Cryptographic Algorithms by Applications in .NET Framework 4.0








Different implementations are available for cryptographic algorithms. For example, the base for all symmetric algorithms is SymmetricAlgorithm, which is inherited by the following algorithms: Aes, DES, RC2, Rijndael, and TripleDES.

What is AES?
Aes is inherited by two classes: AesCryptoServiceProvider and AesManaged. The AesCryptoServiceProvider class is a wrapper around the Windows Cryptography API (CAPI) implementation of Aes, whereas the AesManaged class is written entirely in managed code.

What is CNG?
There is also a third type of implementation, Cryptography Next Generation (CNG), in addition to the managed and CAPI implementations. An example of a CNG algorithm is ECDiffieHellmanCng. CNG algorithms are available on Windows Vista and later.

You can choose which implementation is best for you. The managed implementations are available on all platforms that support the .NET Framework. The CAPI implementations are available on older operating systems, and are no longer being developed. CNG is the very latest implementation where new development will take place. However, the managed implementations are not certified by the Federal Information Processing Standards (FIPS), and may be slower than the wrapper classes.

What is Stream Design?
The common language runtime uses a stream-oriented design for implementing symmetric algorithms and hash algorithms. The core of this design is the CryptoStream class, which derives from the Stream class. Stream-based cryptographic objects support a single standard interface (CryptoStream) for handling the data transfer portion of the object. Because all the objects are built on a standard interface, you can chain together multiple objects and you can perform multiple operations on the data without needing any intermediate storage for it. The streaming model also enables you to build objects from smaller objects. For example, a combined encryption and hash algorithm can be viewed as a single stream object, although this object might be built from a set of stream objects.

What is Cryptographic Configuration?
Cryptographic configuration lets you resolve a specific implementation of an algorithm to an algorithm name, allowing extensibility of the .NET Framework cryptography classes. You can add your own hardware or software implementation of an algorithm and map the implementation to the algorithm name of your choice. If an algorithm is not specified in the configuration file, the default settings are used.

How to Choose a Suitable Cryptographic Algorithm by Application?
You can select an algorithm for different reasons: for example, for data integrity, for data privacy, or to generate a key. Symmetric and hash algorithms are intended for protecting data for either integrity reasons (protect from change) or privacy reasons (protect from viewing). Hash algorithms are used primarily for data integrity. Here is a list of recommended algorithms by application:

Data privacy: Aes

Data integrity: HMACSHA256 – HMACSHA512

Digital signature: ECDsa – RSA

Key exchange: ECDiffieHellman – RSA

Random number generation: RNGCryptoServiceProvider

Generating a key from a password: Rfc2898DeriveBytes

Copyright © All Rights Reserved - C# Learners