Over the last week, we've made a couple of updates to our Codeplex projects to add authenticated symmetric encryption to the managed cryptography surface area for the first time. Since we've never supported authenticated symmetric algorithms in managed code before, I thought I'd run though some basics...

Reid Borsuk, an SDE/T on the CLR security team, has released a fully transparent implementation of the MD5 hash algorithm to the MSDN Code Gallery .  Since the code is entirely transparent, it can be used as part of a Silverlight application that needs to compute MD5 hashes in order to interop with...

The crypto config schema has been a bit of a hot topic around here lately, specifically around how to modify the CLR's machine.config to get custom crypto types registered with CryptoConfig. Let's take a quick look at what CryptoConfig is first, and then we'll see how to customize its behavior. CryptoConfig...

Earlier this month, we released .NET 3.5 SP 1 .  One of the new features available in this update is that RSACryptoServiceProvider has gained the ability to create and verify RSA-SHA256 signatures. Since RSACryptoServiceProvider relies on the underlying CAPI APIs to do its work, this feature will...

The CLR Security Team just launched our CodePlex site: http://www.codeplex.com/clrsecurity .  Currently, it contains two assemblies that provide additional functionality to the security APIs shipped in v3.5 of the .NET Framework. We'd love your feedback on the currently offered libraries, and also...

.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was configured to require them. This resulted in algorithms which are not FIPS compliant (or implementations which were not FIPS certified) throwing an InvalidOperationException from their constructors. In some cases...

My third MSDN magazine article, Digging into IDisposable , appeared in this month's issue in the CLR Inside Out Column. It's a bit of a departure from my usual security fare; this time looking at how to best handle writing class libraries that must manage resources. Also in this month's issue, Kenny...

We’ve recently discovered a bug in the HMACSHA512 and HMACSHA384 classes which shipped in the .NET Framework 2.0. This bug will cause these algorithms to produce incorrect results which are not consistent with other implementations of HMAC-SHA-512 and HMAC-SHA-384. Unfortunately, we did not discover...

The second elliptic curve algorithm added to Orcas is elliptic curve Diffie-Hellman, as the ECDiffieHellmanCng class. This is the first time Diffie-Hellman is available as part of the .NET Framework, so lets take a quick look at what it is and what it does. Diffie-Hellman is one of the oldest asymmetric...

Yesterday I gave a quick rundown of all the new cryptographic algorithms available in the Orcas January CTP . Today, let's dive in a little deeper to the first of the elliptic curve algorithms, ECDSA. (ECDSA, along with the rest of the CNG classes in the .NET Framework, is only available on Windows Vista...

The January CTP of Orcas is now available , and with it comes a total of 12 new cryptography algorithm implementation classes, which include 2.5 new algorithms. (I'll count AES as 0.5 since we did already have Rijndael :-) ). These classes also are the first set of managed wrappers around the new CNG...

A few years back, there was a discussion thread on one of my XML digital signature posts about verifying an XML digital signature which had references to a URI prefixed with cid:. Recently Mattias Lindberg ran into this problem as well, and devised a clever solution to it . Mattias realized that SignedXml...

When you need to write managed code that encrypts or decrypts data according to the AES standard, most people just plug the RijndaelManaged class in and go on their way. After all, Rijndael was the winner of the NIST competition to select the algorithm that would become AES. However, there are some differences...

If you construct an RSACryptoServiceProvider class without specifying a name for the key, the CLR will create a random ephemeral key for you. However, ephemeral keys are not supported by the underlying CAPI APIs on all of the platforms that the CLR was built to support, so the RSACryptoServiceProvider...

One of the more common things a lot of people want to do with their X509Certificate2 is figure out what key container its keys are stored in. You can access this information relatively trivially via the PublicKey property of the X509Certificate2 object: /// <summary> /// Get information about...

Over the last week or so I've seen a few questions pop up multiple times. In no particular order: Q: Is calling a virtual method with a non-virtual call verifiable? A: It depends :-) In v1.x of the CLR this was verifiable. We made a change in v2.0 which disallows a non-virtual call to a virtual...

One of the new cryptography features in the v2.0 framework is the ability to work with PKCS #7 formatted messages . The PKCS features live in the new System.Security.Cryptography.Pkcs namespace in System.Security.dll, and are thin wrappers around the CAPI PKCS #7 implementation . In fact, the actual...

On one of our internal mailing lists, someone was recently surprised that calling RSACryptoServiceProvider::Encrypt on the same bytes with the same instance of the RSA object resulted in two completely different output bytes arrays. The reason is that RSA uses random padding on the input bytes, either...

The RSACryptoServiceProvider class provides two methods, Encrypt and Decrypt which seem to be the managed counterparts to CAPI's CryptEncrypt and CryptDecrypt functions. However, if you try to encrypt using CAPI and decrypt using managed code, you'll end up with a CryptographicException saying "bad data...

The RSA class exposes an ExportParameters method which allows you to get at the raw RSA key in the form of an RSAParameters structure. What that structure contains isn't very obvious to people not familiar with how RSA works. With fields named P, Q, D, DP, DQ just looking at it isn't going to help figure...

One common mistake that people make when using managed encryption classes is that they attempt to store the result of an encryption operation in a string by using one of the Encoding classes. That seems to make sense right? After all, Encoding.ToString() takes a byte[] and converts it to a string which...

One of the optional portions of the W3C XML digital signature specification allows for a set of SignatureProperties to be assigned to a signature. SignatureProperties allow the signer to place some metadata into the signature itself, such as the time the signature was created and the name of the person...

Certain types of software, such as code written for a government contract, require adhering to a strict set of guidelines, especially when it comes to security. To better enable this type of software, v2.0 of the CLR provides the ability for you to enforce that only cryptograhic algorithms that have...

Last fall, in the article Mike Downen and I wrote for MSDN magazine , we mentioned the expanded support for X.509 certificates, and specifically pointed out how to use them with XML digital signatures . For those of you picking up the Febuaray CTP (and later) of Whidbey, you'll notice that we've renamed...

The System.Security.Policy.Hash class allows you to make security decisions based upon the hash of an assembly using the HashMembershipCondition . That sounds awfully similar to how strong names are calculated ... According to ECMA partition II section 6.2.1.3 , a strong name is computed by using RSA...