Home | FAQ | Contact
Private Seminars
Public Seminars
Course Descriptions
Course Map
Instructors
Resources

APP210
CMB221
DBG211
DBG214
DBG311
DRV101
DRV150
DRV201
DRV203
DRV204
DRV205
DRV211
DRV221
DRV222
DRV231
DRV232
DRV251
DRV264
DRV274
DRV280
DRV301
DRV350
INT150
INT201
INT250
SEC230
SEC240
WSC150
WSC250

SEC230: Windows Cryptography Next Generation (CNG) for Developers

This seminar covers the “next-generation” cryptography (CNG) support in Windows Vista, Windows Server 2008, and Windows 7.

Level

Basic through intermediate

Audience

Application programmers; security personnel; management responsible for security policy and implementation

Description

Windows Vista and later versions provide a new set of cryptographic services and APIs referred to as "Cryptography Next Generation," or "CNG." The CNG APIs are far easier to use and to extend than previous Windows cryptography APIs. CNG furthermore provides several important new features, such as secure key storage, support for third-party key storage providers, and kernel mode accessibility.

This seminar presents the design, implementation, and APIs of the “Cryptography Next Generation” implementation in Windows Vista and later versions, with emphasis on how to use these facilities in application programs. The legacy cryptographic services present in these and past versions of Windows will also be discussed, as well as some other Windows Vista security technologies such as BitLocker.

This seminar will provide to application developers and designers all the information required to successfully configure, use, and extend the CNG interfaces. The seminar will also be of use to those responsible for creating and maintaining the security policy for an organization or for  application design. Cryptographic concepts and decision points will be introduced and discussed. 

Topics

  • Introduction to modern cryptography and cryptanalysis

  • Legacy Windows cryptography
     

    • Data Protection API

    • Encrypted File System (EFS)

    • CryptoAPI

  • Windows Vista security overview
     

    • Address Space Layout Randomization

    • Trusted Processes

    • BitLocker

  • Cryptography Next Generation (CNG) architecture overview

  • CNG API concepts and interface styles

  • Using bcrypt interfaces
     

    • Enumerating algorithms

    • Random number generator

    • Hashing functions

    • Symmetric encryption

    • Key signing

    • Secret agreement (key exchange)

    • Asymmetic encryption

  • Using ncrypt (secure key storage) interfaces
     

    • Secure key storage principles

    • Hash signing and verification algortihms

    • Secret agreement (key exchange)

    • Asymmetric encryption

    • Exporting and importing keys

  • Implementing a new algorithm provider

  • CNG implementation and internal details

  • Windows 7 CNG enhancements

Prerequisites

  • Familiarity with INT150: Windows Internals Essentials; and

  • Familiarity with Windows API (Win32) programming; and

  • Familiarity with the C programming language

Windows versions

Windows 7; Windows Vista; Windows Server 2008

Duration and formats

3 days with labs
2 days lecture only

Labs

The lab version of this seminar includes a series of programming exercises that illustrate and amplify the principles presented in the “Using CNG” section. Attendees for this version will spend at least half of the seminar time modifying, coding, and debugging programs that use examples of various CNG algorithm classes, as well as older services such as DPAPI. Solutions to all lab problems will be provided in machine-readable form.
 

Windows Vista and later only!
Cryptography Next Generation (CNG), that is, the bcrypt and ncrypt interfaces, exist only in Vista and later versions of Windows.
Copyright © 2010 by Azius Developer Training