Introduction to CSP, and using CryptoAPI to enumerate CSPs and get their properties

Source: Internet
Author: User

CSP, full name "cryptographic service provider (cryptographic service Provider)", is a set of cryptographic service APIs defined by Microsoft. There are 3 sets of codes or standards commonly used: CSP,PKCS#11 and national secret standards. The first two are mainly for the RSA algorithm service, of course pkcs#11 The latest extension also began to support ECC algorithm. The National secret Code management standard, mainly provides SM2 (in fact, ECC) services, of course, the state secret standard also supports RSA, but in most cases RSA applications are implemented using CSP and pkcs#11.


One, CSP is a separate key service module

CSPs can be software, such as "Microsoft Base Cryptographic Provider v1.0" and "Microsoft Enhanced Cryptographic Provider v1.0", which comes with Windows.

CSP can also be a hardware device, usually usbkey, such as flying integrity and other manufacturers.


Second CSP corresponds to a key container

CSP does not have the concept of a device (key), which is not the same as the PKCS11 and the National secret Code. A CSP directly corresponds to a key container. The key module is positioned directly through the CSP name and container name, and if the container name is not specified, the default container is positioned (typically the first container). Therefore, for CSP, the best container name requires a unique, typically using a GUID as the container name.

If you have multiple devices in the same CSP, and if you need to determine which device to use (such as creating a new container), the CSP pops up a selection box and chooses which device to use based on the SN of the device.


The A City key container can contain a pair of signature keys, a pair of keys, a signing certificate, and an encryption certificate

Typically a CSP's key container contains only a pair of key pairs and corresponding certificates, but in theory you can put the signing key pair and the cryptographic key pair in the same container, and then find the key through At_signature and At_keyexchange.


Iv. enumerating CSPs in the system

the CSP in the system is in the registry: Hkey_local_machine\software\microsoft\cryptography\defaults\provider Directory, we can pass the Api:cryptenumproviders () To enumerate the desired CSPs, as shown in the following code:

void Ctestcspdlg::enumcsp () {DWORD dwindex = 0;dword dwtype = 0;dword Dwnamelen = 0; ccombobox* pcsplist = (ccombobox*) GetDlgItem (idc_combo_csplist);p csplist->resetcontent (); while ( Cryptenumproviders (dwindex, NULL, 0, &dwtype, NULL, &dwnamelen)) {DWORD Dwitem = 0; TCHAR * PName = new Tchar[dwnamelen + 1];if (Cryptenumproviders (dwindex++, NULL, 0, &dwtype, PName, &dwnamelen)) { Dwitem = pcsplist->addstring (pName);p csplist->setitemdata (Dwitem, dwtype);} delete []pname;} Pcsplist->setcursel (0); Oncbnselchangecombocsplist ();}

V. Get CSP Properties

After you get the CSP handle, you can get the properties of the CSP through Api:cryptgetprovparam (), such as the container name, implementation type, support algorithm, and so on, which the CSP has.

For example, the following code gets the container name used by the current CSP:

Gets the CSP container name Dwparamlen = 2048;memset (btparamdata, 0, 2048);p List->insertitem (dwindex, _t ("Pp_container"), 0); Plist->setitemtext (dwindex, 1, _t ("Key container name")); if (CryptGetProvParam (Hprov, Pp_container, Btparamdata, & Dwparamlen, 0)) {TCHAR *tcvalue = NULL, #ifdef unicodetcvalue = a2w ((char*) btparamdata); #elsetcValue = (char*) btparamdata ; #endifpList->setitemtext (Dwindex, 2, tcvalue);} Else{plist->setitemtext (Dwindex, 2, _t ("failed!"));

The following code enumerates all the container names for the CSP:

" /p>

Gets all the container names for the CSP Dwparamlen = 2048;memset (btparamdata, 0, 2048);p List->insertitem (dwindex, _t ("Pp_enumcontainers"), 0);p List->setitemtext (dwindex, 1, _t ("All Container Names")); if (CryptGetProvParam (Hprov, Pp_enumcontainers, Btparamdata, & Dwparamlen, Crypt_first)) {CString strcontianers; TCHAR *tcvalue = NULL, #ifdef unicodetcvalue = a2w ((char*) btparamdata); #elsetcValue = btparamdata; #endifstrContianers + = Tcvalue;dwparamlen = 2048;memset (btparamdata, 0, 2048); while (CryptGetProvParam (Hprov, Pp_enumcontainers, BtParamData , &dwparamlen, Crypt_next)) {#ifdef Unicodetcvalue = a2w ((char*) btparamdata); #elsetcValue = btparamdata;# Endifstrcontianers + = _t ("/"); Strcontianers + = Tcvalue;} Plist->setitemtext (Dwindex, 2, strcontianers);} Else{plist->setitemtext (Dwindex, 2, _t ("failed!"));


The following code gets the supported algorithms for the CSP:

Gets the algorithm information supported by the CSP Dwparamlen = 2048;memset (btparamdata, 0, 2048);p List->insertitem (dwindex, _t ("Pp_enumalgs"), 0); Plist->setitemtext (dwindex, 1, _t ("supported algorithmic Information")); if (CryptGetProvParam (Hprov, Pp_enumalgs, Btparamdata, & Dwparamlen, Crypt_first)) {CString Stralgs; prov_enumalgs* ALG = (prov_enumalgs*) btparamdata; TCHAR *tcvalue = NULL, #ifdef unicodetcvalue = a2w (alg->szname), #elsetcValue = alg->szname; #endifstrAlgs + = Tcvalue ;d Wparamlen = 2048;memset (btparamdata, 0, 2048); while (CryptGetProvParam, Hprov, Pp_enumalgs, & Dwparamlen, Crypt_next)) {ALG = (prov_enumalgs*) btparamdata; #ifdef unicodetcvalue = a2w (alg->szname); #elsetcValue = alg->szname; #endifstrAlgs + = _t ("/"); Stralgs + = Tcvalue;} Plist->setitemtext (Dwindex, 2, Stralgs);} Else{plist->setitemtext (Dwindex, 2, _t ("failed!"));

Wait a minute.


If you need detailed code, download the example that enumerates the CSP, download connection: Enumerate CSPs and Get properties

Introduction to CSP, and using CryptoAPI to enumerate CSPs and get their properties

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.