update, and use Microsoft Defend
## What’s new in the latest release
-[What's new](mac-whatsnew.md)
+[What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
-If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
+[What's new in Microsoft Defender ATP for Mac](mac-whatsnew.md)
-To learn how to configure a macOS machine running Microsoft Defender ATP to be an "Insider" machine, go to [Enable Microsoft Defender ATP Insider Machine](endpoint-detection-response-mac-preview.md)
+> [!TIP]
+> If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
+
+To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac machines), configure your macOS machine running Microsoft Defender ATP to be an "Insider" machine. See [Enable Microsoft Defender ATP Insider Machine](endpoint-detection-response-mac-preview.md).
## How to install Microsoft Defender ATP for Mac
@@ -45,13 +48,13 @@ To learn how to configure a macOS machine running Microsoft Defender ATP to be a
There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
-* Third-party management tools:
- * [Microsoft Intune-based deployment](mac-install-with-intune.md)
- * [JAMF-based deployment](mac-install-with-jamf.md)
- * [Other MDM products](mac-install-with-other-mdm.md)
+- Third-party management tools:
+ - [Microsoft Intune-based deployment](mac-install-with-intune.md)
+ - [JAMF-based deployment](mac-install-with-jamf.md)
+ - [Other MDM products](mac-install-with-other-mdm.md)
-* Command-line tool:
- * [Manual deployment](mac-install-manually.md)
+- Command-line tool:
+ - [Manual deployment](mac-install-manually.md)
### System requirements
@@ -91,9 +94,9 @@ $ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'http
The output from this command should be similar to the following:
-> `OK https://x.cp.wd.microsoft.com/api/report`
->
-> `OK https://cdn.x.cp.wd.microsoft.com/ping`
+ `OK https://x.cp.wd.microsoft.com/api/report`
+
+ `OK https://cdn.x.cp.wd.microsoft.com/ping`
> [!CAUTION]
> We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
@@ -105,9 +108,7 @@ $ mdatp --connectivity-test
## How to update Microsoft Defender ATP for Mac
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used.
-
-To read more on how to configure MAU in enterprise environments, refer to [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md)
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md)
## How to configure Microsoft Defender ATP for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
index ce96f68340..e403692a49 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
@@ -55,11 +55,11 @@ You'll need to have access to:
- Method: "GET" as a value to get the list of machines.
- URI: Enter `https://api.securitycenter.windows.com/api/machines`.
- Authentication: Select "Active Directory OAuth".
- - Tenant: Sign-in to http://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value.
+ - Tenant: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value.
- Audience: `https://securitycenter.onmicrosoft.com/windowsatpservice\`
- - Client ID: Sign-in to http://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Client ID value.
+ - Client ID: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Client ID value.
- Credential Type: Select "Secret".
- - Secret: Sign-in to http://portal.azure.com and navigate tnd navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value.
+ - Secret: Sign-in to https://portal.azure.com and navigate tnd navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index 90e4e88018..6d4a1e101e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -42,6 +42,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea
## Preview features
The following features are included in the preview release:
+- [Endpoint detection and response for Mac devices](endpoint-detection-response-mac-preview.md). Recently, [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md) released. Expanding on the protection available in Microsoft Defender ATP for Mac, endpoint detection and response capabilities are now in preview.
+
- [Threat & Vulnerability Management Report inaccuracy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy)
You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation#report-inaccuracy), [software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory#report-inaccuracy), and [discovered vulnerabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses#report-inaccuracy).
- [Threat & Vulnerability Management Advanced Hunting Schemas](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table)
You can now use the Threat & Vulnerability Management tables in the Advanced hunting schema to query about software inventory, vulnerability knowledgebase, security configuration assessment, and security configuration knowledgebase.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index e58d48a928..658a41d9f0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -27,6 +27,9 @@ The following features are generally available (GA) in the latest release of Mic
For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
+## November 2019
+
+- [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md)
Microsoft Defender ATP for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices. ([Endpoint detection and response is currently in preview](preview.md).)
## October 2019
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
index e73bbfe476..d600158473 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@@ -46,7 +46,7 @@ See [Enable cloud-delivered protection](enable-cloud-protection-windows-defender
After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints.
-As a cloud service, it is required that computers have access to the internet and that the ATP machine learning services are reachable. The URL: "\*.blob.core.windows.net" should not be excluded from any kind of network inspection. The table below lists the services and their associated URLs. You should ensure there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL: "\*.blob.core.windows.net").
+As a cloud service, it is required that computers have access to the internet and that the ATP machine learning services are reachable. The URL: "\*.blob.core.windows.net" should not be excluded from any kind of network inspection. The table below lists the services and their associated URLs. You should ensure there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL: "\*.blob.core.windows.net"). Below mention URLs are using port 443 for communication.
| **Service**| **Description** |**URL** |
diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md
index f2d8e10f0a..8efa0d1a1c 100644
--- a/windows/security/threat-protection/windows-platform-common-criteria.md
+++ b/windows/security/threat-protection/windows-platform-common-criteria.md
@@ -23,7 +23,7 @@ Microsoft is committed to optimizing the security of its products and services.
The Security Target describes security functionality and assurance measures used to evaluate Windows.
-- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/0/7/6/0764E933-DD0B-45A7-9144-1DD9F454DCEF/Windows%2010%201803%20GP%20OS%20Security%20Target.pdf)
+- [Microsoft Windows 10 (April 2018 Update)](https://download.microsoft.com/download/0/7/6/0764E933-DD0B-45A7-9144-1DD9F454DCEF/Windows%2010%201803%20GP%20OS%20Security%20Target.pdf)
- [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf)
- [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf)
@@ -43,7 +43,7 @@ The Security Target describes security functionality and assurance measures used
- [Windows 8 and Windows Server 2012 BitLocker](http://www.commoncriteriaportal.org/files/epfiles/st_vid10540-st.pdf)
- [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://www.commoncriteriaportal.org/files/epfiles/st_vid10529-st.pdf)
- [Windows 7 and Windows Server 2008 R2](http://www.commoncriteriaportal.org/files/epfiles/st_vid10390-st.pdf)
-- [Microsoft Windows Server 2008 R2 Hyper-V Role](http://www.microsoft.com/download/en/details.aspx?id=29305)
+- [Microsoft Windows Server 2008 R2 Hyper-V Role](https://www.microsoft.com/download/en/details.aspx?id=29305)
- [Windows Vista and Windows Server 2008 at EAL4+](http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf)
- [Microsoft Windows Server 2008 Hyper-V Role](http://www.commoncriteriaportal.org/files/epfiles/0570b_pdf.pdf)
- [Windows Vista and Windows Server 2008 at EAL1](http://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_st_v1.0.pdf)
@@ -60,7 +60,7 @@ These documents describe how to configure Windows to replicate the configuration
**Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2**
-- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/C/1/6C13FBFF-9CB0-455F-A1C8-3E3CB0ACBD7B/Windows%2010%201803%20GP%20OS%20Administrative%20Guide.pdf)
+- [Microsoft Windows 10 (April 2018 Update)](https://download.microsoft.com/download/6/C/1/6C13FBFF-9CB0-455F-A1C8-3E3CB0ACBD7B/Windows%2010%201803%20GP%20OS%20Administrative%20Guide.pdf)
- [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf)
- [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf)
@@ -137,7 +137,7 @@ These documents describe how to configure Windows to replicate the configuration
An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team.
-- [Microsoft Windows 10 (April 2018 Update)](http://download.microsoft.com/download/6/7/1/67167BF2-885D-4646-A61E-96A0024B52BB/Windows%2010%201803%20GP%20OS%20Certification%20Report.pdf)
+- [Microsoft Windows 10 (April 2018 Update)](https://download.microsoft.com/download/6/7/1/67167BF2-885D-4646-A61E-96A0024B52BB/Windows%2010%201803%20GP%20OS%20Certification%20Report.pdf)
- [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf)
- [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf)
|