For “most purposes” the following options are recommended:
- Microsoft Base Cryptographic Provider
- Key Size: 2048
- Exportable: Yes
- User Protected: Yes
To be honest, I’m not familiar with the different CSPs, but the Base does the job every time for me.
-
Key Size makes the keys harder to crack, but more than 2048-bits for a short to medium term key (3-5 years) is ample (IMHO).
-
Exportable lets you export the private key/certificate pair – essential for backing it up!
-
User Protected means that you must enter a password every time that you want to use the cert – highly recommended to prevent accidental or malicious signing of code with your certificate.