SEC230 - Windows Cryptography Next Generation (CNG) for Developers
This seminar covers the “next-generation” cryptography (CNG) support in Windows Vista through Windows 8 and Windows Server 2012.
Application programmers; security personnel; management responsible for security policy and implementation
Windows Vista and later versions provide a new set of cryptographic services and APIs referred to as "Cryptography Next Generation," or "CNG." The CNG APIs are far easier to use and to extend than previous Windows cryptography APIs. CNG furthermore provides several important new features, such as secure key storage, support for third-party key storage providers, and kernel mode accessibility.
This seminar presents the design, implementation, and APIs of the “Cryptography Next Generation” implementation in Windows Vista and later versions, with emphasis on how to use these facilities in application programs. The legacy cryptographic services present in these and past versions of Windows will also be discussed, as well as some other Windows Vista security technologies such as BitLocker.
This seminar will provide to application developers and designers all the information required to successfully configure, use, and extend the CNG interfaces. The seminar will also be of use to those responsible for creating and maintaining the security policy for an organization or for application design. Cryptographic concepts and decision points will be introduced and discussed.
If kernel-mode CNG providers are to be covered in labs, then familiarity with Windows' general kernel mode driver interfaces (NTDDK/WDM) is also required.
|Operating systems supported:||Windows 2000 through Windows 10/Windows Server 2012 R2|
|Durations and formats:||
3 or 4 days with labs
2 days lecture only
The lab version of this seminar includes a series of programming exercises that illustrate and amplify the principles presented in the “Using CNG” section. Attendees for this version will spend at least half of the seminar time modifying, coding, and debugging programs that use examples of various CNG algorithm classes, as well as older services such as DPAPI. Solutions to all lab problems will be provided in machine-readable form.
The standard labs version of the seminar includes a lab exercise involving implementation of a user-mode CNG provider. Kernel-mode CNG providers may be covered upon request.
Durations with labs: