The Cryptography tab is available for version 3 certificate templates. This tab replaces the cryptographic service provider (CSP) selection dialog box used to select CSPs for version 2 certificate templates. The Cryptography tab is used to configure the following properties:
- Algorithm name. Select an algorithm
that the issued certificate's key pair will support. The list
displays only algorithms that support the cryptographic operations
required for the certificate purpose that is selected on the
Request Handling tab. The following table describes the
relationship between the certificate purpose and the available
Signature and encryption
Signature and smart card logon
- Minimum key size. This option allows
you to specify a minimum required size for the keys used with the
chosen algorithm. By default, the minimum key length supported on
the computer for the chosen algorithm will be used.
- Providers. Version 2 templates offer a
list of CryptoAPI CSPs, while version 3 templates offer a
dynamically populated list of Cryptography Next Generation (CNG)
providers. This list is populated with all providers available on
the computer that meet the criteria specified by a combination of
the following configuration options: Algorithm name and
Minimum key size on the Cryptography tab, and
Purpose and Allow private key to be exported on the
Request Handling tab.
- Hash algorithm. This option allows you
to choose an advanced hash algorithm. By default, the following
algorithms are available: AES-GMAC, MD2, MD4, MD5, SHA1, SHA256,
SHA384, and SHA512.
- Use alternate signature format. When
the RSA algorithm is selected, this check box allows you to specify
that certificate requests created for this template include a
discrete signature in PKCS #1 V2.1 format.
This setting applies to the certificate request only, not the certificate that is issued by the CA from this template.