New Crypto Algorithms in Orcas

The January CTP of Orcas is now available, and with it comes a total of 12 new cryptography algorithm implementation classes, which include 2.5 new algorithms.  (I'll count AES as 0.5 since we did already have Rijndael :-) ).  These classes also are the first set of managed wrappers around the new CNG APIs in Windows Vista, which will use the Cng suffix on the implementation classes.

Dividing the new algorithms up into their types (all in the System.Security.Cryptography namespace in System.Core.dll), this CTP has:

Hash Algorithms

Algorithm Class OS Required
MD5 MD5Cng Windows Vista
SHA-1 SHA1Cng Windows Vista
SHA-256 SHA256CryptoServiceProvider Windows 2003
SHA256Cng Windows Vista
SHA-384 SHA384CryptoServiceProvider Windows 2003
SHA384Cng Windows Vista
SHA-512 SHA512CryptoServiceProvider Windows 2003
SHA512Cng Windows Vista

The hash algorithms work just as you would expect, and should function as simple drop-in replacements for corresponding algorithms that have already shipped in v2.0 of the .NET Framework.  The big advantage here is that these hash algorithms are just wrappers around the Windows implementations of the algorithms, and therefore are FIPS compliant versions of the SHA-2 algorithms which had only managed versions in v2.0.  For applications targeting Vista which must use CNG, this set of algorithms also provides CNG wrappers for all of our hashing algorithms.

Symmetric Algorithms

Algorithm Class OS Required
AES AesCryptoServiceProvider Windows XP SP2
AesManaged All Supported Platforms

We've provided a new Aes base class for implementations of AES (rather than Rijndael which allows some parameters to be set differently than AES).  Two implementations of this base class are shipping with the Orcas January CTP, once which wraps the CAPI implementation of AES and a managed implementation of the algorithm which should run on any platform the CLR supports.

AesManaged is actually just a wrapper around RinjdaelManaged with some code added to make sure that you do not setup the algorithm to operate in a non-AES compatible way.  For instance, AesManaged does not allow you to change the block size.  (It will also disallow the use of CFB and OFB mode because of the way that RijndaelManaged works with those modes). 

Asymmetric Algorithms

Algorithm Class OS Required
Elliptic Curve DSA ECDSACng Windows Vista
Elliptic Curve Diffie-Hellman ECDiffieHellmanCng Windows Vista

These are the really interesting additions to the cryptography libraries in this CTP, the first appearance of elliptic curve cryptography in the .NET Framework.  Since these will take more than just a paragraph to cover, the next couple of blog posts will focus on these classes (as well as the other supporting classes to help work with CNG).  Up next, Elliptic Curve DSA.