Microsoft Kernel Mode Security Support Provider Interface (ksecdd.sys) Security Policy Document
This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision)
25
CompleteAuthToken
QueryContextAttributesW
FreeContextBuffer
MakeSignature
VerifySignature
SealMessage = EncryptMessage
UnsealMessage = DecryptMessage
MapSecurityError
GetSecurityUserInfo
EnumerateSecurityPackagesW
QuerySecurityContextToken
QuerySecurityPackageInfoW
ExportSecurityContext
ImportSecurityContextW
EfsGenerateKey
GenerateDirEfs
EfsDecryptFek
GenerateSessionKey
SecSetPagingMode
SecMakeSPN
SecMakeSPNEx
SecMakeSPNEx2
SecLookupAccountName
SecLookupAccountSid
SecLookupWellKnownSid
CredMarshalTargetInfo
KSecValidateBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData
KSecRegisterSecurityProvider
BCryptRegisterConfigChangeNotify
BCryptUnregisterConfigChangeNotify
BCryptResolveProviders
BCryptGetFipsAlgorithmMode
SslDecryptPacket
SslEncryptPacket
SslExportKey
SslFreeObject
SslImportKey
SslLookupCipherSuiteInfo
SslOpenProvider
6 Operational Environment
KSECDD.SYS services are available to all kernel mode components, which are part of the TCB.
7 Cryptographic Key Management
KSECDD.SYS crypto module manages keys in the following manner.