.NET Framework Cryptography Model

  • Article

The .NET Framework provides implementations of many standard cryptographic algorithms. These algorithms are easy to use and have the safest possible default properties. In addition, the .NET Framework cryptography model of object inheritance, stream design, and configuration are extremely extensible.

Object Inheritance

The .NET Framework security system implements an extensible pattern of derived class inheritance. The hierarchy is as follows:

  • Algorithm type class, such as SymmetricAlgorithm or HashAlgorithm. This level is abstract.
  • Algorithm class that inherits from an algorithm type class; for example, RC2 or SHA1. This level is abstract.
  • Implementation of an algorithm class that inherits from an algorithm class; for example, RC2CryptoServiceProvider or SHA1Managed. This level is fully implemented.

Using this pattern of derived classes, it is easy to add a new algorithm or a new implementation of an existing algorithm. For example, to create a new public-key algorithm, you would inherit from the AsymmetricAlgorithm class. To create a new implementation of a specific algorithm, you would create a nonabstract derived class of that algorithm.

Stream Design

The common language runtime uses a stream-oriented design for implementing symmetric algorithms and hash algorithms. The core of this design is the CryptoStream class, which derives from the Stream class. Stream-based cryptographic objects all support a single standard interface (CryptoStream) for handling the data transfer portion of the object. Because all the objects are built on a standard interface, you can chain together multiple objects (such as a hash object followed by an encryption object), and you can perform multiple operations on the data without needing any intermediate storage for it. The streaming model also allows you to build objects from smaller objects. For example, a combined encryption and hash algorithm can be viewed as a single stream object even though this object might be built from a set of stream objects.

Cryptographic Configuration

Cryptographic configuration allows you to resolve a specific implementation of an algorithm to an algorithm name, allowing extensibility of the .NET Framework cryptography classes. You can add your own hardware or software implementation of an algorithm and map the implementation to the algorithm name of your choice. If an algorithm is not specified in the configuration file, the default settings are used. For more information on cryptographic configuration, see Configuring Cryptography Classes.

See Also

Cryptography Overview | Cryptographic Tasks | Cryptographic Services