.NET Cryptography Model

Object Inheritance

The .NET Framework security system implements an extensible pattern of derived class inheritance. The hierarchy is as follows:

• Algorithm type class, such as SymmetricAlgorithm, AsymmetricAlgorithm or HashAlgorithm. This level is abstract.

• Algorithm class that inherits from an algorithm type class; for example, Aes, RC2, or ECDiffieHellman. This level is abstract.

• Implementation of an algorithm class that inherits from an algorithm class; for example, AesManaged, RC2CryptoServiceProvider, or ECDiffieHellmanCng. This level is fully implemented.

Choosing an Algorithm

You can select an algorithm for different reasons: for example, for data integrity, for data privacy, or to generate a key. Symmetric and hash algorithms are intended for protecting data for either integrity reasons (protect from change) or privacy reasons (protect from viewing). Hash algorithms are used primarily for data integrity.

Here is a list of recommended algorithms by application:

• Data privacy:

  • Aes

• Data integrity:

  • HMACSHA256

  • HMACSHA512

• Digital signature:

  • ECDsa

  • RSA

• Key exchange:

  • ECDiffieHellman

  • RSA

• Random number generation:

  • RNGCryptoServiceProvider

• Generating a key from a password:

  • Rfc2898DeriveBytes