How to use the CNG provider with system's tools?

[frankmorgner]

Hi!

As I understand, this CNG provider adds SHA-3 capabilities via the CNG interface. What else would be needed to make use of it in the system's tools. For example, does certutil need to be patched in order to verify a SHA-3 hashed certificate?

Thanks for your time.

[WindowsNT]

Yes because certutil takes algorithms by specifiy names. You could only use it with tools that would accept a custom name (in order to pass stuff to CNG) Basically, I think that until SHA-2 has problems, nobody will use SHA-3 in Windows.

[frankmorgner]

Thank you for your response. I'm thinking about adding post quantum algorithms to Windows (if it can be integrated seamlessly). From your experience with SHA-3 and my understanding of the documentation, however, it seems that this is not possible without patching the tools that I want to be using the algorithms for. If I need to patch the tools anyway, then I wonder what benefit a CNG provider gives me. It seems to be good for interoperability and support for hardware modules, but not for adding new algorithms.

[WindowsNT]

The only benefit is that your CNG code is easy to use it.