Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #1894

Details

Module Name
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft Windows Storage Server 2012 Enhanced Cryptographic Provider (RSAENH.DLL)
Standard
FIPS 140-2
Status
Historical
 Historical Reason
Moved to historical list due to dependency on certificate #1892
Validation Dates
8/27/2013
1/9/2015
Overall Level
1
Caveat
When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode.
Security Level Exceptions
  • Design Assurance: Level 2
Module Type
Software
Embodiment
Multi-chip standalone
Description
The Enhanced Cryptographic Provider (RSAENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter.
Tested Configuration(s)
  • [Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
  • Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
  • Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
  • Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
  • Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
  • Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
  • Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
  • Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
  • Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
  • Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
  • Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
  • Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)
FIPS Algorithms
AES Cert. #2196
HMAC Cert. #1346
RSA Cert. #1132
SHS Cert. #1902
Triple-DES Cert. #1386
Other Algorithms
AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Software Versions
6.2.9200

Vendor

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
FIPS@microsoft.com
Phone: 800-MICROSOFT

Lab

SAIC
NVLAP Code: 200427-0