Microsoft CryptoAPI

The Cryptography API is implemented as an application-level system that Win32 applications may call for cryptographic services. The applications are thereby insulated from the business of providing their own algorithms for such things as encryption and hashing. Against that, the applications are limited to whatever cryptographic services happen to be available in the current configuration of the CryptoAPI system.

The CryptoAPI system is built in parts. An interface layer is exposed to the client applications. Underneath are drivers that do the actual work of providing the cryptographic services. Each such driver is called a Cryptographic Service Provider (CSP). Microsoft itself supplies some CSPs with the CryptoAPI system.

The first retail package to include the CryptoAPI seems to have been Windows 95 OEM Service Release 2 (OSR2), with NT 4.0 following soon after. The Crypto API has been a standard feature of both the Windows and NT packages ever since. (For an aside with arguably non-trivial implications, see The CryptoAPI and the Original Windows 95 Release.)

Technical Notes

Implementation details, some of which do not seem to be documented explicitly by Microsoft, may reasonably be matters for public interest, whether for increasing the CryptoAPI system’s perceived usability or for assessing the quality of a given CryptoAPI implementation.