Cryptography
Applies To: Windows Server 2008
A new Cryptography tab is available for version 3 certificate templates in Windows ServerĀ® 2008. This tab replaces and extends the cryptographic service provider (CSP) selection dialog box accessible by clicking the CSPs button on the Request Handling tab of a version 2 certificate template. The Cryptography tab contains the following options:
Algorithm name. This option allows you to select an advanced algorithm for encryption, signing, or both (depending on the template's purpose). By default, the following algorithms are available: DSA, ECDH_P256, ECDH_P384, ECDH_P521, ECDSA_P256, ECDSA_P384, ECDSA_P521, and RSA. Only the algorithms that are available for a specific certificate template purpose will be listed.
Minimum key size. This option allows you to specify a minimum required size for the keys used with the chosen algorithm. By default, the minimum key length supported on the computer for the chosen algorithm will be used.
Providers. Version 2 templates offered a list of CryptoAPI CSPs, while version 3 templates offer a dynamically populated list of Cryptography Next Generation (CNG) providers. This list is populated with all providers available on the computer that meet the criteria specified by a combination of the following configuration options: Algorithm name and Minimum key size on the Cryptography tab, and Purpose and Allow private key to be exported on the Request Handling tab.
Hash algorithm. This option allows you to choose an advanced hash algorithm. By default, the following algorithms are available: AES-GMAC, MD2, MD4, MD5, SHA1, SHA256, SHA384, and SHA512.
Use alternate signature format. When the RSA algorithm is selected, this check box allows you to specify that certificate requests created for this template include a discrete signature in PKCS #1 V2.1 format.
Note
This setting applies to the certificate request only, not the certificate that is issued by the CA from this template.