Attention!Windows XP system libraries do not officially support AES-256, and this script is just a workaround. Use the script only if you understand what the AES-256 algorithm is needed for, and you know how to restore the system in case of unforeseen critical errors.
Why do I need AES-256 support?Due to the fact that Windows XP does not support the AES-256 encryption algorithm, many Internet sites running HTTPS do not open in Internet Explorer 8 under this operating system. For the same reason, many programs that depend on Internet Explorer or use system encryption libraries do not work properly (for example, read about an error due to which Skype cannot connect to the Internet).
How to enable AES-256 support manually?Officially, Windows XP does not support AES-256, and it is unlikely that the algorithm will ever be supported. However, Windows XP has an “older brother”, Windows Embedded POSReady 2009 (the operating system is designed for POS-terminals, ATM, self-service checkouts and others). For the English version of this OS there is an update KB3081320, which adds support for AES-256, but it cannot be installed on Windows XP.
Fortunately, this update is very simple, and most importantly, I managed to find a simple way to add AES-256 support for Windows XP. The plan is as follows:
Download installer WindowsXP-KB3081320-x86-Embedded-ENU.exe
I saved it as «KB3081320.exe», so that it would be more convenient to write commands.
Extract all files with the command:
Replace system libraries with copies from the folder
For your convenience, I uploaded them to the server: dssenh.dll, rsaenh.dll and schannel.dll
In case you do not know how to replace system libraries, you can do it in this way:
Find the required library in each of these folders:
- Rename the library from these folders to something else
- Copy the new library to each of these folders
- Restart the computer
How to enable AES-256 by installing KB3081320?Since KB3081320 can be installed only on Windows Embedded, we should use a hack to turn our computer into an “ATM”. Of course, it will not give money (although, who knows), but at least it will deceive the update installer. Therefore, let’s start:
What algorithm does my computer support?To check which encryption algorithm is used on your computer or to find out if you enabled AES-256 support: start Internet Explorer → click “Help” → choose “About” → and check string “Cipher Strength” (for example, if your computer supports AES-256, here is specified “Cipher Strength: 256-bit”).
I will be grateful for your feedback and additions. Please do not hesitate to leave comments – this is very important for me and, especially, for blog visitors.