CNG and key length
- In reading Komar's PKI book and various other sources, it is my understanding the use of CNG may not be ideal due to not all PKI-enabled apps support it (yet). So, can CNG AND CAPI be installed to support both or is it a one or the other decision? Also, is this a per-CA decision (i.e. CNG on Root CA, CAPI on Issuing, etc.)?
Also, key length seems to be similiar. What is the ideal deployment of key lengths throughout the hierarchy? Same with per-CA decision (i.e. Root 4096, Issuing 2048, etc.).
And finally, any gurus have the best hash algorithm to use?
Our scenario will be an Enterprise-wide PKI solution for just about everything under the sun that can use PKI, will. So, a mix of maximum security with the most compatibility is what we need.
As always, thanks for any feedback. These forums are fanastic!!
Answers
- I included a table in my 2k8 book. The only change that I am aware of is that smart card logon can now use ECC certificates.
Adding to Jason's response, be very careful with the root CA. If you use a CNG certificate on the root, you basically exclude all applications and clients that do not support CNG from using your PKI. It is better to either:
1) Set up a separate CA hierarchy for CNG
2) Deploy using RSA with SHA1, but change to a SHA2 algorithm once all clients are compliant (support SHA2 signatures)
3) Only deploy separate issiuing CAs (or policy CA with separate issuing CAs) that deploy CNG
HTH,
Brian- Marked As Answer byJoson ZhouMSFT, ModeratorMonday, November 09, 2009 2:28 AM
- Proposed As Answer byOndrej SevecekMVPSunday, November 01, 2009 8:08 AM
Hi,
To use the new cryptographic algorithms, both your CA and your applications should support ECC (or any other new algorithm you implement under CNG). For more information, please refer to the following article:
Cryptography Next Generation
http://technet.microsoft.com/en-us/library/cc730763(WS.10).aspx
And yes, they are per-CA decision. You can specify different CSP and key length for different CA.
What hash algorithm to use depends on your environment. The Typical hash algorithms include MD5, SHA-1, and SHA-256.
Hope the information is helpful.
Joson Zhou
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer byJoson ZhouMSFT, ModeratorMonday, November 09, 2009 2:28 AM
- Proposed As Answer byVadims PodansMVPFriday, October 30, 2009 10:14 AM
- The issue with MDM and key size has nothing at all to do with the chain, but has to do with how you configure the certificate template and how the device generates the certificate request. The device will generate a request with a 1024K key specified, if you configure the template it is going to enroll against to require a minimum of a 2048K key, the CA will deny the request. The key length of the CAs in the chain here are irrelevant, it is the minimum required key length in the certificate template that is an issue with MDM.
Paul Adare CTO IdentIT Inc. ILM MVP- Marked As Answer byJoson ZhouMSFT, ModeratorMonday, November 09, 2009 2:28 AM
All Replies
Hi,
To use the new cryptographic algorithms, both your CA and your applications should support ECC (or any other new algorithm you implement under CNG). For more information, please refer to the following article:
Cryptography Next Generation
http://technet.microsoft.com/en-us/library/cc730763(WS.10).aspx
And yes, they are per-CA decision. You can specify different CSP and key length for different CA.
What hash algorithm to use depends on your environment. The Typical hash algorithms include MD5, SHA-1, and SHA-256.
Hope the information is helpful.
Joson Zhou
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tngfb@microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer byJoson ZhouMSFT, ModeratorMonday, November 09, 2009 2:28 AM
- Proposed As Answer byVadims PodansMVPFriday, October 30, 2009 10:14 AM
- this brings me to a repeated question of mine, may be the info was somehow added since the previous time: is there any documentation with a list of applications/services that support CNG algorhitms on Vista and Seven?
ondrej. - I included a table in my 2k8 book. The only change that I am aware of is that smart card logon can now use ECC certificates.
Adding to Jason's response, be very careful with the root CA. If you use a CNG certificate on the root, you basically exclude all applications and clients that do not support CNG from using your PKI. It is better to either:
1) Set up a separate CA hierarchy for CNG
2) Deploy using RSA with SHA1, but change to a SHA2 algorithm once all clients are compliant (support SHA2 signatures)
3) Only deploy separate issiuing CAs (or policy CA with separate issuing CAs) that deploy CNG
HTH,
Brian- Marked As Answer byJoson ZhouMSFT, ModeratorMonday, November 09, 2009 2:28 AM
- Proposed As Answer byOndrej SevecekMVPSunday, November 01, 2009 8:08 AM
- Thanks Jason, Brian.
Brian,
Can you elaborate more on option #2? Which exact CSP are you referring to?
So, if I understand correctly, CNG is out at the Root. I do have apps that won't support CNG (i.e MDM). For an Intermediate/Policy or Issuing I could implement CNG IF the apps using it were capable, correct? ex. Root=CAPI, Intermediate/Policy=CNG or CAPI, Issuing=CNG or CAPI.
I do have many Issuing CA's per usage type (users, computers, services, external, etc.)
Also, for key length, any advice? I'm concerned if I put to strong a key at the root, then apps that can't support it will make my decision a poor one. Using MDM as an example, I've been told it doesn't support anything greater than 1024. So, would my root all the way down have to be 1024 OR just the issuing CA for MDM?
For hash algortihms, I've read lots about which one is stronger, better, etc., but I'm again concerned about compatibility, along with security. So, I'm still not clear on the best one to use. Thoughts?
Thanks again for all the input! - What is MDM?
Brian - sorry...Microsoft Mobile Device Manager
- I would be really surprised if MDM would not support at least a 2K root certificate since I have used a 3-tier 2003 CA structure with both a 4k and a 2k length on the root CA with success for 802.1x authentication. But then again, I now use an iPhone because of my issues with Windows Mobile <G>
Brian - The issue with MDM and key size has nothing at all to do with the chain, but has to do with how you configure the certificate template and how the device generates the certificate request. The device will generate a request with a 1024K key specified, if you configure the template it is going to enroll against to require a minimum of a 2048K key, the CA will deny the request. The key length of the CAs in the chain here are irrelevant, it is the minimum required key length in the certificate template that is an issue with MDM.
Paul Adare CTO IdentIT Inc. ILM MVP- Marked As Answer byJoson ZhouMSFT, ModeratorMonday, November 09, 2009 2:28 AM
- Thanks Paul,
So, if I understand it, I could set the CA's to any key size and MDM doesn't really care as long as it meets the minimum specified in the templates, which my understanding is 1024. i.e. if the Issuing cert is 2048, the 1024 template will work, correct?
MDM comes with 3 templates. I don't see where it is defined for the key length?? - It never is. All Microsoft products (pretty much) have absolute ____ when it comes to defining what certificates they need (and other company's too)
They typically say... You need a certificate. QED (in brackets, you figure out what you need).
Brian
