Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Cryptography the .NET Way : Page 2

The .NET Framework classes for cryptography don't require you to become an expert mathematician or a cryptography guru. You'll find symmetric and asymmetric cryptographic providers as well as hash providers. Some of these provider classes end up calling into the unmanaged CryptoAPI library while other parts of the .NET cryptography solution are purely managed code.




Application Security Testing: An Integral Part of DevOps

Cryptographic API
The .NET cryptographic classes are located in the System.Security.Cryptography namespace. Below this common root you'll find specialized namespaces for symmetric and asymmetric algorithms, hash functions, digital signatures, and random number generators. The .NET Framework implementation of cryptography builds on top of the unmanaged implementation of Microsoft CryptoAPI even though there are areas in it that are purely made of managed code.

The object model for the cryptographic API is layered and includes a first abstract level in which classes of algorithm are defined: SymmetricAlgorithm, AsymmetricAlgorithm, and HashAlgorithm. Each class contains a bunch of still abstract but more specific subclasses. Each subclass identifies a particular algorithm such as RC2, DES, and SHA1 (as well as others). Finally, the full implementation of cryptographic functions is available within provider classes that you actually use in .NET applications.

An application—no matter the model, be it Windows Forms, ASP.NET, or Web services—calls into the high-level API exposed by the classes. These classes in turn define a wrapper object to access the cryptographic service provider (CSP) implementation of the particular algorithm chosen.

From a design point of view, the CSP is the component that encrypts and decrypts. It is a separate component from the provider class that exposes the algorithm to the end user application. In general, a CSP is a server capable of performing a standard set of tasks related to cryptography. Each provider class—the class that .NET applications work with to do cryptographic tasks—relies on the CSP to physically perform the task. The CSP is hidden to the programmer in the sense that a developer uses a higher level programming interface. The CSP can be a Win32 unmanaged library or a managed class. If it is a Win32 component, it is one defined within the CryptoAPI library. In the .NET Framework, most classes use unmanaged Win32 providers defined by the CryptoAPI framework.

In Table 1 I've listed the cryptographic classes for symmetric algorithms. Table 2 and Table 3 list the classes for asymmetric and hash algorithms, respectively. As you can see, the classes with the Managed suffix are based on managed code; all the other classes call back into the unmanaged CryptoAPI service providers.

Table 1: Classes available for symmetric encryption. All classes inherit from SymmetricAlgorithm


Cryptographic class




Wrapper class to access the standard CSP for the Data Encryption Standard (DES) algorithm



Wrapper class to access the standard CSP for the RC2 algorithm



Wrapper class to access the standard CSP for the Rijndael algorithm. The CSP is made of managed code.



Wrapper class to access the standard CSP for the Triple DES algorithm

Table 2: Classes available for asymmetric encryption. All classes inherit from AsymmetricAlgorithm.


Cryptographic class




Wrapper class to access the standard CSP for the Digital Signature Algorithm (DSA) algorithm.



Wrapper class to access the standard CSP for the RSA algorithm.

Table 3: Classes available for hash functions.


Cryptographic class




Computes the MD5 hash for the input data using the implementation provided by the CSP.


SHA1CryptoServiceProvider, SHA1Managed

The classes compute the SHA1 hash for the input data using the implementation provided by the CSP. The former class uses unmanaged code; the latter is based on managed code.



Computes the SHA256 hash for the input data using managed code.



Computes the SHA384 hash for the input data using managed code.



Computes the SHA512 hash for the input data using managed code.

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date