Microsoft CryptoAPI, also known as CryptoAPI, Microsoft Cryptography API, MS-CAPI, or simply CAPI, is an application programming interface (API) included with Microsoft Windows operating systems. It provides services to enable developers to secure Windows-based applications using cryptography. First introduced in Windows NT 4.0, CryptoAPI has been enhanced in subsequent versions.
CryptoAPI supports both public-key and symmetric key cryptography but does not support persistent symmetric keys. It offers functionality for encrypting and decrypting data, authentication using digital certificates, and a cryptographically secure pseudorandom number generator function called CryptGenRandom.
CryptoAPI works with Cryptographic Service Providers (CSPs) installed on the machine, which perform the cryptographic functions of encoding and decoding data. Hardware Security Module (HSM) vendors may supply a CSP compatible with their hardware.
Windows Vista introduced an updated version of CryptoAPI called Cryptography API: Next Generation (CNG). CNG features better API factoring, support for a wider range of cryptographic algorithms, and newer algorithms that are part of the National Security Agency (NSA) Suite B. CNG is flexible, working in both user and kernel modes, and supports all algorithms from CryptoAPI. It also supports elliptic curve cryptography, which is more efficient than RSA due to shorter keys providing the same level of security. CNG integrates with the smart card subsystem and includes a Base Smart Card Cryptographic Service Provider (Base CSP) module.