Skip to content

CNG characteristics

UNICODE support

By default, CNG uses key names to identify a key. This key name is a UNICODE string. Key names that are compatible with the HSM will be accessed in the HSM with the same key name. Keys that are not compatible will be used as follows.

  • The UNICODE key name will be transformed into an object name in the following format:

    CNG_<HEX(SHA256(UTF-8(key_name)))> limitado à 32 caracteres.

    Example: CNG_FFFFFFFFFFFFFFFFFFFFFFFFFF

  • The UNICODE key name in UTF-8 format will be stored in the object's metadata in the HSM_OBJ_CNG_UTF8_ID key.

Keys in Local Machine

The use of local machine keys, for example using the NCRYPT_MACHINE_KEY_FLAG flag, is supported as long as the CNG is configured in the local machine account. See the specific topic Use with system accounts.