Microsoft CAPI CSP

The following provider types are supported:

  • PROV_RSA_FULL (nShield Enhanced Cryptographic Provider)

  • PROV_RSA_AES (nShield Enhanced RSA and AES Cryptographic Provider)

  • PROV_RSA_SCHANNEL (nShield Enhanced SChannel Cryptographic Provider)

  • PROV_DSS (nShield DSS Signature Cryptographic Provider)

  • PROV_DSS_DH (nShield Enhanced DSS and Diffie-Hellman Cryptographic Provider)

  • PROV_DH_SCHANNEL (nShield Enhanced DSS and Diffie-Hellman SChannel Cryptographic Provider)

We also provide a modulo exponentiation offload DLL that enables the Microsoft CSP to take advantage of the computational power of an nShield module without added security benefits. This is useful for interoperation with applications that do not allow the user to choose the CSP.

Unlike the Microsoft CSPs, the nShield CSPs do not support the exporting of private keys.

You should not need to make any adjustments to your code in order to use the nShield CSPs. However, the nShield module is an asynchronous device capable of performing several operations at once. To achieve maximum performance from the module, structure your application in a multithreaded manner so that it can make several simultaneous requests to the CSP.

The following diagram illustrates how the Microsoft CryptoAPI interface works with the nShield APIs.

cryptoapi csp