Suite B Cryptography

About

Suite B cryptographic algorithms are specified by the National Institute of Standards and Technology (NIST) and are used by NSA's Information Assurance Directorate in solutions approved for protecting National Security Systems (NSS). Suite B includes cryptographic algorithms for encryption, key exchange, digital signature, and hashing.

Cryptographic algorithms

OS Support

Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.

Windows XP requires SP3 to support SHA2 hashes (SHA-256, SHA-384 and SHA-512).

Server 2003 SP2 requires an update to support SHA2 - KB 938397, linked below.

Howver, both Windows XP SP3 and Server 2003 SP2 (with patch) will both require another patch (KB 968730) in order to request certificates from a 2008 CA that was signed with a SHA2 hash.

Links

• NSA Suite B Cryptography (NSA/CSS)
• SHA2 and Windows (Windows PKI blog)
• Common Questions about SHA2 and Windows (Windows PKI blog)
• Cryptography Next Generation (TechNet)
• KB 938397
• KB 968730