349 KiB
title, description, ms.prod, ms.date, manager, ms.author, author, ms.collection, ms.topic, ms.localizationpriority, ms.reviewer, ms.technology
| title | description | ms.prod | ms.date | manager | ms.author | author | ms.collection | ms.topic | ms.localizationpriority | ms.reviewer | ms.technology | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Federal Information Processing Standard (FIPS) 140 Validation | Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140. | windows-client | 08/18/2023 | aaroncz | paoloma | paolomatarazzo |
|
reference | medium | itpro-security |
FIPS 140-2 Validation
FIPS 140-2 standard overview
The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products.
The Cryptographic Module Validation Program (CMVP)) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.
Microsoft's approach to FIPS 140-2 validation
Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.
Using Windows in a FIPS 140-2 approved mode of operation
Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode." If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly.
The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library.
US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography.
Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below.
Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed
Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. Tables listing validated modules, organized by operating system release, are available later in this article.
Step 2: Ensure all security policies for all cryptographic modules are followed
Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module's published Security Policy Document (SPD). The SPDs for each module may be found in the table of validated modules at the end of this article. Select the module version number to view the published SPD for the module.
Step 3: Enable the FIPS security policy
Windows provides the security policy setting, System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing. This setting is used by some Microsoft products to determine whether to run in FIPS mode. When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode. This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
Step 4: Ensure that only FIPS validated cryptographic algorithms are used
FIPS mode is enforced at the level of the application or service. It is not enforced by the operating system or by individual cryptographic modules. Applications or services running in FIPS mode must follow the security policies of validated modules. They must not use a cryptographic algorithm that isn't FIPS-compliant.
In short, an application or service is running in FIPS mode if it:
- Checks for the policy flag
- Enforces security policies of validated modules
Microsoft FIPS 140-2 validated cryptographic modules
The following tables identify the cryptographic modules used in an operating system, organized by release.
Modules used by Windows clients
For more details, expand each operating system section.
Windows 10, version 1809
Validated Editions: Home, Pro, Enterprise, Education
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library | 10.0.17763 | #3197 | See Security Policy and Certificate page for algorithm information |
| Kernel Mode Cryptographic Primitives Library | 10.0.17763 | #3196 | See Security Policy and Certificate page for algorithm information |
| Code Integrity | 10.0.17763 | #3644 | See Security Policy and Certificate page for algorithm information |
| Windows OS Loader | 10.0.17763 | #3615 | See Security Policy and Certificate page for algorithm information |
| Secure Kernel Code Integrity | 10.0.17763 | #3651 | See Security Policy and Certificate page for algorithm information |
| BitLocker Dump Filter | 10.0.17763 | #3092 | See Security Policy and Certificate page for algorithm information |
| Boot Manager | 10.0.17763 | #3089 | See Security Policy and Certificate page for algorithm information |
| Virtual TPM | 10.0.17763 | #3690 | See Security Policy and Certificate page for algorithm information |
Windows 10, version 1803
Validated Editions: Home, Pro, Enterprise, Education
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library | 10.0.17134 | #3197 | See Security Policy and Certificate page for algorithm information |
| Kernel Mode Cryptographic Primitives Library | 10.0.17134 | #3196 | See Security Policy and Certificate page for algorithm information |
| Code Integrity | 10.0.17134 | #3195 | See Security Policy and Certificate page for algorithm information |
| Windows OS Loader | 10.0.17134 | #3480 | See Security Policy and Certificate page for algorithm information |
| Secure Kernel Code Integrity | 10.0.17134 | #3096 | See Security Policy and Certificate page for algorithm information |
| BitLocker Dump Filter | 10.0.17134 | #3092 | See Security Policy and Certificate page for algorithm information |
| Boot Manager | 10.0.17134 | #3089 | See Security Policy and Certificate page for algorithm information |
Windows 10, version 1709
Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library | 10.0.16299 | #3197 | See Security Policy and Certificate page for algorithm information |
| Kernel Mode Cryptographic Primitives Library | 10.0.16299 | #3196 | See Security Policy and Certificate page for algorithm information |
| Code Integrity | 10.0.16299 | #3195 | See Security Policy and Certificate page for algorithm information |
| Windows OS Loader | 10.0.16299 | #3194 | See Security Policy and Certificate page for algorithm information |
| Secure Kernel Code Integrity | 10.0.16299 | #3096 | See Security Policy and Certificate page for algorithm information |
| BitLocker Dump Filter | 10.0.16299 | #3092 | See Security Policy and Certificate page for algorithm information |
| Windows Resume | 10.0.16299 | #3091 | See Security Policy and Certificate page for algorithm information |
| Boot Manager | 10.0.16299 | #3089 | See Security Policy and Certificate page for algorithm information |
Windows 10, version 1703
Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | 10.0.15063 | #3095 | FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459 Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 10.0.15063 | #3094 | #3094 FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459 Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) [Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#3094]) #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521[); FIPS186-4 RSA; RSADP - RSADP Primitive Cert. |
| Boot Manager | 10.0.15063 | #3089 | FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790 Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed) |
| Windows OS Loader | 10.0.15063 | #3090 | FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790 |
| Windows Resume [1] | 10.0.15063 | #3091 | FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790) |
| BitLocker® Dump Filter [2] | 10.0.15063 | #3092 | FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790) |
| Code Integrity (ci.dll) | 10.0.15063 | #3093 | FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282) |
| Secure Kernel Code Integrity (skci.dll)[3] | 10.0.15063 | #3096 | FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282) |
[1] Applies only to Home, Pro, Enterprise, Education, and S.
[2] Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub
[3] Applies only to Pro, Enterprise, Education, and S
Windows 10, version 1607
Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | 10.0.14393 | #2937 | FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 10.0.14393 | #2936 | FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887) |
| Boot Manager | 10.0.14393 | #2931 | FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: MD5; PBKDF (non-compliant); VMK KDF |
| BitLocker® Windows OS Loader (winload) | 10.0.14393 | #2932 | FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: NDRNG; MD5 |
| BitLocker® Windows Resume (winresume)[1] | 10.0.14393 | #2933 | FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: MD5 |
| BitLocker® Dump Filter (dumpfve.sys)[2] | 10.0.14393 | #2934 | FIPS approved algorithms: AES (Certs. #4061 and #4064) |
| Code Integrity (ci.dll) | 10.0.14393 | #2935 | FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: AES (non-compliant); MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) |
| Secure Kernel Code Integrity (skci.dll)[3] | 10.0.14393 | #2938 | FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347) Other algorithms: MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888) |
[1] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
[2] Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile
[3] Applies only to Pro, Enterprise, and Enterprise LTSB
Windows 10, version 1511
Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | 10.0.10586 | #2606 | FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024) Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 10.0.10586 | #2605 | FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024) Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663) |
| Boot Manager [4] | 10.0.10586 | #2700 | FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048) Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
| BitLocker® Windows OS Loader (winload)[5] | 10.0.10586 | #2701 | FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048) Other algorithms: MD5; NDRNG |
| BitLocker® Windows Resume (winresume)[6] | 10.0.10586 | #2702 | FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048) Other algorithms: MD5 |
| BitLocker® Dump Filter (dumpfve.sys)[7] | 10.0.10586 | #2703 | FIPS approved algorithms: AES (Certs. #3653) |
| Code Integrity (ci.dll) | 10.0.10586 | #2604 | FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048) Other algorithms: AES (non-compliant); MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) |
| Secure Kernel Code Integrity (skci.dll)[8] | 10.0.10586 | #2607 | FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048) Other algorithms: MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665) |
[4] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
[5] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
[6] Applies only to Home, Pro, and Enterprise
[7] Applies only to Pro, Enterprise, Mobile, and Surface Hub
[8] Applies only to Enterprise and Enterprise LTSB
Windows 10, version 1507
Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | 10.0.10240 | #2606 | FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969) Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 10.0.10240 | #2605 | FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969) Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576) |
| Boot Manager[9] | 10.0.10240 | #2600 | FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886) Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
| BitLocker® Windows OS Loader (winload)[10] | 10.0.10240 | #2601 | FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871) Other algorithms: MD5; NDRNG |
| BitLocker® Windows Resume (winresume)[11] | 10.0.10240 | #2602 | FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871) Other algorithms: MD5 |
| BitLocker® Dump Filter (dumpfve.sys)[12] | 10.0.10240 | #2603 | FIPS approved algorithms: AES (Certs. #3497 and #3498) |
| Code Integrity (ci.dll) | 10.0.10240 | #2604 | FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871) Other algorithms: AES (non-compliant); MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) |
| Secure Kernel Code Integrity (skci.dll)[13] | 10.0.10240 | #2607 | FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871) Other algorithms: MD5 Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572) |
[9] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
[10] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
[11] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
[12] Applies only to Pro, Enterprise, and Enterprise LTSB
[13] Applies only to Enterprise and Enterprise LTSB
Windows 8.1
Validated Editions: RT, Pro, Enterprise, Phone, Embedded
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | 6.3.9600 6.3.9600.17031 | #2357 | FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.3.9600 6.3.9600.17042 | #2356 | FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692) Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) |
| Boot Manager | 6.3.9600 6.3.9600.17031 | #2351 | FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396) Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
| BitLocker® Windows OS Loader (winload) | 6.3.9600 6.3.9600.17031 | #2352 | FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396) Other algorithms: MD5; NDRNG |
| BitLocker® Windows Resume (winresume)[14] | 6.3.9600 6.3.9600.17031 | #2353 | FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396) Other algorithms: MD5 |
| BitLocker® Dump Filter (dumpfve.sys) | 6.3.9600 6.3.9600.17031 | #2354 | FIPS approved algorithms: AES (Cert. #2832) Other algorithms: N/A |
| Code Integrity (ci.dll) | 6.3.9600 6.3.9600.17031 | #2355 | FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373) Other algorithms: MD5 Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289) |
[14] Applies only to Pro, Enterprise, and Embedded 8.
Windows 8
Validated Editions: RT, Home, Pro, Enterprise, Phone
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) | 6.2.9200 | #1892 | FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387) Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.2.9200 | #1891 | FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387) Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
| Boot Manager | 6.2.9200 | #1895 | FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903) Other algorithms: MD5 |
| BitLocker® Windows OS Loader (WINLOAD) | 6.2.9200 | #1896 | FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903) Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG |
| BitLocker® Windows Resume (WINRESUME)[15] | 6.2.9200 | #1898 | FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903) Other algorithms: MD5 |
| BitLocker® Dump Filter (DUMPFVE.SYS) | 6.2.9200 | #1899 | FIPS approved algorithms: AES (Certs. #2196 and #2198) Other algorithms: N/A |
| Code Integrity (CI.DLL) | 6.2.9200 | #1897 | FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903) Other algorithms: MD5 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) | 6.2.9200 | #1893 | FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
| Enhanced Cryptographic Provider (RSAENH.DLL) | 6.2.9200 | #1894 | FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386) Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
[15] Applies only to Home and Pro
Windows 7
Validated Editions: Windows 7, Windows 7 SP1
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) | 6.1.7600.16385 | 1329 | FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846) Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.1.7600.16385 | 1328 | FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846) Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
| Boot Manager | 6.1.7600.16385 | 1319 | FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081) Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.) Other algorithms: MD5 |
| Winload OS Loader (winload.exe) | 6.1.7600.16385 | 1326 | FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081) Other algorithms: MD5 |
| BitLocker™ Drive Encryption | 6.1.7600.16385 | 1332 | FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081) Other algorithms: Elephant Diffuser |
| Code Integrity (CI.DLL) | 6.1.7600.16385 | 1327 | FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081) Other algorithms: MD5 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) | 6.1.7600.16385 (no change in SP1) |
1331 | FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 |
| Enhanced Cryptographic Provider (RSAENH.DLL) | 6.1.7600.16385 (no change in SP1) |
1330 | FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
Windows Vista SP1
Validated Editions: Ultimate Edition
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Boot Manager (bootmgr) | 6.0.6001.18000 and 6.0.6002.18005 | 978 | FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753) |
| Winload OS Loader (winload.exe) | 6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596 | 979 | FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753) Other algorithms: MD5 |
| Code Integrity (ci.dll) | 6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005 | 980 | FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753) Other algorithms: MD5 |
| Kernel Mode Security Support Provider Interface (ksecdd.sys) | 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 | 1000 | FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
| Cryptographic Primitives Library (bcrypt.dll) | 6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 | 1001 | FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) |
| Enhanced Cryptographic Provider (RSAENH) | 6.0.6001.22202 and 6.0.6002.18005 | 1002 | FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 6.0.6001.18000 and 6.0.6002.18005 | 1003 | FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
Windows Vista
Validated Editions: Ultimate Edition
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Enhanced Cryptographic Provider (RSAENH) | 6.0.6000.16386 | 893 | FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 6.0.6000.16386 | 894 | FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
| BitLocker™ Drive Encryption | 6.0.6000.16386 | 947 | FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737) Other algorithms: Elephant Diffuser |
| Kernel Mode Security Support Provider Interface (ksecdd.sys) | 6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067 | 891 | FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549) Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 |
Windows XP SP3
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.1.2600.5512 | 997 | FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed) Other algorithms: DES; MD5; HMAC MD5 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 5.1.2600.5507 | 990 | FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4 |
| Enhanced Cryptographic Provider (RSAENH) | 5.1.2600.5507 | 989 | FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed) Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits) |
Windows XP SP2
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| DSS/Diffie-Hellman Enhanced Cryptographic Provider | 5.1.2600.2133 | 240 | FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29) Other algorithms: DES (Cert. [#66][des-66]); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement) |
| Microsoft Enhanced Cryptographic Provider | 5.1.2600.2161 | 238 | FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) Other algorithms: DES (Cert. #156); RC2; RC4; MD5 |
Windows XP SP1
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Microsoft Enhanced Cryptographic Provider | 5.1.2600.1029 | 238 | FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) Other algorithms: DES (Cert. #156); RC2; RC4; MD5 |
Windows XP
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Kernel Mode Cryptographic Module | 5.1.2600.0 | 241 | FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed) Other algorithms: DES (Cert. [#89][des-89]) |
Windows 2000 SP3
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.0.2195.1569 | 106 | FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35) Other algorithms: DES (Certs. [#89][des-89]) |
| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider | (Base DSS: 5.0.2195.3665 [SP3]) | 103 | FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 |
Windows 2000 SP2
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.0.2195.1569 | 106 | FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35) Other algorithms: DES (Certs. [#89][des-89]) |
| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider | (Base DSS: | 103 | FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 |
Windows 2000 SP1
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider | (Base DSS: 5.0.2150.1391 [SP1]) | 103 | FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 |
Windows 2000
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider | 5.0.2150.1 | 76 | FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed) Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
Windows 95 and Windows 98
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider | 5.0.1877.6 and 5.0.1877.7 | 75 | FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed) Other algorithms: DES (Certs. [#61][des-61], [62][des-62], [63][des-63] and [64][des-64]); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
Windows NT 4.0
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Base Cryptographic Provider | 5.0.1877.6 and 5.0.1877.7 | 68 | FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed) Other algorithms: DES (Certs. [#61][des-61], [62][des-62], [63][des-63] and [64][des-64]); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) |
Modules used by Windows Server
For more details, expand each operating system section.
Windows Server 2019, version 1809
Validated Editions: Standard, Datacenter
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library | 10.0.17763 | #3197 | See Security Policy and Certificate page for algorithm information |
| Kernel Mode Cryptographic Primitives Library | 10.0.17763 | #3196 | See Security Policy and Certificate page for algorithm information |
| Code Integrity | 10.0.17763 | #3644 | See Security Policy and Certificate page for algorithm information |
| Windows OS Loader | 10.0.17763 | #3615 | See Security Policy and Certificate page for algorithm information |
| Secure Kernel Code Integrity | 10.0.17763 | #3651 | See Security Policy and Certificate page for algorithm information |
| BitLocker Dump Filter | 10.0.17763 | #3092 | See Security Policy and Certificate page for algorithm information |
| Boot Manager | 10.0.17763 | #3089 | See Security Policy and Certificate page for algorithm information |
| Virtual TPM | 10.0.17763 | #3690 | See Security Policy and Certificate page for algorithm information |
Windows Server, version 1803
Validated Editions: Standard, Datacenter
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library | 10.0.17134 | #3197 | See Security Policy and Certificate page for algorithm information |
| Kernel Mode Cryptographic Primitives Library | 10.0.17134 | #3196 | See Security Policy and Certificate page for algorithm information |
| Code Integrity | 10.0.17134 | #3195 | See Security Policy and Certificate page for algorithm information |
| Windows OS Loader | 10.0.17134 | #3480 | See Security Policy and Certificate page for algorithm information |
| Secure Kernel Code Integrity | 10.0.17134 | #3096 | See Security Policy and Certificate page for algorithm information |
| BitLocker Dump Filter | 10.0.17134 | #3092 | See Security Policy and Certificate page for algorithm information |
| Boot Manager | 10.0.17134 | #3089 | See Security Policy and Certificate page for algorithm information |
Windows Server, version 1709
Validated Editions: Standard, Datacenter
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library | 10.0.16299 | #3197 | See Security Policy and Certificate page for algorithm information |
| Kernel Mode Cryptographic Primitives Library | 10.0.16299 | #3196 | See Security Policy and Certificate page for algorithm information |
| Code Integrity | 10.0.16299 | #3195 | See Security Policy and Certificate page for algorithm information |
| Windows OS Loader | 10.0.16299 | #3194 | See Security Policy and Certificate page for algorithm information |
| Secure Kernel Code Integrity | 10.0.16299 | #3096 | See Security Policy and Certificate page for algorithm information |
| BitLocker Dump Filter | 10.0.16299 | #3092 | See Security Policy and Certificate page for algorithm information |
| Windows Resume | 10.0.16299 | #3091 | See Security Policy and Certificate page for algorithm information |
| Boot Manager | 10.0.16299 | #3089 | See Security Policy and Certificate page for algorithm information |
Windows Server 2016
Validated Editions: Standard, Datacenter, Storage Server
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | 10.0.14393 | 2937 | FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 10.0.14393 | 2936 | FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) |
| Boot Manager | 10.0.14393 | 2931 | FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: MD5; PBKDF (non-compliant); VMK KDF |
| BitLocker® Windows OS Loader (winload) | 10.0.14393 | 2932 | FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: NDRNG; MD5 |
| BitLocker® Windows Resume (winresume) | 10.0.14393 | 2933 | FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: MD5 |
| BitLocker® Dump Filter (dumpfve.sys) | 10.0.14393 | 2934 | FIPS approved algorithms: AES (Certs. #4061 and #4064) |
| Code Integrity (ci.dll) | 10.0.14393 | 2935 | FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347) Other algorithms: AES (non-compliant); MD5 |
| Secure Kernel Code Integrity (skci.dll) | 10.0.14393 | 2938 | FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347) Other algorithms: MD5 |
Windows Server 2012 R2
Validated Editions: Server, Storage Server,
StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) | 6.3.9600 6.3.9600.17031 | 2357 | FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.3.9600 6.3.9600.17042 | 2356 | FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692) Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) |
| Boot Manager | 6.3.9600 6.3.9600.17031 | 2351 | FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396) Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) |
| BitLocker® Windows OS Loader (winload) | 6.3.9600 6.3.9600.17031 | 2352 | FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396) Other algorithms: MD5; NDRNG |
| BitLocker® Windows Resume (winresume)[16] | 6.3.9600 6.3.9600.17031 | 2353 | FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396) Other algorithms: MD5 |
| BitLocker® Dump Filter (dumpfve.sys)[17] | 6.3.9600 6.3.9600.17031 | 2354 | FIPS approved algorithms: AES (Cert. #2832) Other algorithms: N/A |
| Code Integrity (ci.dll) | 6.3.9600 6.3.9600.17031 | 2355 | FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373) Other algorithms: MD5 |
[16] Doesn't apply to Azure StorSimple Virtual Array Windows Server 2012 R2
[17] Doesn't apply to Azure StorSimple Virtual Array Windows Server 2012 R2
Windows Server 2012
Validated Editions: Server, Storage Server
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) | 6.2.9200 | [1892] | FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387) Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.2.9200 | 1891 | FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387) Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) |
| Boot Manager | 6.2.9200 | 1895 | FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903) Other algorithms: MD5 |
| BitLocker® Windows OS Loader (WINLOAD) | 6.2.9200 | 1896 | FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903) Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG |
| BitLocker® Windows Resume (WINRESUME) | 6.2.9200 | 1898 | FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903) Other algorithms: MD5 |
| BitLocker® Dump Filter (DUMPFVE.SYS) | 6.2.9200 | 1899 | FIPS approved algorithms: AES (Certs. #2196 and #2198) Other algorithms: N/A |
| Code Integrity (CI.DLL) | 6.2.9200 | 1897 | FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903) Other algorithms: MD5 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) | 6.2.9200 | 1893 | FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
| Enhanced Cryptographic Provider (RSAENH.DLL) | 6.2.9200 | 1894 | FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386) Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
Windows Server 2008 R2
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Boot Manager (bootmgr) | 6.1.7600.16385 or 6.1.7601.17514 | 1321 | FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081) Other algorithms: MD5 |
| Winload OS Loader (winload.exe) | 6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 | 1333 | FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081) Other algorithms: MD5 |
| Code Integrity (ci.dll) | 6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 | 1334 | FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081) Other algorithms: MD5 |
| Kernel Mode Cryptographic Primitives Library (cng.sys) | 6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 | 1335 | FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846) Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 |
| Cryptographic Primitives Library (bcryptprimitives.dll) | 66.1.7600.16385 or 6.1.7601.17514 | 1336 | FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846) Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4 |
| Enhanced Cryptographic Provider (RSAENH) | 6.1.7600.16385 | 1337 | FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 6.1.7600.16385 | 1338 | FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 |
| BitLocker™ Drive Encryption | 6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 | 1339 | FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081) Other algorithms: Elephant Diffuser |
Windows Server 2008
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Boot Manager (bootmgr) | 6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 | 1004 | FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753) Other algorithms: N/A |
| Winload OS Loader (winload.exe) | 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 | 1005 | FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753) Other algorithms: MD5 |
| Code Integrity (ci.dll) | 6.0.6001.18000 and 6.0.6002.18005 | 1006 | FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753) Other algorithms: MD5 |
| Kernel Mode Security Support Provider Interface (ksecdd.sys) | 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 | 1007 | FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
| Cryptographic Primitives Library (bcrypt.dll) | 6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 | 1008 | FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 6.0.6001.18000 and 6.0.6002.18005 | 1009 | FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 |
| Enhanced Cryptographic Provider (RSAENH) | 6.0.6001.22202 and 6.0.6002.18005 | 1010 | FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656) Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
Windows Server 2003 SP2
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 5.2.3790.3959 | 875 | FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543) Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4 |
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.2.3790.3959 | 869 | FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542) Other algorithms: DES; HMAC-MD5 |
| Enhanced Cryptographic Provider (RSAENH) | 5.2.3790.3959 | 868 | FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544) Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) |
Windows Server 2003 SP1
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.2.3790.1830 [SP1] | 405 | FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) [1] x86 [2] SP1 x86, x64, IA64 |
| Enhanced Cryptographic Provider (RSAENH) | 5.2.3790.1830 [Service Pack 1]) | 382 | FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) Other algorithms: DES (Cert. [#226][des-226][1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 [1] x86 [2] SP1 x86, x64, IA64 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 5.2.3790.1830 [Service Pack 1] | 381 | FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) Other algorithms: DES (Cert. [#229][des-229][1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 [1] x86 [2] SP1 x86, x64, IA64 |
Windows Server 2003
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Kernel Mode Cryptographic Module (FIPS.SYS) | 5.2.3790.0 | 405 | FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) Other algorithms: DES (Cert. #230 [1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) [1] x86 [2] SP1 x86, x64, IA64 |
| Enhanced Cryptographic Provider (RSAENH) | 5.2.3790.0 | 382 | FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) Other algorithms: DES (Cert. [#226][des-226][1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 [1] x86 [2] SP1 x86, x64, IA64 |
| Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) | 5.2.3790.0 | 381 | FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) Other algorithms: DES (Cert. [#229][des-229][1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 [1] x86 [2] SP1 x86, x64, IA64 |
Other Products
For more details, expand each product section.
Windows Embedded Compact 7 and Windows Embedded Compact 8
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Enhanced Cryptographic Provider | 7.00.2872 [1] and 8.00.6246 [2] | 2957 | FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384) Allowed algorithms: HMAC-MD5, MD5, NDRNG |
| Cryptographic Primitives Library (bcrypt.dll) | 7.00.2872 [1] and 8.00.6246 [2] | 2956 | FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382) Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength |
Windows CE 6.0 and Windows Embedded Compact 7
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Enhanced Cryptographic Provider | 6.00.1937 [1] and 7.00.1687 [2] | 825 | FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2]) Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES |
Outlook Cryptographic Provider
| Cryptographic Module | Version (link to Security Policy) | FIPS Certificate # | Algorithms |
|---|---|---|---|
| Outlook Cryptographic Provider (EXCHCSP) | SR-1A (3821) | 110 | FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed) Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5 |
Cryptographic algorithms
The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.
For more details, expand each algorithm section.
Advanced Encryption Standard (AES)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
AES-CBC: AES-CFB128: AES-CTR: Counter Source: Internal AES-OFB: |
Microsoft Surface Hub Virtual TPM Implementations #4904 Version 10.0.15063.674 |
AES-CBC: AES-CFB128: AES-CTR: Counter Source: Internal AES-OFB: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903 Version 10.0.16299 |
AES-CBC: AES-CCM: AES-CFB128: AES-CFB8: AES-CMAC: AES-128: AES-192: AES-256: Verification: AES-128: AES-192: AES-256: AES-CTR: Counter Source: Internal AES-ECB: AES-GCM: AES-XTS: |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #4902 Version 10.0.15063.674 |
AES-CBC: AES-CCM: AES-CFB128: AES-CFB8: AES-CMAC: AES-128: AES-192: AES-256: AES-128: AES-192: AES-256: AES-CTR: Counter Source: Internal AES-ECB: AES-GCM: AES-XTS: |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4901 Version 10.0.15254 |
| AES-CBC: AES-CCM: AES-CFB128: AES-CFB8: AES-CMAC: AES-128: AES-192: AES-256: Verification: AES-128: AES-192: AES-256: AES-CTR: Counter Source: Internal AES-ECB: AES-GCM: AES-XTS: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897 Version 10.0.16299 |
| AES-KW: |
Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900 Version 10.0.15063.674 |
| AES-KW: |
Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899 Version 10.0.15254 |
| AES-KW: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898 Version 10.0.16299 |
| AES-CCM: |
Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896 Version 10.0.15063.674 |
| AES-CCM: |
Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895 Version 10.0.15254 |
| AES-CCM: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894 Version 10.0.16299 |
| CBC (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); OFB (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) |
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627 Version 10.0.15063 |
| KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) | Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626 Version 10.0.15063 |
| CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) | Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625 Version 10.0.15063 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported GMAC supported XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f)) |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624 Version 10.0.15063 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); |
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434 Version 7.00.2872 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); |
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433 Version 8.00.6246 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431 Version 7.00.2872 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430 Version 8.00.6246 |
| CBC (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); OFB (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074 Version 10.0.14393 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported GMAC supported XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f)) |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064 Version 10.0.14393 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063 Version 10.0.14393 |
| KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048) | Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062 Version 10.0.14393 |
| CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) | Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061 Version 10.0.14393 |
| KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) | Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations #3652 Version 10.0.10586 |
| CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) | Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" BitLocker® Cryptographic Implementations #3653 Version 10.0.10586 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" RSA32 Algorithm Implementations #3630 Version 10.0.10586 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)vIV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported GMAC supported XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f)) |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" SymCrypt Cryptographic Implementations #3629 Version 10.0.10586 |
| KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048) | Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507 Version 10.0.10240 |
| CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) | Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498 Version 10.0.10240 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported GMAC supported XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f)) |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497 Version 10.0.10240 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476 Version 10.0.10240 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); |
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853 Version 6.3.9600 |
| CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) | Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848 Version 6.3.9600 |
| CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported; OtherIVLen_Supported GMAC supported |
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832 Version 6.3.9600 |
| CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96) IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported GMAC supported |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216 |
| CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16) | Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196 |
| CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16) | Windows Server 2008 R2 and SP1 CNG algorithms #1187 Windows 7 Ultimate and SP1 CNG algorithms #1178 |
| CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16) | Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); |
Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 |
| GCM GMAC |
Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168, vendor-affirmed |
| CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16) | Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760 |
| CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16**)** | Windows Server 2008 CNG algorithms #757 Windows Vista Ultimate SP1 CNG algorithms #756 |
| CBC (e/d; 128, 256); CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16) |
Windows Vista Ultimate BitLocker Drive Encryption #715 Windows Vista Ultimate BitLocker Drive Encryption #424 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); |
Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739 Windows Vista Symmetric Algorithm Implementation #553 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CTR (int only; 128, 192, 256) |
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023 |
| ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); |
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781 Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #548 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #516 Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) #507 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #290 Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) #224 Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #80 Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) #33 |
Component
| Publication / Component Validated / Description | Implementation and Certificate # |
|---|---|
ECDSA SigGen: Prerequisite: DRBG #489 |
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540 Version 6.3.9600 |
RSASP1: Modulus Size: 2048 (bits) |
Microsoft Surface Hub Virtual TPM Implementations #1519 Version 10.0.15063.674 |
RSASP1: Modulus Size: 2048 (bits) |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518 Version 10.0.16299 |
| RSADP: Modulus Size: 2048 (bits) |
Microsoft Surface Hub MsBignum Cryptographic Implementations #1517 Version 10.0.15063.674 |
RSASP1: Modulus Size: 2048 (bits) |
Microsoft Surface Hub MsBignum Cryptographic Implementations #1516 Version 10.0.15063.674 |
ECDSA SigGen: Prerequisite: DRBG #1732 |
Microsoft Surface Hub MsBignum Cryptographic Implementations #1515 Version 10.0.15063.674 |
ECDSA SigGen: Prerequisite: DRBG #1732 |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #1514 Version 10.0.15063.674 |
| RSADP: Modulus Size: 2048 (bits) |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #1513 Version 10.0.15063.674 |
RSASP1: Modulus Size: 2048 (bits) |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #1512 Version 10.0.15063.674 |
IKEv1: Diffie-Hellman shared secrets: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS #4011, HMAC #3269 IKEv2: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS #4011, HMAC #3269 TLS: SHA Functions: SHA-256, SHA-384 |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #1511 Version 10.0.15063.674 |
ECDSA SigGen: Prerequisite: DRBG #1731 |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1510 Version 10.0.15254 |
| RSADP: Modulus Size: 2048 (bits) |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1509 Version 10.0.15254 |
RSASP1: Modulus Size: 2048 (bits) |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1508 Version 10.0.15254 |
IKEv1: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS #4010, HMAC #3268 IKEv2: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS #4010, HMAC #3268 TLS: SHA Functions: SHA-256, SHA-384 |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1507 Version 10.0.15254 |
ECDSA SigGen: Prerequisite: DRBG #1731 |
Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1506 Version 10.0.15254 |
| RSADP: Modulus Size: 2048 (bits) |
Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1505 Version 10.0.15254 |
RSASP1: Modulus Size: 2048 (bits) |
Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1504 Version 10.0.15254 |
ECDSA SigGen: Prerequisite: DRBG #1730 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503 Version 10.0.16299 |
| RSADP: Modulus Size: 2048 (bits) |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502 Version 10.0.16299 |
RSASP1: Modulus Size: 2048 (bits) |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501 Version 10.0.16299 |
ECDSA SigGen: Prerequisite: DRBG #1730 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499 Version 10.0.16299 |
| RSADP: Modulus Size: 2048 (bits) |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498 Version 10.0.16299 |
RSASP1: Modulus Size: 2048 (bits) |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1497 Version 10.0.16299 |
IKEv1: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS #4009, HMAC #3267 IKEv2: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Diffie-Hellman shared secret: Prerequisite: SHS #4009, HMAC #3267 TLS: SHA Functions: SHA-256, SHA-384 |
Windows 10 Home, Pro, Enterprise, Education,Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1496 Version 10.0.16299 |
| FIPS186-4 ECDSA Signature Generation of hash sized messages ECDSA SigGen Component: CURVES(P-256 P-384 P-521) |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284 Version 10.0. 15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279 Version 10.0. 15063 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922 Version 10.0.14393 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894 Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations #666 Version 10.0.10586 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288 Version 6.3.9600 |
| FIPS186-4 RSA; PKCS#1 v2.1 RSASP1 Signature Primitive RSASP1: (Mod2048: PKCS1.5 PKCSPSS) |
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1285 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1282 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280 Version 10.0.15063 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893 Version 10.0.14393 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888 Version 10.0.14393 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations #665 Version 10.0.10586 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572 Version 10.0.10240 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations #289 Version 6.3.9600 |
| FIPS186-4 RSA; RSADP RSADP Primitive RSADP: (Mod2048) |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1283 Version 10.0.15063 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281 Version 10.0.15063 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895 Version 10.0.14393 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887 Version 10.0.14393 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations #663 Version 10.0.10586 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #576 Version 10.0.10240 |
| SP800-135 Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1496 Version 10.0.16299 Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278 Version 10.0.15063 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1140 Version 7.00.2872 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1139 Version 8.00.6246 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp #886 Version 10.0.14393 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" BCryptPrimitives and NCryptSSLp #664 Version 10.0.10586 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575 Version 10.0.10240 Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323 Version 6.3.9600 |
Deterministic Random Bit Generator (DRBG)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
Counter: Prerequisite: AES #4904 |
Microsoft Surface Hub Virtual TPM Implementations #1734 Version 10.0.15063.674 |
Counter: Prerequisite: AES #4903 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733 Version 10.0.16299 |
Counter: Prerequisite: AES #4902 |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #1732 Version 10.0.15063.674 |
Counter: Prerequisite: AES #4901 |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1731 Version 10.0.15254 |
Counter: Prerequisite: AES #4897 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730 Version 10.0.16299 |
| CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4627)] |
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556 Version 10.0.15063 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256 (AES validation number 4624)] | Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555 Version 10.0.15063 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4434)] | Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433 Version 7.00.2872 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4433)] | Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432 Version 8.00.6246 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4431)] | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430 Version 7.00.2872 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4430)] | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429 Version 8.00.6246 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4074)] | Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222 Version 10.0.14393 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4064)] | Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217 Version 10.0.14393 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3629)] | Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955 Version 10.0.10586 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3497)] | Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868 Version 10.0.10240 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2832)] | Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489 Version 6.3.9600 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2197)] | Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 2023)] | Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193 |
| CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 1168)] | Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23 |
| DRBG (SP 800-90) | Windows Vista Ultimate SP1, vendor-affirmed |
Digital Signature Algorithm (DSA)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
| DSA: PQGGen: PQGVer: SigGen: SigVer: KeyPair: |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #1303 Version 10.0.15063.674 |
| DSA: PQGGen: PQGVer: SigGen: SigVer: KeyPair: |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1302 Version 10.0.15254 |
| DSA: PQGGen: PQGVer: SigGen: SigVer: KeyPair: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301 Version 10.0.16299 |
| FIPS186-4: PQG(gen) PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] **PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(ver) PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] DRBG: validation number 1555 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223 Version 10.0.15063 |
| FIPS186-4: PQG(ver)PARMS TESTED: [(1024,160) SHA(1)] SIG(ver)PARMS TESTED: [(1024,160) SHA(1)] |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188 Version 7.00.2872 |
| FIPS186-4: PQG(ver)PARMS TESTED: [(1024,160) SHA(1)] SIG(ver)PARMS TESTED: [(1024,160) SHA(1)] |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187 Version 8.00.6246 |
| FIPS186-4: PQG(gen) PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] **PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] DRBG: validation number 1217 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098 Version 10.0.14393 |
| FIPS186-4: PQG(gen) PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] **PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] DRBG: validation number 955 |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations #1024 Version 10.0.10586 |
| FIPS186-4: PQG(gen) PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] **PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] DRBG: validation number 868 |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983 Version 10.0.10240 |
| FIPS186-4: PQG(gen) PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED: [(2048,256), SHA(256); (3072,256) SHA(256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] DRBG: validation number 489 |
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855 Version 6.3.9600 |
| FIPS186-2: PQG(ver) MOD(1024); SIG(ver) MOD(1024); SHS: #1903 DRBG: #258 FIPS186-4: PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] SHS: #1903 DRBG: #258 |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687 |
| FIPS186-2: PQG(ver) MOD(1024); SIG(ver) MOD(1024); SHS: #1902 DRBG: #258 |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686 |
| FIPS186-2: SIG(ver) MOD(1024); DRBG: validation number 193 |
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645 |
| FIPS186-2: SIG(ver) MOD(1024); DRBG: validation number 23 |
Windows Server 2008 R2 and SP1 CNG algorithms #391 Windows 7 Ultimate and SP1 CNG algorithms #386 |
| FIPS186-2: SIG(ver) MOD(1024); |
Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390 Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385 |
| FIPS186-2: SIG(ver) MOD(1024); |
Windows Server 2008 CNG algorithms #284 Windows Vista Ultimate SP1 CNG algorithms #283 |
| FIPS186-2: SIG(ver) MOD(1024); |
Windows Server 2008 Enhanced DSS (DSSENH) #282 Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281 |
| FIPS186-2: SIG(ver) MOD(1024); |
Windows Vista CNG algorithms #227 Windows Vista Enhanced DSS (DSSENH) #226 |
| FIPS186-2: SIG(ver) MOD(1024); |
Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292 |
| FIPS186-2: SIG(ver) MOD(1024); |
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291 |
| FIPS186-2: PQG(gen) MOD(1024); PQG(ver) MOD(1024); KEYGEN(Y) MOD(1024); SIG(gen) MOD(1024); SIG(ver) MOD(1024); |
Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221 |
| FIPS186-2: PQG(gen) MOD(1024); PQG(ver) MOD(1024); KEYGEN(Y) MOD(1024); SIG(gen) MOD(1024);vSIG(ver) MOD(1024);vSHS: validation number 385 |
Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146 |
| FIPS186-2: PQG(ver) MOD(1024); KEYGEN(Y) MOD(1024);vSIG(gen) MOD(1024); SIG(ver) MOD(1024); |
Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95 |
| FIPS186-2: PQG(gen) MOD(1024); PQG(ver) MOD(1024); KEYGEN(Y) MOD(1024); SIG(gen) MOD(1024); SHS: SHA-1 (BYTE) SIG(ver) MOD(1024); SHS: SHA-1 (BYTE) |
Windows 2000 DSSENH.DLL #29 Windows 2000 DSSBASE.DLL #28 Windows NT 4 SP6 DSSENH.DLL #26 Windows NT 4 SP6 DSSBASE.DLL #25 |
| FIPS186-2: PRIME; FIPS186-2: **KEYGEN(Y):**SHS: SHA-1 (BYTE) SIG(gen):SIG(ver) MOD(1024); SHS: SHA-1 (BYTE) |
Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider #17 |
Elliptic Curve Digital Signature Algorithm (ECDSA)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: |
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263 Version 6.3.9600 |
| ECDSA:186-4: Key Pair Generation: |
Microsoft Surface Hub Virtual TPM Implementations #1253 Version 10.0.15063.674 |
| ECDSA:186-4: Key Pair Generation: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252 Version 10.0.16299 |
| ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: |
Microsoft Surface Hub MsBignum Cryptographic Implementations #1251 Version 10.0.15063.674 |
| ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #1250 Version 10.0.15063.674 |
| ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #1249 Version 10.0.15254 |
| ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: |
Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #1248 Version 10.0.15254 |
| ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247 Version 10.0.16299 |
| ECDSA:186-4: Key Pair Generation: Public Key Validation: Signature Generation: Signature Verification: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246 Version 10.0.16299 |
| FIPS186-4: PKG: CURVES(P-256 P-384 TestingCandidates) DRBG: validation number 1555 |
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136 Version 10.0.15063 |
| FIPS186-4: PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits) PKV: CURVES(P-256 P-384 P-521) SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) DRBG: validation number 1555 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135 Version 10.0.15063 |
| FIPS186-4: PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits) PKV: CURVES(P-256 P-384 P-521) SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) DRBG: validation number 1555 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133 Version 10.0.15063 |
| FIPS186-4: PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits) PKV: CURVES(P-256 P-384 P-521) SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only. SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512)) |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073 Version 7.00.2872 |
| FIPS186-4: PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits) PKV: CURVES(P-256 P-384 P-521) SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only. SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512)) |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072 Version 8.00.6246 |
| FIPS186-4: PKG: CURVES(P-256 P-384 TestingCandidates)vPKV: CURVES(P-256 P-384) SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.vSigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384)) DRBG: validation number 1222 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920 Version 10.0.14393 |
| FIPS186-4: PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits) PKV: CURVES(P-256 P-384 P-521) SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))vSHS: validation number 3347 DRBG: validation number 1217 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911 Version 10.0.14393 |
| FIPS186-4: PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits) SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) DRBG: validation number 955 |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations #760 Version 10.0.10586 |
| FIPS186-4: PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits) SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) DRBG: validation number 868 |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706 Version 10.0.10240 |
| FIPS186-4: PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits) SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) DRBG: validation number 489 |
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505 Version 6.3.9600 |
| FIPS186-2: PKG: CURVES(P-256 P-384 P-521) SHS: #1903 DRBG: #258 SIG(ver): CURVES(P-256 P-384 P-521) SHS: #1903 DRBG: #258 FIPS186-4: SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) SHS: #1903 DRBG: #258. |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341 |
| FIPS186-2: PKG: CURVES(P-256 P-384 P-521) DRBG: validation number 193 SIG(ver): CURVES(P-256 P-384 P-521) DRBG: validation number 193 FIPS186-4: SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)) DRBG: validation number 193. |
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295 |
| FIPS186-2: PKG: CURVES(P-256 P-384 P-521) DRBG: validation number 23 SIG(ver): CURVES(P-256 P-384 P-521) DRBG: validation number 23. |
Windows Server 2008 R2 and SP1 CNG algorithms #142 Windows 7 Ultimate and SP1 CNG algorithms #141 |
| FIPS186-2: PKG: CURVES(P-256 P-384 P-521) SIG(ver): CURVES(P-256 P-384 P-521) SHS: validation number 753. |
Windows Server 2008 CNG algorithms #83 Windows Vista Ultimate SP1 CNG algorithms #82 |
| FIPS186-2: PKG: CURVES(P-256 P-384 P-521) SIG(ver): CURVES(P-256 P-384 P-521) RNG: validation number 321. |
Windows Vista CNG algorithms #60 |
Keyed-Hash Message Authentication Code (HMAC)
| Modes / States / |
Algorithm Implementation and Certificate # |
|---|---|
HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: Prerequisite: SHS #4011 |
Microsoft Surface Hub Virtual TPM Implementations #3271 Version 10.0.15063.674 |
HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: Prerequisite: SHS #4009 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270 Version 10.0.16299 |
HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: HMAC-SHA2-512: Prerequisite: SHS #4011 |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #3269 Version 10.0.15063.674 |
HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: HMAC-SHA2-512: Prerequisite: SHS #4010 |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #3268 Version 10.0.15254 |
HMAC-SHA-1: HMAC-SHA2-256: HMAC-SHA2-384: HMAC-SHA2-512: Prerequisite: SHS #4009 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267 Version 10.0.16299 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790 |
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062 Version 10.0.15063 |
HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3790 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061 Version 10.0.15063 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3652 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3652 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3652 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3652 |
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946 Version 7.00.2872 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3651 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3651 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3651 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3651 |
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945 Version 8.00.6246 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3649 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3649 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3649 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3649 |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943 Version 7.00.2872 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3648 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3648 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3648 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3648 |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942 Version 8.00.6246 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3347 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3347 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661 Version 10.0.14393 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3347 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3347 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3347 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3347 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651 Version 10.0.14393 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" SymCrypt Cryptographic Implementations #2381 Version 10.0.10586 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233 Version 10.0.10240 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) |
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773 Version 6.3.9600 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 2764 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 2764 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 2764 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 2764 |
Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122 Version 5.2.29344 |
HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902 HMAC-SHA256 (Key Size Ranges Tested: KS#1902 |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS#1902 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS#1902 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS#1902 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS#1902 |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) HMAC-SHA256 (Key Size Ranges Tested: KSBS) HMAC-SHA384 (Key Size Ranges Tested: KSBS) HMAC-SHA512 (Key Size Ranges Tested: KSBS) |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 1773 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 1773 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 1773 |
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll), #1364 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 1774 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 1774 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 1774 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 1774 |
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 1081 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 1081 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 1081 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 1081 |
Windows Server 2008 R2 and SP1 CNG algorithms #686 Windows 7 and SP1 CNG algorithms #677 Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687 Windows 7 Enhanced Cryptographic Provider (RSAENH) #673 |
HMAC-SHA1(Key Sizes Ranges Tested: KSvalidation number 1081 HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 1081 |
Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 816 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 816 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 816 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 816 |
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 753 HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 753 |
Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 753 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 753 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 753 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 753 |
Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408 Windows Vista Enhanced Cryptographic Provider (RSAENH) #407 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHS validation number 618 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 618 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 618 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 618 |
Windows Vista Enhanced Cryptographic Provider (RSAENH) #297 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 785 |
Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429 Windows XP, vendor-affirmed |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 783 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 783 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 783 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 783 |
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 613 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 613 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 613 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 613 |
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 610 |
Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 753 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 753 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 753 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 753 |
Windows Server 2008 CNG algorithms #413 Windows Vista Ultimate SP1 CNG algorithms #412 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 737 HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 737 |
Windows Vista Ultimate BitLocker Drive Encryption #386 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 618 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 618 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 618 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 618 |
Windows Vista CNG algorithms #298 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 589 HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHS validation number 589 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 589 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 589 |
Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 578 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 578 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 578 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 578 |
Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 495 HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 495 |
Windows Vista BitLocker Drive Encryption #199 |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 364 |
Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99 Windows XP, vendor-affirmed |
HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 305 HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 305 HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 305 HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 305 |
Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31 |
Key Agreement Scheme (KAS)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
| KAS ECC: Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration Schemes: Full Unified: EC: ED: Prerequisite: SHS #4011, ECDSA #1253, DRBG #1734 |
Microsoft Surface Hub Virtual TPM Implementations #150 Version 10.0.15063.674 |
| KAS ECC: Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration Schemes: Full Unified: EC: ED: Prerequisite: SHS #4009, ECDSA #1252, DRBG #1733 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149 Version 10.0.16299 |
| KAS ECC: Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration Schemes: Ephemeral Unified: EC: ED: EE: One-Pass DH: EC: ED: EE: Static Unified: EC: ED: EE: Prerequisite: SHS #4011, ECDSA #1250, DRBG #1732 KAS FFC: Schemes: dhEphem: FB: FC: dhOneFlow: FB: FC dhStatic: FB: FC: Prerequisite: SHS #4011, DSA #1303, DRBG #1732 |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #148 Version 10.0.15063.674 |
| KAS ECC: Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration Schemes: Ephemeral Unified: EC: ED: EE: One-Pass DH: EC: ED: EE: Static Unified: EC: ED: EE: Prerequisite: SHS #4010, ECDSA #1249, DRBG #1731 KAS FFC: Schemes: dhEphem: FB: FC: dhOneFlow: FB: FC dhStatic: FB: FC: Prerequisite: SHS #4010, DSA #1302, DRBG #1731 |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #147 Version 10.0.15254 |
| KAS ECC:
Schemes: Ephemeral Unified: EC: ED: EE: One-Pass DH: ED EE: Static Unified: EC: ED: EE: Prerequisite: SHS #4009, ECDSA #1246, DRBG #1730 KAS FFC: Schemes: dhEphem: FB: FC: dhOneFlow: FB: FC: dhStatic: FB: FC: Prerequisite: SHS #4009, DSA #1301, DRBG #1730 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146 Version 10.0.16299 |
| ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) SCHEMES [FullUnified (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC)] | Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128 Version 10.0.15063 |
| FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder>) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] DRBG validation number 1555ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] ECDSA validation number 1133DRBG validation number 1555 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127 Version 10.0.15063 |
| FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder>) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115 Version 7.00.2872 |
| FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhHybridOneFlow (No_KC < KARole(s): Initiator / Responder>) (**FB:**SHA256 HMAC) (FC: SHA256 HMAC)] [dhStatic (No_KC < KARole(s): Initiator / Responder>) (**FB:**SHA256 HMAC) (FC: SHA256 HMAC)] ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] ECDSA validation number 1072 |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114 Version 8.00.6246 |
| ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) SCHEMES [FullUnified (No_KC < KARole(s): Initiator / Responder > < KDF: CONCAT >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC)] SHS validation number 3347 ECDSA validation number 920 DRBG validation number 1222 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93 Version 10.0.14393 |
| FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS validation number 3347 DSA validation number 1098 DRBG validation number 1217 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS validation number 3347 DSA validation number 1098 ECDSA validation number 911 DRBG validation number 1217 HMAC validation number 2651 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92 Version 10.0.14393 |
| FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS validation number 3047 DSA validation number 1024 DRBG validation number 955 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS validation number 3047 ECDSA validation number 760 DRBG validation number 955 |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72 Version 10.0.10586 |
| FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS validation number 2886 DSA validation number 983 DRBG validation number 868 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS validation number 2886 ECDSA validation number 706 DRBG validation number 868 |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64 Version 10.0.10240 |
| FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS validation number 2373 DSA validation number 855 DRBG validation number 489 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] [StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS validation number 2373 ECDSA validation number 505 DRBG validation number 489 |
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47 Version 6.3.9600 |
| FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder) (FA: SHA256) (FB: SHA256) (FC: SHA256)] [dhOneFlow (KARole(s): Initiator / Responder) (FA: SHA256) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder>) (FA: SHA256 HMAC) (FB: SHA256 HMAC) (FC: SHA256 HMAC)] SHS #1903 DSA validation number 687 DRBG #258 ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))] [OnePassDH(No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))] [StaticUnified (No_KC < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))] SHS #1903 ECDSA validation number 341 DRBG #258 |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36 |
| KAS (SP 800-56A) |
Windows 7 and SP1, vendor-affirmed Windows Server 2008 R2 and SP1, vendor-affirmed |
SP 800-108 Key-Based Key Derivation Functions (KBKDF)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
| Counter: MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384 MAC prerequisite: HMAC #3271 |
Microsoft Surface Hub Virtual TPM Implementations #161 Version 10.0.15063.674 |
| Counter: MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384 MAC prerequisite: HMAC #3270 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160 Version 10.0.16299 |
| Counter: MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 MAC prerequisite: AES #4902, HMAC #3269 K prerequisite: KAS #148 |
Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #159 Version 10.0.15063.674 |
| Counter: MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 MAC prerequisite: AES #4901, HMAC #3268 K prerequisite: KAS #147 |
Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #158 Version 10.0.15254 |
| Counter: MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 MAC prerequisite: AES #4897, HMAC #3267 K prerequisite: KAS #146 |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157 Version 10.0.16299 |
| CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256][HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32])) | Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141 Version 10.0.15063 |
| CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) | Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140 Version 10.0.15063 |
| CTR_Mode: (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32])) KAS validation number 93 DRBG validation number 1222 MAC validation number 2661 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102 Version 10.0.14393 |
| CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS validation number 92 AES validation number 4064 DRBG validation number 1217 MAC validation number 2651 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101 Version 10.0.14393 |
| CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS validation number 72 AES validation number 3629 DRBG validation number 955 MAC validation number 2381 |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations #72 Version 10.0.10586 |
| CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) KAS validation number 64 AES validation number 3497 RBG validation number 868 MAC validation number 2233 |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66 Version 10.0.10240 |
| CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) | Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30 Version 6.3.9600 |
| CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32])) DRBG #258 HMAC validation number 1345 |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3 |
Random Number Generator (RNG)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
| FIPS 186-2 General Purpose [(x-Original); (SHA-1)] |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110 |
| FIPS 186-2 [(x-Original); (SHA-1)] |
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292 Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #66 |
| FIPS 186-2 [(x-Change Notice); (SHA-1)]; FIPS 186-2 General Purpose [(x-Change Notice); (SHA-1)] |
Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649 Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435 Windows Vista RNG implementation #321 |
| FIPS 186-2 General Purpose [(x-Change Notice); (SHA-1)] |
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470 Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #316 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #313 |
| FIPS 186-2 [(x-Change Notice); (SHA-1)] |
Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448 Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314 |
RSA
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
| RSA: 186-4: Signature Generation PKCS1.5: Mod 2048 SHA: SHA-1, Signature Generation PSS: Mod 2048: Signature Verification PKCS1.5: Mod 1024 SHA: SHA-1, Mod 2048 SHA: SHA-1, Signature Verification PSS: Mod 2048: Mod 3072: |
Microsoft Surface Hub Virtual TPM Implementations #2677 Version 10.0.15063.674 |
| RSA: 186-4: Signature Generation PKCS1.5: Mod 2048 SHA: Signature Generation PSS: Mod 2048: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Signature Verification PSS: Mod 1024 Mod 2048: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter ( Version 1709); Virtual TPM Implementations #2676 Version 10.0.16299 |
| RSA: 186-4: Key Generation: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: |
Microsoft Surface Hub RSA32 Algorithm Implementations #2675 Version 10.0.15063.674 |
| RSA: 186-4: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674 Version 10.0.16299 |
| RSA: 186-4: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: |
Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations #2673 Version 10.0.15254 |
| RSA: 186-4: Key Generation: Mod lengths: 2048, 3072 (bits) Primality Tests: C.3 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072 Signature Verification PKCS1.5 Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS Mod 1024 Mod 2048: Mod 3072: |
Microsoft Surface Hub MsBignum Cryptographic Implementations #2672 Version 10.0.15063.674 |
| RSA: 186-4: Key Generation: Probable Random Primes: Mod lengths: 2048, 3072 (bits) Primality Tests: C 2 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024: Mod 2048: Mod 3072: |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #2671 Version 10.0.15063.674 |
| RSA: 186-4: Key Generation: Probable Random Primes: Mod lengths: 2048, 3072 (bits) Primality Tests: C.2 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024: Mod 2048 Mod 3072: |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2670 Version 10.0.15254 |
| RSA: 186-4: Key Generation: Public Key Exponent: Fixed (10001) Provable Primes with Conditions: Mod lengths: 2048, 3072 (bits) Primality Tests: C.3 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072 Signature Verification PKCS1.5 Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024 Mod 2048: Mod 3072: |
Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations #2669 Version 10.0.15254 |
186-4: Key Generation: Public Key Exponent: Fixed (10001) Provable Primes with Conditions: Mod lengths: 2048, 3072 (bits) Primality Tests: C.3 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072 Signature Verification PKCS1.5 Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024 Mod 2048: Mod 3072: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668 Version 10.0.16299 |
186-4: Key Generation Probable Random Primes: Mod lengths: 2048, 3072 (bits) Primality Tests: C.2 Signature Generation PKCS1.5: Mod 2048 SHA: Mod 3072 SHA: Signature Generation PSS: Mod 2048: Mod 3072: Signature Verification PKCS1.5: Mod 1024 SHA: Mod 2048 SHA: Mod 3072 SHA: Signature Verification PSS: Mod 1024: Mod 2048: Mod 3072: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667 Version 10.0.16299 |
FIPS186-4: SIG(ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384)) [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) **SIG(gen) with SHA-1 affirmed for use with protocols only. **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) |
Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524 Version 10.0.15063 |
FIPS186-4: |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523 Version 10.0.15063 |
FIPS186-4: 186-4KEY(gen): FIPS186-4_Fixed_e (10001); PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3) SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only. **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64 DRBG: validation number 1555 |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522 Version 10.0.15063 |
FIPS186-4: 186-4KEY(gen):PGM(ProbRandom: (2048, 3072) PPTT:(C.2) SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only. **SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) |
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521 Version 10.0.15063 |
FIPS186-2: FIPS186-4: **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) |
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415 Version 7.00.2872 |
FIPS186-2: FIPS186-4: **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) |
Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414 Version 8.00.6246 |
FIPS186-2: FIPS186-4: 186-4KEY(gen): FIPS186-4_Fixed_e (10001); PGM(ProbRandom: (2048, 3072) PPTT:(C.2) **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) DRBG: validation number 1430 |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412 Version 7.00.2872 |
FIPS186-2: FIPS186-4: 186-4KEY(gen): FIPS186-4_Fixed_e (10001); PGM(ProbRandom: (2048, 3072) PPTT:(C.2) **SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) DRBG: validation number 1429 |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411 Version 8.00.6246 |
FIPS186-4: [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206 Version 10.0.14393 |
FIPS186-4: 186-4KEY(gen): FIPS186-4_Fixed_e (10001 PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3) SHA validation number 3347 DRBG: validation number 1217 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195 Version 10.0.14393 |
FIPS186-4: |
soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194 Version 10.0.14393 |
FIPS186-4: SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SHA validation number 3347 DRBG: validation number 1217 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193 Version 10.0.14393 |
FIPS186-4: Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SHA validation number 3347 DRBG: validation number 1217 |
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192 Version 10.0.14393 |
FIPS186-4: 186-4KEY(gen): FIPS186-4_Fixed_e (10001); PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3) SHA validation number 3047 DRBG: validation number 955 |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" RSA Key Generation Implementation #1889 Version 10.0.10586 |
FIPS186-4: |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871 Version 10.0.10586 |
FIPS186-4: SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888 Version 10.0.10586 |
FIPS186-4: Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) |
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887 Version 10.0.10586 |
FIPS186-4: 186-4KEY(gen): FIPS186-4_Fixed_e (10001);PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3) SHA validation number 2886 DRBG: validation number 868 |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798 Version 10.0.10240 |
FIPS186-4: |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784 Version 10.0.10240 |
FIPS186-4: |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783 Version 10.0.10240 |
FIPS186-4: |
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802 Version 10.0.10240 |
FIPS186-4: 186-4KEY(gen): FIPS186-4_Fixed_e; PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3) SHA validation number 2373 DRBG: validation number 489 |
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487 Version 6.3.9600 |
FIPS186-4: |
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494 Version 6.3.9600 |
FIPS186-4: |
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493 Version 6.3.9600 |
FIPS186-4: |
Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519 Version 6.3.9600 |
FIPS186-4: [RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512)), SHA #1903. |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134 |
FIPS186-4: 186-4KEY(gen): FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3) |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133 |
FIPS186-2: |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132 |
FIPS186-2:ALG[ANSIX9.31]: SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774 |
Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052 |
FIPS186-2: |
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051 |
FIPS186-2: |
Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568 |
FIPS186-2: ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: |
Windows Server 2008 R2 and SP1 CNG algorithms #567 Windows 7 and SP1 CNG algorithms #560 |
FIPS186-2: |
Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559 |
FIPS186-2: |
Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557 |
FIPS186-2: |
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395 |
FIPS186-2: |
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371 |
FIPS186-2: ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: |
Windows Server 2008 CNG algorithms #358 Windows Vista SP1 CNG algorithms #357 |
FIPS186-2: |
Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355 Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354 |
FIPS186-2: |
Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353 |
FIPS186-2: |
Windows Vista RSA key generation implementation #258 |
FIPS186-2: ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: |
Windows Vista CNG algorithms #257 |
FIPS186-2: |
Windows Vista Enhanced Cryptographic Provider (RSAENH) #255 |
FIPS186-2: |
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245 |
FIPS186-2: |
Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230 |
FIPS186-2: |
Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222 |
FIPS186-2: SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 364. |
Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81 |
FIPS186-2: |
Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52 |
FIPS186-2:: |
Windows XP, vendor-affirmed Windows 2000, vendor-affirmed |
Secure Hash Standard (SHS)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
SHA-1: SHA-256: SHA-384: SHA-512: |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #4011 Version 10.0.15063.674 |
SHA-1: SHA-256: SHA-384: SHA-512: |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #4010 Version 10.0.15254 |
SHA-1: SHA-256: SHA-384: SHA-512: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009 Version 10.0.16299 |
| Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3790 Version 10.0.15063 |
|
| Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3652 Version 7.00.2872 |
|
| Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #3651 Version 8.00.6246 |
|
| Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3649 Version 7.00.2872 |
|
| Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #3648 Version 8.00.6246 |
|
| Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #3347 Version 10.0.14393 |
|
| Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #3346 Version 10.0.14393 |
|
| Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #3048 Version 10.0.10586 |
|
| Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #3047 Version 10.0.10586 |
|
| Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2886 Version 10.0.10240 |
|
| Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #2871 Version 10.0.10240 |
|
| Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2396 Version 6.3.9600 |
|
| Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373 Version 6.3.9600 |
|
Implementation does not support zero-length (null) messages. |
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1903 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1902 |
| Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1774 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1773 |
|
| Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1081 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #816 |
|
| Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #785 Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #784 |
|
| Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #783 | |
| Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #753 Windows Vista Symmetric Algorithm Implementation #618 |
|
| Windows Vista BitLocker Drive Encryption #737 Windows Vista Beta 2 BitLocker Drive Encryption #495 |
|
| Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #613 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #364 |
|
| Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #611 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #610 Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #385 Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #371 Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #181 Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #177 Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #176 |
|
| Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #589 Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #578 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #305 |
|
| Windows XP Microsoft Enhanced Cryptographic Provider #83 Crypto Driver for Windows 2000 (fips.sys) #35 Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #32 Windows 2000 RSAENH.DLL #24 Windows 2000 RSABASE.DLL #23 Windows NT 4 SP6 RSAENH.DLL #21 Windows NT 4 SP6 RSABASE.DLL #20 |
SP 800-132 Password-Based Key Derivation Function (PBKDF)
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
| PBKDF (vendor affirmed) | Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2937 (Software Version: 10.0.14393) Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936 (Software Version: 10.0.14393) Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2935 (Software Version: 10.0.14393) |
| PBKDF (vendor affirmed) | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 #2936 (Software Version: 10.0.14393) Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed |
Triple DES
| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
|---|---|
TDES-CBC: TDES-CFB64: TDES-CFB8: TDES-ECB: |
Microsoft Surface Hub SymCrypt Cryptographic Implementations #2558 Version 10.0.15063.674 |
TDES-CBC: TDES-CFB64: TDES-CFB8: TDES-ECB: |
Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations #2557 Version 10.0.15254 |
TDES-CBC: TDES-CFB64: TDES-CFB8: TDES-ECB: |
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556 Version 10.0.16299 |
| TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d) | Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459 Version 10.0.15063 |
| TECB(KO 1 e/d);TCBC(KO 1 e/d) | Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384 Version 8.00.6246 |
| TECB(KO 1 e/d);TCBC(KO 1 e/d) | Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383 Version 8.00.6246 |
| TECB(KO 1 e/d);TCBC(KO 1 e/d);CTR (int only) | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382 Version 7.00.2872 |
| TECB(KO 1 e/d);TCBC(KO 1 e/d) | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381 Version 8.00.6246 |
| TECB(KO 1 e/d);TCBC(KO 1 e/d);TCFB8(KO 1 e/d);TCFB64(KO 1 e/d) | Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227 Version 10.0.14393 |
| TECB(KO 1 e/d);TCBC(KO 1 e/d);TCFB8(KO 1 e/d);TCFB64(KO 1 e/d) | Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024 Version 10.0.10586 |
| TECB(KO 1 e/d);TCBC(KO 1 e/d);TCFB8(KO 1 e/d);TCFB64(KO 1 e/d) | Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969 Version 10.0.10240 |
| TECB(KO 1 e/d);TCBC(KO 1 e/d);TCFB8(KO 1 e/d);TCFB64(KO 1 e/d) | Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692 Version 6.3.9600 |
| TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2);TCFB64(e/d; KO 1, 2) | Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387 |
| TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2) | Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386 |
| TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2) | Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846 |
| TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2) | Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656 |
| TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2);TCFB8(e/d; KO 1, 2) | Windows Vista Symmetric Algorithm Implementation #549 |
| Triple DES MAC | Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 #1386, vendor-affirmedWindows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed |
| TECB(e/d; KO 1, 2);TCBC(e/d; KO 1, 2) | Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691 Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #677 Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #676 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #675 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #544 Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #543 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #542Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #526 Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #517 Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #381 Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) #370 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #365Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #315 Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) #201 Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #199 Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) #192Windows XP Microsoft Enhanced Cryptographic Provider #81 Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) #18Crypto Driver for Windows 2000 (fips.sys) #16 |
Contact
References
- FIPS 140-2, Security Requirements for Cryptographic Modules)
- Cryptographic Module Validation Program (CMVP) FAQ
- SP 800-57 - Recommendation for Key Management - Part 1: General (Revised)
- SP 800-131A - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
Frequently asked questions
How long does it take to certify a cryptographic module?
Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors.
When does Microsoft undertake a FIPS 140 validation?
The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server. As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules.
What is the difference between FIPS 140 validated and FIPS 140 compliant?
FIPS 140 validated means that the cryptographic module, or a product that embeds the module, has been validated ("certified") by the CMVP as meeting the FIPS 140-2 requirements. FIPS 140 compliant is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
How do I know if a Windows service or application is FIPS 140-2 validated?
The cryptographic modules used in Windows are validated through the CMVP. They aren't validated by individual services, applications, hardware peripherals, or other solutions. Any compliant solution must call a FIPS 140-2 validated cryptographic module in the underlying OS, and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module.
What does When operated in FIPS mode mean on a certificate?
This label means that certain configuration and security rules must be followed to use the cryptographic module in compliance with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module.
What is the relationship between FIPS 140-2 and Common Criteria?
FIPS 140-2 and Common Criteria are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules. Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
How does FIPS 140 relate to Suite B?
Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS approved cryptographic algorithms allowed by the FIPS 140-2 standard.
Is SMB3 (Server Message Block) FIPS 140 compliant in Windows?
SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server. In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations.