Module Name
Microsoft Windows Server 2008 Cryptographic Primitives Library (bcrypt.dll)
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode
Embodiment
Multi-chip standalone
Description
BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista.
The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography.
Tested Configuration(s)
- Microsoft Windows Server 2008 (IA64 version) (single-user mode)
- Microsoft Windows Server 2008 (x64 version)
- Microsoft Windows Server 2008 (x86 Version)
Approved Algorithms
AES |
Certs. #739 and #757 |
DSA |
Cert. #284 |
ECDSA |
Cert. #83 |
HMAC |
Cert. #413 |
RNG |
Cert. #435 and SP800-90, vendor affirmed |
RSA |
Certs. #353 and #358 |
SHS |
Cert. #753 |
Triple-DES |
Cert. #656 |
Other Algorithms
AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)
Software Versions
6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872