Module Name
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2601 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2602 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2701 or #3451 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise validated to FIPS 140-2 under Cert. #2702 or #3464 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #3427 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #3426 operating in FIPS mode
Security Level Exceptions
- Physical Security: N/A
- Design Assurance: Level 2
Embodiment
Multi-Chip Stand Alone
Description
Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).
Tested Configuration(s)
- Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][3][4]
- Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][3][4]
- Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][3][4]
- Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][3][4]
- Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][3][4]
- Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [3][4]
- Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][3][4]
- Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][3][4]
- Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [3][4]
- Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][3][4]
- Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][3][4]
- Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1][2]
- Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
- Windows 10 Enterprise LTSB (x64) running on a Microsoft Surface 3 with PAA [2]
- Windows 10 Enterprise LTSB (x64) running on a Microsoft Surface Pro 2 with PAA [2]
- Windows 10 Enterprise LTSB (x64) running on a Microsoft Surface Pro 3 with PAA [2]
- Windows 10 Enterprise LTSB (x64) running on a Microsoft Surface Pro with PAA [2] (single-user mode)
- Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron 660s without PAA [1][2]
- Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [3][4]
- Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [3][4]
- Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [3][4]
- Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [3][4]
- Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][3][4]
- Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [3][4]
- Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][3][4]
- Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][3][4]
- Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [3][4]
- Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][3][4]
- Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][3][4]
Approved Algorithms
AES |
Certs. #3497, #3629, #5287 and #5291 |
CVL |
Certs. #576, #663, #1755 and #1758 |
DRBG |
Certs. #868, #955, #2033 and #2035 |
DSA |
Certs. #983, #1024, #1369 and #1370 |
ECDSA |
Certs. #706, #760, #1381 and #1383 |
HMAC |
Certs. #2233, #2381, #3494 and #3496 |
KAS |
Certs. #64, #72, #169 and #170 |
KBKDF |
Certs. #66, #72, #183 and #184 |
KTS |
AES Certs. #3507, #3653, #5290 and #5294; key establishment methodology provides between 128 and 256 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Certs. #1783, #1784, #1798, #1802, #1871, #1887, #1888, #1889, #2821, #2825, #2827, #2828, #2829, #2830, #2831 and #2835 |
SHS |
Certs. #2871, #2886, #3047, #3048, #4240, #4246, #4248 and #4249 |
Triple-DES |
Certs. #1969, #2024, #2672 and #2674 |
Other Algorithms
HMAC-MD5; MD5; NDRNG
Software Versions
10.0.10240 [1], 10.0.10240.17643 [2], 10.0.10586 [3], 10.0.10586.1176 [4]