'Re: IIS and CryptoAPI'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: IIS and CryptoAPI
From:       John Banes <jbanes () MICROSOFT ! COM>
Date:       1999-01-26 1:44:22
[Download RAW message or body]


IIS2, IIS3, and IIS4 do not use CryptoAPI to store their private keys, nor
do they use CryptoAPI for encryption.

IIS5 is a different story. It will use CryptoAPI for both private key
management and encryption. Because of the complex SSL key derivation scheme,
we found it necessary to define some new CSP types: PROV_RSA_SCHANNEL and
PROV_DH_SCHANNEL. The former is used to support the RSA SSL cipher suites,
the latter for the DH/DSS SSL cipher suites.

If you were to write your own PROV_RSA_SCHANNEL CSP, and used it when
enrolling for an IIS5 certificate, then this CSP would automatically be used
for all IIS SSL crypto operations. I'm not sure whether IIS5 will support
the PROV_DH_SCHANNEL CSP type.

John Banes
Windows NT Security (schannel)


-----Original Message-----
From: Noriko Nishida [mailto:norikon@JP.IBM.COM]
Sent: Monday, January 25, 1999 5:01 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: IIS and CryptoAPI


Hello.
I have questions about the relationship about IIS, CryptoAPI and CSP.
I have found in this ML and some mails described IIS does not use CryptoAPI
for storing private keys and SSL connection
Is this true for all versions of IIS ?  How about IIS 5.0 coming with
Windows 2000 ?
IIS uses schannel.dll for SSL connection.  Does schannel.dll use CryptoAPI
or directly use CSP ?

If I creates my own CSP whihc type is PROV_RSA_FULL, will IIS use new CSP
for data encryption/decryption ?
How about CSP that type is  PROV_RSA_SCHANNEL ?

Thanks in advance for your cooperations.
Noriko

----------------------------------------------------------------
Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

----------------------------------------------------------------
Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic