Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #1892

Details

Module Name
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft Windows Storage Server 2012 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
Standard
FIPS 140-2
Status
Historical
 Historical Reason
Moved to historical list in accordance with SP800-131A Revision 1 Transition (AES/TDES key wrapping)
Validation Dates
9/6/2013
1/9/2015
Overall Level
1
Caveat
When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-chip standalone
Description
The Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter.
Tested Configuration(s)
  • Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
  • Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
  • Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
  • Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
  • Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
  • Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
  • Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
  • Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
  • Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
  • Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
  • Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)
FIPS Algorithms
AES Certs. #2197 and #2216
DRBG Certs. #258 and #259
DSA Cert. #687
ECDSA Cert. #341
HMAC Cert. #1345
KAS Cert. #36
KBKDF Cert. #3
PBKDF vendor affirmed
RSA Certs. #1133 and #1134
SHS Cert. #1903
Triple-DES Cert. #1387
Other Algorithms
AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Software Versions
6.2.9200

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
FIPS@microsoft.com
Phone: 800-MICROSOFT

Lab

SAIC
NVLAP Code: 200427-0