Does the class returned by System.Security.Cryptography.IncrementalHash.CreateHMAC(HashAlgorithmName.SHA256) uses a managed or a native crypto implementation?

Andreas Gossweiler 0 Reputation points
2023-01-30T13:49:17.2833333+00:00

I've developed an app with Xamarin for Android and iOS which uses a sha256 hash.

I need to know if the class returned by System.Security.Cryptography.IncrementalHash.CreateHMAC(HashAlgorithmName.SHA256) uses a managed or a native sha implementation before I can deploy the app to the Apple AppStore.

And is there a difference between the Xamarin and the .NET 6 implementation?

From appstoreconnect.apple.com:
"You're required to provide documentation if your app contains any of the following:
Standard encryption algorithms instead of, or in addition to, using or accessing the encryption within Apple's operating system"

I do not need to provide the export compliance documentation if my app uses native iOS encryption.

Xamarin
Xamarin
A Microsoft open-source app platform for building Android and iOS apps with .NET and C#.
5,292 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wenyan Zhang (Shanghai Wicresoft Co,.Ltd.) 26,146 Reputation points Microsoft Vendor
    2023-02-02T03:44:55.3533333+00:00

    Hello,

    You are using HashAlgorithmName.SHA256 Property, there are not any reference to CreateHMAC method in Mono, Xamarin.Android, or Xamarin.iOS source code, nor any implementation of System.Security.Cryptography.IncrementalHash in any of the above repos, so crypto APIs will come from .NET and use .NET encryption methods, not native.

    You can guarantee using the native iOS encryption by calling the native encryption APIs wrapped by Xamarin by using a DependencyService: Xamarin.Forms DependencyService Introduction - Xamarin | Microsoft Learn 

    However, the iOS CryptoKit not be bound: [xcode11-feature] Swift Libraries (CryptoKit and RealityKit) · Issue #6239 · xamarin/xamarin-macios (github.com), so you may need to provide the documentation for not using native iOS APIs (not sure how difficult) or trying to wrap the CryptoKit iOS API (Not easy at all if possible. See above linked github issue #6329)  

    Best Regards,

    Wenyan Zhang

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments