In discussing the Visual Studio Code Name "Orcas" January 2007 CTP I mentioned its managed classes for Elliptic Curve Diffie-Hellman and Elliptic Curve Digital Signature Algorithm cryptographic functionality. No, I didn't expect you to know what that means, but explaining it right then and there would have been a distraction. We'll need to start with Suite B. This is a set of cryptographic algorithms provid In discussing the Visual Studio Code Name “Orcas” January 2007 CTP I mentioned its managed classes for Elliptic Curve Diffie-Hellman and Elliptic Curve Digital Signature Algorithm cryptographic functionality. No, I didn’t expect you to know what that means, but explaining it right then and there would have been a distraction.We’ll need to start with Suite B. This is a set of cryptographic algorithms provided by the NSA to be used in addition to the Advanced Encryption Standard (AES) for for hashing, digital signatures, and key exchange. (Yes, there is a Suite A. It “contains classified algorithms that will not be released. Suite A will be used for the protection of some categories of especially sensitive information.”) But back to Suite B: “The entire suite of cryptographic algorithms is intended to protect both classified and unclassified national security systems and information. Because Suite B is also a subset of the cryptographic algorithms approved by the National Institute of Standards, Suite B is also suitable for use throughout government. NSA’s goal in presenting Suite B is to provide industry with a common set of cryptographic algorithms that they can use to create products that meet the needs of the widest range of US Government (USG) needs.”What do elliptic curves have to do with anything? Elliptic Curve Diffie-Hellman or Elliptic Curve MQV are the two recommended ways of doing key exchange in Suite B, and the Elliptic Curve Digital Signature Algorithm is the recommend way of doing digital signatures in Suite B. See this NIST paper if you’re up for the details of how elliptic curve key exchange works, and this one for the digital signature standards, including the Elliptic Curve Digital Signature Algorithm. This NSA paper explains why elliptic curve cryptography is attractive compared to the older RSA and Diffie-Hellman algorithms for public-key cryptography. The short summary is that RSA and Diffie-Hellman have slowly succumbed to increasingly strong attack algorithms, while elliptic curve cryptography has remained at full strength. From a practical point of view, that means that elliptic curve cryptography can provide greater security and more efficient performance, saving both cycles and bandwidth.As has been noted elsewhere, Microsoft consulted the NSA and NIST about Windows Vista and got certification for its security, so that it would be able to sell Vista systems to the U.S. Government. To do that, Microsoft of course had to meet the current cryptography standards. The old CryptoAPI didn’t support elliptic curve cryptography, so Microsoft came up with a replacement, Cryptography API: Next Generation (CNG).CNG proper is an API intended to be used from unmanaged C++, and is currently only implemented in Windows Vista and Windows Longhorn Server. You can download the CNG SDK here. It’s not trivial to write managed code wrappers for the CNG API, so Microsoft has provided them. The managed classes for Elliptic Curve Diffie-Hellman and Elliptic Curve Digital Signature Algorithm cryptographic functionality are contained in the January CTP, which I haven’t been able to install. Software Development