Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AES Crypto Service Provider

257 views
Skip to first unread message

Michael Stangel

unread,
May 29, 2003, 2:17:24 PM5/29/03
to
Greetings,

I understand that the AES Cryptographic Service Provider
is available only for Windows XP and Windows Server 2003.
Is that correct? When I try to create a new keyset on an
XP system (using CryptAcquireContext) I'm getting an error
indicating that the CSP does not exist. How do I install
the AES CSP onto this Windows XP system?

Thanks,

Mike

Monica Ene-Pietrosanu[MSFT]

unread,
May 29, 2003, 4:35:51 PM5/29/03
to
It is correct, AES CSP shipped in-the-box for XP ans Server 2003. There is
no need to install it separatelly on XP, just make sure your
CryptAcquireContext call is correct (use pszProvider = MS_ENH_RSA_AES_PROV
and dwProvType = PROV_RSA_AES).

Regards,
Monica

--
Monica Ene-Pietrosanu
Windows Security,
Microsoft Corporation

--This posting is provided "AS IS" with no warranties, and confers no
rights--

"Michael Stangel" <msta...@AetherSystems.com> wrote in message
news:540601c3260e$8d737ea0$a601...@phx.gbl...

Michel Gallant (MVP)

unread,
May 29, 2003, 5:14:54 PM5/29/03
to
Note that .NET Framework (Win98+) ships with managed support for AES via:
System.Security.Cryptography.RijndaelManaged
- Mitch

"Monica Ene-Pietrosanu[MSFT]" <mon...@online.microsoft.com> wrote in message
news:eWR6mHiJ...@TK2MSFTNGP10.phx.gbl...

Michael Stangel

unread,
May 30, 2003, 9:59:14 AM5/30/03
to

> It is correct, AES CSP shipped in-the-box for XP ans
> Server 2003. There is no need to install it separatelly
> on XP, just make sure your CryptAcquireContext call is
> correct (use pszProvider = MS_ENH_RSA_AES_PROV
> and dwProvType = PROV_RSA_AES).

Thanks for your quick response. Unfortunately I'm using
these values and still I cannot create a key container. I
modified my program to log the OS version, the parameters
being passed to CryptAcquireContext and the return value:

GetVersionEx returned Version 5.1 build 2600 Platform 2
(Service Pack 1)

Calling CryptAcquireContext(0x12f764,
MyKeyContainer_MSAES, Microsoft Enhanced RSA and AES
Cryptographic Provider, 24, 0x8)

CryptAcquireContext returned 0 [GetLastError=0x80090019]

The error is NTE_KEYSET_NOT_DEF which is documented
as "The key container specified by pszContainer does not
exist or the requested provider does not exist." Since
flag 0x8 is CRYPT_NEWKEYSET, it seems that the error is
telling me that the AES provider does not exist.

What am I missing?

Pieter Philippaerts

unread,
May 30, 2003, 11:20:58 AM5/30/03
to
"Michael Stangel" <msta...@AetherSystems.com> wrote in message
> The error is NTE_KEYSET_NOT_DEF which is documented
> as "The key container specified by pszContainer does not
> exist or the requested provider does not exist." Since
> flag 0x8 is CRYPT_NEWKEYSET, it seems that the error is
> telling me that the AES provider does not exist.

I could be mistaken, but I believe the AES CSP only ships with Windows
Server 2003, not with Windows XP.

Regards,
Pieter Philippaerts
http://www.mentalis.org/


Michael Stangel

unread,
Jun 2, 2003, 1:20:52 PM6/2/03
to

>I could be mistaken, but I believe the AES CSP only
> ships with Windows Server 2003, not with Windows XP.

Could someone from Microsoft please either confirm or deny?

Thanks.

Michael Weksler

unread,
Jun 2, 2003, 3:34:38 PM6/2/03
to
The Microsoft CSP that supports AES that ships with XP is a prototype.
It's name string is not "Microsoft Enhanced RSA and AES Cryptographic
Provider", as the MS_ENH_RSA_AES_PROV states, but rather "Microsoft
Enhanced RSA and AES Cryptographic Provider (Prototype)".
If you want to go ahead and use it, you might need to either specify
the name directly (you can find it, as well as other providers
installed on your system, in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\),
or not specify a name at all (e.g. pass NULL to pszProvider and accept
the default AES provider the system chooses for you)

Another thing to worry about, is that Win2k doesn't seem to have even
the prototype provider XP has...

Michael Weksler

"Michael Stangel" <msta...@AetherSystems.com> wrote in message news:<09a101c326b3$a73c6360$a601...@phx.gbl>...

Michael Weksler

unread,
Jun 2, 2003, 3:36:31 PM6/2/03
to
Monica,

Is there a way to get an MS AES CSP on Win2k?

Michael Weksler

"Monica Ene-Pietrosanu[MSFT]" <mon...@online.microsoft.com> wrote in message news:<eWR6mHiJ...@TK2MSFTNGP10.phx.gbl>...

Pieter Philippaerts

unread,
Jun 2, 2003, 3:55:14 PM6/2/03
to
"Michael Stangel" <mi...@herpfreak.com> wrote in message

> >I could be mistaken, but I believe the AES CSP only
> > ships with Windows Server 2003, not with Windows XP.
>
> Could someone from Microsoft please either confirm or deny?

It seems that the Microsoft people contradict each other.

Monica Ene-Pietrosanu from Microsoft says that the AES CSP is available from
Windows XP and higher
http://groups.google.com/groups?q=PROV_RSA_AES+group:*&hl=en&lr=&ie=UTF-8&scoring=r&selm=eWR6mHiJDHA.2280%40TK2MSFTNGP10.phx.gbl&rnum=3

However David Cross, also from Microsoft, says that it is only available on
Windows 2003 Server
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&frame=right&th=46edfdc5f740f21&seekm=egXtceWWCHA.2496%40tkmsftngp09#link2

I think that the AES implementation on XP is simply not officially
supported.

Michael Stangel

unread,
Jun 3, 2003, 11:13:34 AM6/3/03
to
Thanks Michael, that's exactly what I needed. Turns out
there are different versions of wincrypt.h depending on
whether you're using the Platform SDK for XP or Win 2003
Server. They both point to the same underlying DLL, which
thankfully is NOT a prototype; it's a full-blown AES
implementation.

My understanding is that Microsoft has no intention of
supplying AES for Windows 2000 or any earlier platforms.
That severely limits the usefulness of the CSP right now,
so I hope they will change their minds.

Mike

>.
>

0 new messages