Cryptographic Service Providers

The first CryptoAPI function called by an application that uses any cryptographic APIs is the GetCryptoProvider function. This function returns a handle to a particular cryptographic service provider (CSP) that includes the specification of a particular key container within the CSP. This key container is either a specifically requested key container or it is the default key container for the logged-on user. GetCryptoProvider can also create a new key container.

A cryptographic service provider (CSP) has both a name and a type. For example, the name of one of the CSPs shipped with the operating system is Microsoft Base Cryptographic Provider. It is a PROV_RSA_FULL type provider. The name of each provider is unique, but the provider type is not.

When an application calls GetCryptoProvider to obtain a CSP handle, it specifies a provider type and, optionally, a provider name. If both a type and a name are specified, the function loads the CSP with the matching provider type and provider name. The function returns the CSP's handle that provides access to both the CSP and to a key container within the CSP.

When an application calls GetCryptoProvider and specifies a provider type but no provider name, the function looks for a named provider, first checking a list of default named providers associated with the logged-on user and, if that fails, from a list of default named providers associated with the computer. After the provider name has been determined, the GetCryptoProvider function searches for the CSP for that provider, loads it, and returns its handle.