Go to content

CNG characteristics

UNICODE support

By default, CNG uses key names to identify a key. This key name is a UNICODE string. Key names that are compatible with the HSM will be accessed in the HSM with the same key name. Keys that are not compatible will be used as follows.

  • The UNICODE key name will be transformed into an object name in the following format: CNG_<HEX(SHA256(UTF-8(key_name)))> limited to 32 characters. Ex. CNG_FFFFFFFFFFFFFFFFFFFFFFFFFF
  • The UNICODE key name in UTF-8 format will be stored in the object's metadata in the key HSM_OBJ_CNG_UTF8_ID.

Local Machine key support

The use of keys in local machineflag, such as using the NCRYPT_MACHINE_KEY_FLAGis supported as long as CNG is configured in the local machine account. See the specific topic Use with system accounts.