Clarion Community Help

The TopSpeed driver already has a very secure encryption system.  However, it is not based on any of the standard encryption algorithms.  This makes the TopSpeed file format unavailable to some developers who have to guarantee the encryption algorithm.  You have the  option to use any encryption algorithm supported by any encryption provider that plugs into the Windows encryption subsystem.  This enables developers to create, store and exchange data in a very secure environment.

There are two providers that are installed on all Windows Operating Systems: Microsoft Base Cryptographic Provider and Microsoft Enhanced Cryptographic Provider.

The Microsoft Enhanced Cryptographic Provider supports the same capabilities as the Microsoft Base Cryptographic Provider, but provides for stronger security through longer keys and additional algorithms. The Enhanced provider is installed on your machine when you apply the Internet Explorer 128-bit security patch.

In addition, you now have the ability to use any encryption algorithm supported by any encryption provider that plugs into the Windows encryption subsystem. So you can now even use new encryption providers as they become available!

To enable use of an alternative encryption algorithm you just supply at least one of the following encryption settings to the driver via the driver string.

Example Format:

(DriverString = Default Value)

/PROVIDER= PROV_RSA_FULL 1

Multiple driver strings need to be SPACE delimited.

Additional Notes:

(1) You can use any of the driver string switches in a SEND command before the file is open to set the encryption algorithm. You can also retrieve the current value of any of the encryption options as the return result of the SEND command.

(2) /CONTAINER is the key container name. This is a string that identifies the key container to the CSP (cryptographic service provider). This name is independent of the method used to store the keys. Some CSPs store their key containers internally (in hardware), some use the system registry, and others use the file system.

When /CONTAINER is not specified, a default key container name is used. For example, the Microsoft Base Cryptographic Provider uses the logon name of the currently logged on user as the key container name. Other CSPs can also have default key containers that can be acquired in this way.

(3) This is the value associated with the different provider types. See the Microsoft Cryptographic Provider Types page for full details on provider types. The values of the different provider types supplied by the Microsoft Enhanced Cryptographic Provider (MECP) are:

PROV_RSA_FULL 1

PROV_RSA_SIG 2

PROV_DSS 3

PROV_FORTEZZA 4

PROV_MS_EXCHANGE 5

PROV_SSL 6

PROV_RSA_SCHANNEL 12

PROV_DSS_DH 13

PROV_EC_ECDSA_SIG 14

PROV_EC_ECNRA_SIG 15

PROV_EC_ECDSA_FULL 16

PROV_EC_ECNRA_FULL 17

PROV_DH_SCHANNEL 18

PROV_SPYRUS_LYNKS 20

PROV_RNG 21

PROV_INTEL_SEC 22

PROV_REPLACE_OWF 23

PROV_RSA_AES 24

(4) Values supported by the Microsoft Enhanced Cryptographic Provider are:

32769 MD2

32771 MD5

32772 U.S. DSA Secure Hash Algorithm

32773 Message Authentication Code

32776 SSL3 client authentication

32777 HMAC, a keyed hash algorithm

(5) Some values supported by various providers are:

17921 DES

17922 RC2

17923 3DES

17929 3DES 112

18433 RC4

For full list of key and hash algorithms the user should consult the documentation of their cryptography provider.

Example: