Microsoft KB Archive/290086

= INFO: Strong Encryption Components for Windows CE =

Article ID: 290086

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Windows CE 3.0 for the Handheld PC Professional Edition
 * Microsoft Windows CE 2.0 for the Handheld PC
 * Microsoft Windows CE 2.12 for the Handheld PC
 * Microsoft Windows CE 3.0 for the Handheld PC
 * Microsoft Windows CE Platform Builder 2.12
 * Microsoft Encarta Reference Suite 2001
 * Microsoft Windows CE Palm-size PC 2.01 software
 * Microsoft Pocket PC 2002 Software Standard Edition

-



This article was previously published under Q290086



SUMMARY
Encryption services on Windows CE are provided by the Cryptography API (CAPI). Additionally, you can establish an encrypted channel to a Web server by using the Secure Sockets Layer (SSL) functionality provided by Schannel.dll. In both cases, the encryption strength depends on the version of the components in use. This article describes the versions that are available.



MORE INFORMATION
CAPI on Windows CE provides a basic set of services for encryption, digital signatures, and data integrity. These services are implemented in two Cryptographic Service Providers (CSPs), as described in this table:


 * In practice you would only use 2,048-bit keys for RSA because the performance drops off substantially as the key size increases.


 * DES was not available in Rsabase.dll prior to Windows CE version 3.0

As the table illustrates, the two CSPs available from Microsoft for Windows CE differ in the encryption algorithms available and key strengths.

Encryption of network communications on Windows CE, using the standard SSL2 and SSL3 protocols, is enabled by Schannel.dll. In particular, this component is used by Microsoft Pocket Internet Explorer to connect to a secure Web site (a URL beginning with &quot;https:&quot;). There are two versions of Schannel.dll which differ only in the maximum strength of encryption supported: 40-bit or 128-bit. In Windows CE 3.0 and earlier versions, Schannel.dll does not rely on CAPI and is therefore independent of the CSPs present.

The key strength of the encryption in the Windows CE CAPI and Schannel were limited by U.S. government restrictions on export of encryption technology. With the easing of the restrictions in early 2000, the Rsaenh CSP and the stronger version of Schannel are now available, either in the product or by Web download, for use in virtually all countries.

A Windows CE 2.12 Platform can be upgraded to strong encryption through the installation of Rsaenh.dll and replacement of Schannel.dll with the strong-encryption version.

** The Pocket PC SDK CD-ROM includes the following file: Rsaenh.PPC2002ARM.cab

The High Encryption Pack for Pocket PC v1.0 (Pocket PC 2000) is available for download from the following Microsoft Web site:

Pocket PC. Downloads - SSL 128 http://www.microsoft.com/mobile/pocketpc/downloads/ssl128.asp

Important: This is for Pocket PC 2000 only. Microsoft does not recommend that you install this on Pocket PC 2002 devices because it uses an earlier version of the Schannel.dll file.

Keywords: kbinfo KB290086

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.