CNG Architecture Overview

CNG handles cryptographic primitives and key storage through separate APIs. In both cases a Windows application contacts a router, which forwards the cryptographic operation to the provider that is configured to handle the request. For an illustration of communication between the architecture layers for cryptographic primitives, see the following diagram.

cryptoapi cng

For an illustration of communication between the architecture layers for cryptographic key storage, see the following diagram.

cryptoapi keys