This page was not yet optimized for use on mobile
devices.
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016, Azure Host OS (version 1.65)
Certificate #2936
Webpage information
Security policy
Symmetric Algorithms
AES, AES-128, AES-192, AES-256, AES-, RC2, RC4, DES, Triple-DES, HMAC, CMACAsymmetric Algorithms
ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA1, SHA-256, SHA-384, SHA-512, SHA-2, SHA2, MD4, MD5, PBKDF, PBKDF2Schemes
Key AgreementProtocols
SSL, TLS, IKEv1, IKEv2, IPsecRandomness
PRNG, DRBGElliptic Curves
P-256, P-384, P-521, Curve25519Block cipher modes
ECB, CBC, CTR, GCM, CCM, XTSVendor
Qualcomm, Microsoft, Microsoft CorporationSecurity level
Level 1Standards
FIPS 140-2, FIPS PUB 140-2, FIPS 180-4, FIPS 198-1, FIPS 197, FIPS 186-4, FIPS 140, NIST SP 800-132, NIST SP 800-38F, SP 800-38B, SP 800-38C, SP 800-38D, SP 800-38E, SP 800-56A, SP 800-56B, SP 800-90A, SP 800-108, SP 800-132, SP 800-38F, SP 800-135, SP 800-131A, NIST SP 800-131A, PKCS#1, RFC 2898File metadata
| Title | Microsoft Word - Azure CNG SPD.docx |
|---|---|
| Author | huntzh |
| Creation date | D:20220221162758-05'00' |
| Modification date | D:20220221162758-05'00' |
| Pages | 50 |
| Producer | Microsoft: Print To PDF |
References
Outgoing- 2932 - historical - BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016, Azure Host OS (version 1.65)
- 2933 - historical - BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
- 3501 - historical - BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
- 3502 - historical - BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
- 2937 - historical - Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016, Azure Host OS (version 1.65)
- 3981 - historical - Entrust Authority™ Security Kernel
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 2936,
"dgst": "a93706e865c271f4",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC#C2046",
"RSA#2834",
"Triple-DES#C2046",
"Triple-DES#2675",
"RSA#2192",
"CVL#887",
"AES#5295",
"DSA#1371",
"SHS#4250",
"RSA#2195",
"DSA#C2046",
"CVL#1763",
"CVL#C2046",
"KAS#171",
"KTS#4062",
"RSA#C2046",
"DRBG#2036",
"DRBG#1217",
"HMAC#2651",
"RSA#2193",
"HMAC#3497",
"AES#C2046",
"KBKDF#185",
"ECDSA#C2046",
"KAS#C2046",
"SHS#C2046",
"KTS#C2061",
"KTS#5298",
"RSA#2833",
"CVL#886",
"ECDSA#911",
"AES#4064",
"CVL#C2061",
"KAS#92",
"RSA#2847",
"SHS#3347",
"ECDSA#1384",
"KBKDF#101",
"DRBG#C2046",
"KBKDF#C2061",
"CVL#1762",
"DSA#1098",
"Triple-DES#2227"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"1.65"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"3981",
"2937"
]
},
"directly_referencing": {
"_type": "Set",
"elements": [
"3502",
"2932",
"2933",
"3501"
]
},
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"3566",
"3171",
"3981",
"2937"
]
},
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2931",
"3502",
"2932",
"2933",
"3501",
"3487"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"3501",
"3502",
"2933",
"2932"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"3981",
"2937"
]
},
"directly_referencing": {
"_type": "Set",
"elements": [
"3502",
"2932",
"2933",
"3501"
]
},
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"3566",
"3171",
"3981",
"2937"
]
},
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2931",
"3502",
"2932",
"2933",
"3501",
"3487"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"3501",
"3502",
"2933",
"2932"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 17
},
"ECDSA": {
"ECDSA": 16
}
},
"FF": {
"DH": {
"DH": 15,
"Diffie-Hellman": 12
},
"DSA": {
"DSA": 5
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 8
},
"CCM": {
"CCM": 5
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 7
},
"GCM": {
"GCM": 4
},
"XTS": {
"XTS": 2
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKEv1": 5,
"IKEv2": 3
},
"IPsec": {
"IPsec": 1
},
"TLS": {
"SSL": {
"SSL": 4
},
"TLS": {
"TLS": 2
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 5
}
},
"device_model": {},
"ecc_curve": {
"Curve": {
"Curve25519": 1
},
"NIST": {
"P-256": 12,
"P-384": 10,
"P-521": 12
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"# 1098": 1,
"# 2193": 1,
"# 2932": 2,
"# 2933": 1,
"# 911": 1,
"#101": 1,
"#1217": 1,
"#1371": 1,
"#1384": 1,
"#171": 2,
"#1762": 1,
"#1763": 1,
"#185": 1,
"#2036": 1,
"#2192": 1,
"#2193": 2,
"#2195": 1,
"#2227": 1,
"#2651": 1,
"#2675": 1,
"#2833": 2,
"#2834": 1,
"#2847": 1,
"#2932": 1,
"#2933": 1,
"#3347": 3,
"#3497": 1,
"#3501": 2,
"#3502": 2,
"#4062": 1,
"#4064": 5,
"#4250": 2,
"#5295": 5,
"#5298": 1,
"#886": 1,
"#887": 1,
"#92": 2
}
},
"fips_certlike": {
"Certlike": {
"AES CBC 128 and 256": 2,
"AES-128": 12,
"AES-192": 7,
"AES-256": 14,
"AES-CTR 11": 1,
"HMAC-SHA1": 4,
"HMAC-SHA256": 2,
"HMAC-SHA384": 2,
"HMAC-SHA512": 2,
"PKCS#1": 1,
"RSA PKCS#1": 1,
"RSASSA-PKCS1-v1_5": 1,
"SHA- 256": 1,
"SHA- 384": 1,
"SHA-1": 18,
"SHA-13": 1,
"SHA-17": 1,
"SHA-2": 2,
"SHA-256": 14,
"SHA-384": 10,
"SHA-512": 12,
"SHA1": 3,
"SHA2": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"MD": {
"MD4": {
"MD4": 2
},
"MD5": {
"MD5": 2
}
},
"PBKDF": {
"PBKDF": 7,
"PBKDF2": 4
},
"SHA": {
"SHA1": {
"SHA-1": 18,
"SHA1": 3
},
"SHA2": {
"SHA-2": 2,
"SHA-256": 14,
"SHA-384": 10,
"SHA-512": 12,
"SHA2": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 31,
"PRNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140": 2,
"FIPS 140-2": 14,
"FIPS 180-4": 4,
"FIPS 186-4": 7,
"FIPS 197": 3,
"FIPS 198-1": 1,
"FIPS PUB 140-2": 1
},
"NIST": {
"NIST SP 800-131A": 2,
"NIST SP 800-132": 3,
"NIST SP 800-38F": 3,
"SP 800-108": 4,
"SP 800-131A": 2,
"SP 800-132": 6,
"SP 800-135": 3,
"SP 800-38B": 1,
"SP 800-38C": 1,
"SP 800-38D": 1,
"SP 800-38E": 3,
"SP 800-38F": 2,
"SP 800-56A": 7,
"SP 800-56B": 2,
"SP 800-90A": 8
},
"PKCS": {
"PKCS#1": 1
},
"RFC": {
"RFC 2898": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 25,
"AES-": 1,
"AES-128": 12,
"AES-192": 7,
"AES-256": 14
},
"RC": {
"RC2": 6,
"RC4": 6
}
},
"DES": {
"3DES": {
"Triple-DES": 12
},
"DES": {
"DES": 8
}
},
"constructions": {
"MAC": {
"CMAC": 7,
"HMAC": 23
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Microsoft": {
"Microsoft": 78,
"Microsoft Corporation": 3
},
"Qualcomm": {
"Qualcomm": 1
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "huntzh",
"/CreationDate": "D:20220221162758-05\u002700\u0027",
"/ModDate": "D:20220221162758-05\u002700\u0027",
"/Producer": "Microsoft: Print To PDF",
"/Title": "Microsoft Word - Azure CNG SPD.docx",
"pdf_file_size_bytes": 1831597,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 50
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "1f8914c4825a16dd63b9537d6bfb7ad787669353d8c673f8390f49bd49d65de2",
"policy_txt_hash": "14627dd8f9cc9cac4665a759ad62f5ee77f47fd9d7ce862613bd0bb2ac622e29"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2932 or #3502 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2933 or #3501 operating in FIPS mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPS140ConsolidatedCertJan2017.pdf",
"date_sunset": null,
"description": "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical Security: N/A",
"Design Assurance: Level 2"
],
"fw_versions": null,
"historical_reason": "Moved to historical list due to dependency on certificate #2932",
"hw_versions": null,
"level": 1,
"mentioned_certs": {
"2932": 1,
"2933": 1,
"3501": 1,
"3502": 1
},
"module_name": "Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016, Azure Host OS (version 1.65)",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": "10.0.14393, 10.0.14393.1770 and Azure Host OS version 1.65",
"tested_conf": [
"Azure Host OS (x64) running on a Dell PowerEdge R840 Server with an Intel Xeon Platinum 8260 with PAA",
"Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA",
"Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA",
"Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA",
"Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA",
"Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA",
"Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA",
"Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA",
"Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA",
"Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA",
"Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA",
"Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA",
"Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA",
"Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950",
"Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA",
"Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA",
"Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA",
"Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA",
"Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA",
"Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA",
"Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA",
"Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA",
"Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2017-01-26",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2019-08-07",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Update"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2022-09-01",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Update"
}
],
"vendor": "Microsoft Corporation",
"vendor_url": "http://www.microsoft.com"
}
}