web analytics

Understanding Cryptography in .NET


codeling 1560 - 6504
@2021-04-19 20:59:02

The .NET cryptography system implements an extensible pattern of derived class inheritance. The hierarchy is as follows:

  • Algorithm type class, such as SymmetricAlgorithmAsymmetricAlgorithm, or HashAlgorithm. This level is abstract.

  • Algorithm class that inherits from an algorithm type class; for example, AesRSA, or ECDiffieHellman. This level is abstract.

  • Implementation of an algorithm class that inherits from an algorithm class; for example, AesManagedRC2CryptoServiceProvider, or ECDiffieHellmanCng. This level is fully implemented.

This pattern of derived classes lets you add a new algorithm or a new implementation of an existing algorithm. For example, to create a new public-key algorithm, you would inherit from the AsymmetricAlgorithm class. To create a new implementation of a specific algorithm, you would create a non-abstract derived class of that algorithm.

@2021-04-19 21:05:43

As an example of the different implementations available for an algorithm, consider symmetric algorithms. The base for all symmetric algorithms is SymmetricAlgorithm, which is inherited by AesTripleDES, and others that are no longer recommended.

Aes is inherited by AesCryptoServiceProviderAesCng, and AesManaged.

In .NET Framework on Windows:

  • *CryptoServiceProvider algorithm classes, such as AesCryptoServiceProvider, are wrappers around the Windows Cryptography API (CAPI) implementation of an algorithm.
  • *Cng algorithm classes, such as ECDiffieHellmanCng, are wrappers around the Windows Cryptography Next Generation (CNG) implementation.
  • *Managed classes, such as AesManaged, are written entirely in managed code. *Managed implementations are not certified by the Federal Information Processing Standards (FIPS), and may be slower than the *CryptoServiceProvider and *Cng wrapper classes.

In .NET Core and .NET 5 and later versions, all implementation classes (*CryptoServiceProvider*Managed, and *Cng) are wrappers for the operating system (OS) algorithms. If the OS algorithms are FIPS-certified, then .NET uses FIPS-certified algorithms. 

In most cases, you don't need to directly reference an algorithm implementation class, such as AesCryptoServiceProvider. The methods and properties you typically need are on the base algorithm class, such as Aes. Create an instance of a default implementation class by using a factory method on the base algorithm class, and refer to the base algorithm class. For example, see the highlighted line of code in the following example:

using System;
using System.IO;
using System.Security.Cryptography;

public class EncryptExample
    public static void Main(string[] args)
        //Encryption key used to encrypt the stream.
        //The same value must be used to encrypt and decrypt the stream.
        byte[] key = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16 };

            //Create a file stream
            using FileStream myStream = new FileStream("TestData.txt", FileMode.OpenOrCreate);

            //Create a new instance of the default Aes implementation class 
            // and configure encryption key. 
            using Aes aes = Aes.Create();
            aes.Key = key;

            //Stores IV at the beginning of the file.
            //This information will be used for decryption.
            byte[] iv = aes.IV;
            myStream.Write(iv, 0, iv.Length);

            //Create a CryptoStream, pass it the FileStream, and encrypt
            //it with the Aes class. 
            using CryptoStream cryptStream = new CryptoStream(

            //Create a StreamWriter for easy writing to the
            //file stream. 
            using StreamWriter sWriter = new StreamWriter(cryptStream);

            //Write to the stream. 
            sWriter.WriteLine("Hello World!");


            //Inform the user that the message was written 
            //to the stream. 
            Console.WriteLine("The file was encrypted.");
            //Inform the user that an exception was raised. 
            Console.WriteLine("The encryption failed.");


You must Sign In to comment on this topic.

© 2022 Digcode.com