INFO: Strong Encryption Components for Windows CE (290086)
The information in this article applies to:
- Microsoft Windows CE 3.0 Professional Edition for the Handheld PC
- Microsoft Windows CE 2.0 for the Handheld PC
- Microsoft Windows CE Operating System, Versions 2.12
- Microsoft Windows CE Operating System, Versions 3.0
- Microsoft Windows CE Platform Builder 2.12
- Microsoft Windows CE Platform Builder 3.0
- Microsoft Windows CE for the Pocket PC
- Microsoft Windows Powered Pocket PC 2002
This article was previously published under Q290086 SUMMARY Encryption services on Windows CE are provided by the
Cryptography API (CAPI). Additionally, you can establish an encrypted channel
to a Web server by using the Secure Sockets Layer (SSL) functionality provided
by Schannel.dll. In both cases, the encryption strength depends on the version
of the components in use. This article describes the versions that are
available. MORE INFORMATION CAPI on Windows CE provides a basic set of services for
encryption, digital signatures, and data integrity. These services are
implemented in two Cryptographic Service Providers (CSPs), as described in this
table: |
| RSA | 512-bit | 16,384-bit* | | RC2 | 40-bit | 128-bit | | RC4 | 40-bit | 128-bit | | DES** | 56-bit | 56-bit | | 3DES (2-key version) | Not
supported | 112-bit | | 3DES (3-key version) | Not
supported | 168-bit | | SHA-1 | 160-bit hash | 160-bit hash | | MD5 | 128-bit hash | 128-bit hash |
*In practice you would only use 2,048-bit keys for RSA
because the performance drops off substantially as the key size
increases. **DES was not available in Rsabase.dll prior to Windows CE
version 3.0 As the table illustrates, the two CSPs available from
Microsoft for Windows CE differ in the encryption algorithms available and key
strengths. Encryption of network communications on Windows CE, using
the standard SSL2 and SSL3 protocols, is enabled by Schannel.dll. In
particular, this component is used by Microsoft Pocket Internet Explorer to
connect to a secure Web site (a URL beginning with "https:"). There are two
versions of Schannel.dll which differ only in the maximum strength of
encryption supported: 40-bit or 128-bit. In Windows CE 3.0 and earlier
versions, Schannel.dll does not rely on CAPI and is therefore independent of
the CSPs present. The key strength of the encryption in the Windows
CE CAPI and Schannel were limited by U.S. government restrictions on export of
encryption technology. With the easing of the restrictions in early 2000, the
Rsaenh CSP and the stronger version of Schannel are now available, either in
the product or by Web download, for use in virtually all countries. A
Windows CE 2.12 Platform can be upgraded to strong encryption through the
installation of Rsaenh.dll and replacement of Schannel.dll with the
strong-encryption version. |
| Rsabase | included | included | included | included | | | | | | Rsaenh | Web | included | Web | SDK** | | Schannel(40
bit) | included | N/A | included | included | | Schannel (128
bit) | Web | included | Web | included |
** The Pocket PC SDK CD-ROM includes the following file: Rsaenh.PPC2002ARM.cab
The High Encryption Pack for Pocket PC v1.0 (Pocket PC 2000) is available for download from the following Microsoft Web site: Important: This is for Pocket PC 2000 only. Microsoft does not recommend that you install this on Pocket PC 2002 devices because it uses an earlier version of the Schannel.dll file.
| Modification Type: | Minor | Last Reviewed: | 8/18/2005 |
|---|
| Keywords: | kbinfo KB290086 |
|---|
|