Cryptographic Service Providers

The Microsoft design in the Crypto API makes use of Cryptographic Service Providers (CSPs). Your application talks to the Crypto API. The Crypto API in turn filters your calls, and passes the requests to a CSP. You application never directly calls the CSP. You pass in a handle to refer to objects in the CSP. The CSP does all the work and retains public and private keys in memory. These keys are stored in containers. The CSPs are implemented as Windows DLLs.

There are a number of different CSPs which are provided by Microsoft. The simplest one is the Microsoft Base CSP. It comes with the distribution of the Crypto API. It is a general purpose CSP. It supports digital signatures and data encryption. It uses an RSA public key algorithm.

Microsoft also has an Enhanced CSP. It supports everything in the Base CSP. In addition, it uses longer keys. It provides more options for encryption algorithms. For example, you can choose Triple DES encryption.

You can write a CSP yourself. It is a normal Windows DLL. It must expose the cryptoSPI entry points. For those functions you do not wish to implement, expose the function, but just return E_NOTIMPL. Microsoft recommends that you put all of the code for your CSP in a single DLL. The install of your CSP must register itself with Windows using the registry. Your CSP must be signed every time it is built. It also has to be signed by Microsoft.