BCrypt EVP algorithms

The loadable library engine-bcrypt.dll is the component that plugs in a range of algorithms provided by the CNG’s Cryptographic Primitives. This happens by means of a set of different opaque method types as exposed by the OpenSSL EVP (envelope) interface.

Section FIPS 140 compliance contains some information about FIPS compliance of the algorithm implementations used.

This table enumerates the different algorithms supported through the EVP engine, with links to the sections that provide more details. Any test code snippets in those sections are taken from source files in the gtest-engine-bcrypt project:

Supported algorithms

Algorithm

Remarks

Symmetric ciphers (CIPHER)

AES-GCM with 128, 192 or 256 bits key

Diffie-Hellman shared secret (DH)

512 bits ≤ key size ≤ 4096 bits

Digital Signature Algorithm (DSA)

Not yet implemented

Elliptic Curve cryptography (ECC)

ECDH and ECDSA with P-256, P-384 and P-521

Message digests (MD)

SHA-1, SHA-256, SHA-384 and SHA-512

Customized HMAC key (PKEY)

HMAC with SHA

Random Number Generation (RAND)

Default CNG random number provider

RSA operations (RSA)

512 bits ≤ key size ≤ 16384 bits