Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Designing for Simplified Cryptography Functionality

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

The latest Enterprise Library information can be found at the Enterprise Library site.

Cryptography in applications can be implemented in many ways. Typically, developers must duplicate code to perform common tasks. To meet the needs of their organization, they may have to familiarize themselves with many different ways of implementing cryptography. The Cryptography Application Block is designed to simplify and abstract the implementation of cryptography in applications.

Design Implications

Ensuring that the application block simplified the task of accessing cryptography functionality resulted in the following design decisions:

  • It should expose only a small number of methods that a developer would need to understand.
  • It should accept and return data using consistent data types.
  • It should support common algorithms.

The following subtopics describe these decisions.

Small Number of Methods

The application block supports a small number of methods that simplify the most common cryptography tasks. It provides a Cryptographer class that defines the set of static methods the application block supports. These methods include the following:

  • CreateHash
  • CompareHash
  • EncryptSymmetric
  • DecryptSymmetric

Consistent Data Types

Each public method has two overloads. One overload accepts parameters as type string; the other overload accepts the parameters as a byte array. For example, the following code snippets show the two overloads for CreateHash.

public static byte[] CreateHash(string hashInstance, byte[] plainText)

public static string CreateHash(string hashInstance, string plaintext)

Common Algorithms

The Cryptography Application Block includes two implementations of symmetric providers. The DpapiSymmetricCryptoProvider uses DPAPI to provide cryptography services. Developers can use the SymmetricAlgorithmProvider to select and configure symmetric algorithms included with the .NET Framework.

The Cryptography Application Block includes two implementations of hash providers. The KeyedHashAlgorithmProvider allows developers to configure hash algorithms included with the .NET Framework that require a generated key. Developers can use the HashAlgorithmProvider to select and configure hash algorithms that do not require a generated key. Both providers allow the developer to make sure that a random string (known as a salt value) is generated and prepended to the plaintext before hashing. Consider using salt values for storing passwords, because they dramatically slow dictionary attacks and each entry in the dictionary must be hashed with each salt value.

Ff648229.note(en-us,PandP.10).gifNote:
SHA256 is the recommended hash algorithm; SHA1Managed algorithm is still acceptable but not encouraged. The MD4 and MD5 algorithms are not recommended.

For symmetric encryption, AES is currently recommended; DES is no longer recommended.

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

The latest Enterprise Library information can be found at the Enterprise Library site.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.