Integration via CSP/CNG
Microsoft CryptoAPI is a library of cryptographic functions available on Microsoft Windows platforms. This library does not implement the algorithms directly, leaving this task to components called Cryptographic Service Providers (CSPs), which are extensions (DLL) developed both by Microsoft itself and by third parties.
CryptoAPI is the recommended encryption library to be used in applications developed for the Windows platform. Applications such as MS Outlook and Exchange use this library.
HSM Dinamo, in addition to its native API, provides a CSP compatible with CryptoAPI so that existing solutions can be easily integrated with on-premise HSM or cloud services.
The CSP is built around the native Dinamo library and supports all the algorithms available in the HSM.
Session-Thread Affinity
HSM sessions have session-thread affinity. This means that the same session cannot be used by several threads at the same time.
CSP provider
Provider name: Dinamo HSM Cryptographic Provider
Provider type: 1 - PROV_RSA_FULL
MD5 (MD5)
dwDefaultLen=128 dwMinLen=128 dwMaxLen=128
CALG_MD5
Algorithm class: 0x8000(4) ALG_CLASS_HASH
Algorithm type: 0x0(0) ALG_TYPE_ANY
Algorithm sub-id: 0x3(3) ALG_SID_MD5
SHA-1 (SHA-1)
dwDefaultLen=160 dwMinLen=160 dwMaxLen=160
CALG_SHA1
Algorithm class: 0x8000(4) ALG_CLASS_HASH
Algorithm type: 0x0(0) ALG_TYPE_ANY
Algorithm sub-id: 0x4(4) ALG_SID_SHA1
SHA-256 (SHA-256)
dwDefaultLen=256 dwMinLen=256 dwMaxLen=256
CALG_SHA_256
Algorithm class: 0x8000(4) ALG_CLASS_HASH
Algorithm type: 0x0(0) ALG_TYPE_ANY
Algorithm sub-id: 0xc(12) ALG_SID_SHA_256
SHA-384 (SHA-384)
dwDefaultLen=384 dwMinLen=384 dwMaxLen=384
CALG_SHA_384
Algorithm class: 0x8000(4) ALG_CLASS_HASH
Algorithm type: 0x0(0) ALG_TYPE_ANY
Algorithm sub-id: 0xd(13) ALG_SID_SHA_384
SHA-512 (SHA-512)
dwDefaultLen=512 dwMinLen=512 dwMaxLen=512
CALG_SHA_512
Algorithm class: 0x8000(4) ALG_CLASS_HASH
Algorithm type: 0x0(0) ALG_TYPE_ANY
Algorithm sub-id: 0xe(14) ALG_SID_SHA_512
SSL3 SHAMD5 (SSL3 SHAMD5)
dwDefaultLen=288 dwMinLen=288 dwMaxLen=288
CALG_SSL3_SHAMD5
Algorithm class: 0x8000(4) ALG_CLASS_HASH
Algorithm type: 0x0(0) ALG_TYPE_ANY
Algorithm sub-id: 0x8(8) ALG_SID_SSL3SHAMD5
RSA SIGN (RSA SIGN)
dwDefaultLen=1024 dwMinLen=512 dwMaxLen=4096
CALG_RSA_SIGN
Algorithm class: 0x2000(1) ALG_CLASS_SIGNATURE
Algorithm type: 0x400(2) ALG_TYPE_RSA
Algorithm sub-id: 0x0(0) ALG_SID_RSA_ANY
RSA KEYX (RSA KEYX)
dwDefaultLen=1024 dwMinLen=512 dwMaxLen=4096
CALG_RSA_KEYX
Algorithm class: 0xa000(5) ALG_CLASS_KEY_EXCHANGE
Algorithm type: 0x400(2) ALG_TYPE_RSA
Algorithm sub-id: 0x0(0) ALG_SID_RSA_ANY
DES (DES)
dwDefaultLen=56 dwMinLen=56 dwMaxLen=56
CALG_DES
Algorithm class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm type: 0x600(3) ALG_TYPE_BLOCK
Algorithm sub-id: 0x1(1) ALG_SID_DES
3DES-EDE (3DES-EDE)
dwDefaultLen=112 dwMinLen=112 dwMaxLen=112
CALG_3DES_112
Algorithm class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm type: 0x600(3) ALG_TYPE_BLOCK
Algorithm sub-id: 0x9(9) ALG_SID_3DES_112
3DES-EDE (3DES-EDE)
dwDefaultLen=168 dwMinLen=168 dwMaxLen=168
CALG_3DES
Algorithm class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm type: 0x600(3) ALG_TYPE_BLOCK
Algorithm sub-id: 0x3(3) ALG_SID_3DES
CALG_RC4 (CALG_RC4)
dwDefaultLen=128 dwMinLen=128 dwMaxLen=128
CALG_RC4
Algorithm class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm type: 0x800(4) ALG_TYPE_STREAM
Algorithm sub-id: 0x1(1) ALG_SID_RC4
AES-128 (AES-128)
dwDefaultLen=128 dwMinLen=128 dwMaxLen=128
CALG_AES_128
Algorithm class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm type: 0x600(3) ALG_TYPE_BLOCK
Algorithm sub-id: 0xe(14) ALG_SID_AES_128
AES-192 (AES-192)
dwDefaultLen=192 dwMinLen=192 dwMaxLen=192
CALG_AES_192
Algorithm class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm type: 0x600(3) ALG_TYPE_BLOCK
Algorithm sub-id: 0xf(15) ALG_SID_AES_192
AES-256 (AES-256)
dwDefaultLen=256 dwMinLen=256 dwMaxLen=256
CALG_AES_256
Algorithm class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm type: 0x600(3) ALG_TYPE_BLOCK
Algorithm sub-id: 0x10(16) ALG_SID_AES_256
CALG_RC2 (CALG_RC2)
dwDefaultLen=112 dwMinLen=112 dwMaxLen=112
CALG_RC2
Algorithm class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm type: 0x600(3) ALG_TYPE_BLOCK
Algorithm sub-id: 0x2(2) ALG_SID_RC2
CNG provider
Provider name: Dinamo HSM Cryptographic Provider
Provider module:
ONE(1): tacndcsp.dll
0(1): 10001, 1
0: KEY_STORAGE
Asymmetric Encryption Algorithms:
RSA
NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION -- 4
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
Signature Algorithms:
RSA
NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION -- 4
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
Asymmetric Algorithms:
RSA
NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION -- 4
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
NCryptCreatePersistedKey(Dinamo HSM Cryptographic Provider, RSA)
Name:
Algorithm Group: RSA
Algorithm Name: RSA
Length: 2048 (0x800)
Lengths:
dwMinLength = 512 (0x200)
dwMaxLength = 8192 (0x2000)
dwIncrement = 64 (0x40)
dwDefaultLength = 2048 (0x800)
Export Policy: 0 (0x0)
(NCRYPT_ALLOW_EXPORT_FLAG -- 1)
(NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG -- 2)
(NCRYPT_ALLOW_ARCHIVING_FLAG -- 4)
(NCRYPT_ALLOW_PLAINTEXT_ARCHIVING_FLAG -- 8)
Impl Type: 9 (0x9)
NCRYPT_IMPL_HARDWARE_FLAG -- 1
(NCRYPT_IMPL_SOFTWARE_FLAG -- 2)
NCRYPT_IMPL_REMOVABLE_FLAG -- 8
(NCRYPT_IMPL_HARDWARE_RNG_FLAG -- 10 (16))
Key Usage: 16777215 (0xffffff)
NCRYPT_ALLOW_DECRYPT_FLAG -- 1
NCRYPT_ALLOW_SIGNING_FLAG -- 2
NCRYPT_ALLOW_KEY_AGREEMENT_FLAG -- 4
NCRYPT_ALLOW_KEY_IMPORT_FLAG -- 8
NCRYPT_ALLOW_ALL_USAGES -- ffffff (16777215)
Security Descr: D:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-414208720-3607778739-1988866334-1002)(A;ID;FA;;;S-1-5-21-414208720-3607778739-1988866334-1010)
APPROVED
All Algorithms:
RSA
NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION -- 4
NCRYPT_SIGNATURE_OPERATION -- 10 (16)