Module Name
Kernel Mode Cryptographic Primitives Library
Validation Dates
09/26/2018;07/17/2019;03/09/2020
Caveat
When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #3194, Cert. #3480 or Cert. #3615 operating in FIPS mode or Windows Resume validated to FIPS 140-2 under Cert. #3091 operating in FIPS mode
Security Level Exceptions
- Physical Security: N/A
- Design Assurance: Level 2
Embodiment
Multi-Chip Stand Alone
Description
Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).
Tested Configuration(s)
- Azure Data Box Edge (x64) running on a Microsoft Azure Data Box with PAA [5] (single-user mode)
- Surface Hub (x64) running on a Microsoft Surface Hub with PAA [1]
- Windows 10 Education April 2018 Update (x64) running on a Microsoft Surface Laptop with PAA [4]
- Windows 10 Education Fall Creators Update (x64) running on a Microsoft Surface Pro with PAA [3]
- Windows 10 Education October 2018 Update (x64) running on a Microsoft Surface Laptop with PAA [5]
- Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Book 2 with PAA [4]
- Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Laptop with PAA [4]
- Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Pro LTE with PAA [4]
- Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Studio 2 with PAA [4]
- Windows 10 Enterprise April 2018 Update (x64) running on a Microsoft Surface Studio with PAA [4]
- Windows 10 Enterprise April 2018 Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE with PAA [4]
- Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Book 2 with PAA [3]
- Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Book with PAA [3]
- Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Laptop with PAA [3]
- Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Pro 4 with PAA [3]
- Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Pro with PAA [3]
- Windows 10 Enterprise Fall Creators Update (x64) running on a Microsoft Surface Studio with PAA [3]
- Windows 10 Enterprise Fall Creators Update (x64) running on an HP Pro x2 612 G2 Detachable PC with LTE with PAA [3]
- Windows 10 Enterprise October 2018 Update (x64) running on a Microsoft Surface Book 2 with PAA [5]
- Windows 10 Enterprise October 2018 Update (x64) running on a Microsoft Surface Laptop with PAA [5]
- Windows 10 Enterprise October 2018 Update (x64) running on a Microsoft Surface Pro LTE with PAA [5]
- Windows 10 Enterprise October 2018 Update (x64) running on a Microsoft Surface Studio with PAA [5]
- Windows 10 Enterprise October 2018 Update (x64) running on a Samsung Galaxy Book 12" with PAA [5]
- Windows 10 Enterprise October 2018 Update (x64) running on an HP EliteBook x360 1030 G2 with PAA [5]
- Windows 10 Home April 2018 Update (x86) running on a Dell Inspiron 660s without PAA [4]
- Windows 10 Home Fall Creators Update (x86) running on a Dell Inspiron 660s without PAA [3]
- Windows 10 Home October 2018 Update (x86) running on a Dell Inspiron 660s without PAA [5]
- Windows 10 Mobile Fall Creators Update (ARMv7) running on a Microsoft Lumia 650 [2]
- Windows 10 Mobile Fall Creators Update (ARMv7) running on a Microsoft Lumia 950 [2]
- Windows 10 Mobile Fall Creators Update (ARMv7) running on a Microsoft Lumia 950 XL [2]
- Windows 10 Mobile Fall Creators Update (ARMv7) running on an HP Elite x3 [2]
- Windows 10 Pro April 2018 Update (x64) running on a Dell Latitude 12 Rugged Tablet with PAA [4]
- Windows 10 Pro April 2018 Update (x64) running on a Dell Latitude 5290 with PAA [4]
- Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Book 2 with PAA [4]
- Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Go with PAA [4]
- Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Laptop 2 with PAA [4]
- Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Laptop with PAA [4]
- Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Pro 6 with PAA [4]
- Windows 10 Pro April 2018 Update (x64) running on a Microsoft Surface Pro LTE with PAA [4]
- Windows 10 Pro April 2018 Update (x64) running on an HP Slimline Desktop with PAA [4]
- Windows 10 Pro Fall Creators Update (x64) on Hyper-V on Windows Server 2016 running on a Surface Pro 4 with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Dell Latitude 5285 with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Dell Latitude 5290 with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Dell PowerEdge R630 Server with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Dell Precision Tower 5810MT with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface 3 with LTE with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Laptop with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Pro 3 with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Microsoft Surface Pro with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on a Panasonic Toughbook with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on an HP Compaq Pro 6305 with PAA [3]
- Windows 10 Pro Fall Creators Update (x64) running on an HP Slimline Desktop with PAA [3]
- Windows 10 Pro October 2018 Update (x64) running on a Dell Latitude 12 Rugged Tablet with PAA [5]
- Windows 10 Pro October 2018 Update (x64) running on a Dell Latitude 5290 with PAA [5]
- Windows 10 Pro October 2018 Update (x64) running on a Microsoft Surface Book 2 with PAA [5]
- Windows 10 Pro October 2018 Update (x64) running on a Microsoft Surface Go with PAA [5]
- Windows 10 Pro October 2018 Update (x64) running on a Microsoft Surface Laptop with PAA [5]
- Windows 10 Pro October 2018 Update (x64) running on a Microsoft Surface Pro LTE with PAA [5]
- Windows 10 Pro October 2018 Update (x64) running on a Samsung Galaxy Book 10.6" with PAA [5]
- Windows 10 Pro October 2018 Update (x64) running on an HP Elite x2 1013 G3 Tablet with PAA [5]
- Windows 10 Pro October 2018 Update (x64) running on an HP Slimline Desktop with PAA [5]
- Windows 10 S Fall Creators Update (x64) running on a Microsoft Surface Laptop with PAA [3]
- Windows Server 2019 Core (x64) on Hyper-V on Windows Server 2016 running on a Dell PowerEdge R740 Server with PAA [5]
- Windows Server 2019 Core (x64) on Hyper-V on Windows Server 2019 running on a Dell Precision Tower 5810MT with PAA [5]
- Windows Server 2019 Core (x64) running on a Dell PowerEdge R740 Server with PAA [5]
- Windows Server 2019 Datacenter Core (x64) on Hyper-V on Windows Server 2019 running on a Dell Precision Tower 5810MT with PAA [5]
- Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R740 Server with PAA [5]
- Windows Server Datacenter Core (x64) on Hyper-V on Windows Server running on a Dell Precision Tower 5810MT with PAA [3][4]
- Windows Server Datacenter Core (x64) running on a Dell PowerEdge R630 Server with PAA [3]
- Windows Server Datacenter Core (x64) running on a Dell PowerEdge R740 Server with PAA [3][4]
- Windows Server Datacenter Core (x64) running on a Dell Precision Tower 5810MT with PAA [3]
- Windows Server Standard Core (x64) on Hyper-V on Windows Server 2016 running on a Dell PowerEdge R740 Server with PAA [4]
- Windows Server Standard Core (x64) on Hyper-V on Windows Server running on a Dell Precision Tower 5810MT with PAA [3][4]
- Windows Server Standard Core (x64) running on a Dell PowerEdge R630 Server with PAA [3]
- Windows Server Standard Core (x64) running on a Dell PowerEdge R740 Server with PAA [3][4]
- Windows Server Standard Core (x64) running on a Dell Precision Tower 5810MT with PAA [3]
FIPS Algorithms
AES |
Certs. #4897, #4898, #4899, #4900, #4901, #4902, #5847, #5860, #C211 and #C347 |
CKG |
vendor affirmed |
CVL |
Certs. #1496, #1498, #1507, #1509, #1511, #1513, #2110, #2111 and #C211 |
DRBG |
Certs. #1730, #1731, #1732, #2435 and #C211 |
DSA |
Certs. #1301, #1302, #1303, #1479 and #C211 |
ECDSA |
Certs. #1246, #1249, #1250, #1563 and #C211 |
HMAC |
Certs. #3267, #3268, #3269, #3858 and #C211 |
KAS |
Certs. #146, #147, #148, #200 and #C211 |
KBKDF |
Certs. #157, #158, #159, #242 and #C347 |
KTS |
AES Certs. #4898, #4899, #4900, #5860 and #C347; key establishment methodology provides between 128 and 256 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Certs. #2667, #2670, #2671, #2673, #2674, #2675, #3079, #3081, #C211 and #C349 |
SHS |
Certs. #4009, #4010, #4011, #4633 and #C211 |
Triple-DES |
Certs. #2556, #2557, #2558, #2862 and #C211 |
Allowed Algorithms
HMAC-MD5; MD5; NDRNG
Software Versions
10.0.15063.674 [1], 10.0.15254 [2], 10.0.16299 [3], 10.0.17134 [4] and 10.0.17763 [5]