Windows public Key Infrastructure (PKI) enhancements

Source: Internet
Author: User
Tags file system key new features version

Windows has been providing robust, platform-wide support for public Key Infrastructure (PKI) since Windows 2000. This version contains the first native certification authority feature, introduces autoenrollment, and provides support for smart card authentication. In Windows XP and Windows Server 2003, these features have been extended to provide more flexible enrollment options through version 2 certificate templates, and to support autoenrollment of user certificates. In Windows vista® and Windows server®2008 (formerly code-named "Longhorn"), the Windows®pki platform took a step forward, supporting advanced algorithms, real-time validity checks, and better manageability. This column discusses the new PKI features in Windows Vista and Windows Server 2008, and how organizations can leverage these capabilities to reduce costs and increase security.

The PKI in Windows Vista and Windows Server 2008 has been improved around four key core areas: encryption, registration, manageability, and revocation. In addition to these specific enhancements, the Windows PKI platform also benefits from other operating system improvements, such as role managers, which make it easier to create and deploy new certification authorities (CAS). In addition, many other parts of Windows can take advantage of improvements in the PKI platform, such as support for using smart cards to store Encrypting File System (EFS) keys in Windows Vista.

Encryption

The improvement of cryptographic service core is embodied in two aspects. First, by introducing next-generation cryptography (CNG), Windows now provides an pluggable, protocol-agnostic encryption feature that makes it easier to programmatically develop and access independent algorithms. Second, CNG also adds support for the Suite B algorithm, which was introduced in 2005 by National Security Agency (NSA).

CNG is a new core encryption interface for Microsoft and is a recommended API for future windows-based and encryption-enabled applications. CNG provides a number of features that target developers, including more convenient algorithm discovery and substitution, replaceable random number generators, and a kernel-mode cryptographic API. With these new features, CNG is also fully backward compatible with the set of algorithms provided in processor CryptoAPI 1.0. Currently, CNG is receiving the assessment required through the Federal Information Processing Standard (FIPS) 140-2 Level 2 certification and the common guidelines for the selected platform.



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.