Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How "strong" are CryptoAPI RSA keypairs

0 views
Skip to first unread message

Michel Gallant

unread,
Aug 22, 2003, 5:51:35 PM8/22/03
to
RSA keypairs can be generated via CryptoAPI with keylengths
from 384 to 16,384 bits, with 1024 and 2048 being the most
common commercial keysizes, depending on what CSP
is available. RSA keygeneration is exposed in CryptoAPI via
CryptGenKey() and other wrapper utilities like makecert.exe etc...

Is there any published information on how Microsoft CryptoAPI
implements the RSA keypair generation procedure internally (i.e.
how entropy is used in the generation process) ?

- Michel Gallant
MVP Security


Kelvin Yiu [MSFT]

unread,
Aug 22, 2003, 8:24:46 PM8/22/03
to
All MS crypto service modules shipped since Windows 98 are FIPS 140-1
certified. See
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/issues/FIPSEval.asp
for details.

Specific information about how entropy is used can be found on the NIST web
site (http://csrc.nist.gov/cryptval/140-1/140sp/140sp240.pdf)

Kelvin Yiu [MSFT]


"Michel Gallant" <neu...@istar.ca> wrote in message
news:uM3tUePa...@TK2MSFTNGP12.phx.gbl...

Michel Gallant

unread,
Aug 23, 2003, 10:04:15 AM8/23/03
to
Thanks. There are quite a few sub-links there. In this document:
http://csrc.nist.gov/publications/fips/fips140-1/fips1401.htm

"11. FIPS Approved Security Methods. Cryptographic modules that
comply with this standard shall employ cryptographic algorithms,
cryptographic key generation algorithms and key distribution
techniques, and authentication techniques that have been FIPS
approved for protecting Federal Government unclassified .."

I am interested in the specifics of the "key generation algorithms",
specifically how the 2 RSA primes are derived in CryptoAPI implementation.
Is that level of detail available? (still searching for it).

Thanks,
- Mitch


"Kelvin Yiu [MSFT]" <kel...@online.microsoft.com> wrote in message
news:upDO3zQa...@TK2MSFTNGP12.phx.gbl...

Michel Gallant

unread,
Aug 23, 2003, 10:14:26 AM8/23/03
to
Also, with regard to asymmetric key generation requirements,
FIPS PUB 140-2 states in Annex D: "Approved Key Establishment Techniquies"

Asymmetric Key
There are no FIPS approved asymmetric key establishment techniques
at this time. .... commercially available methods may be used"

More specifics on CryptoAPI RSA key generation procedure?

Thanks,
- Mitch

"Kelvin Yiu [MSFT]" <kel...@online.microsoft.com> wrote in message
news:upDO3zQa...@TK2MSFTNGP12.phx.gbl...

Kelvin Yiu [MSFT]

unread,
Aug 26, 2003, 8:48:47 PM8/26/03
to
Sorry, we don't have public documentation on how we generate RSA key pairs,
only how we generate random numbers.

Kelvin Yiu [MSFT]

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Michel Gallant" <neu...@istar.ca> wrote in message

news:u0m509Xa...@TK2MSFTNGP12.phx.gbl...

0 new messages