More Details on Portable Crypto Operations

  • Article

Yesterday I posted about detecting which CSP provided algorithms were available on your copy of Windows, and upgrading IE to get a newer CSP that supported more algorithms.  Sebastien Pouliot provied some nice followup information on using pure managed classes instead of the *CryptoServiceProvider implementations to help solve the portability problem.

Sebastian works with Mono, and points out that all of their algorithms are pure managed, and can be used on any platform (even the ones named *CryptoServiceProvider, the names are just for compatibility).  Microsoft also provides several managed classes, notably RijndaelManaged for AES symmetric encryption, and SHA1Managed for hashing, so using the Microsoft framework is also an option here.  For updates on the status of Crypto in Mono, you can check out https://www.go-mono.com/crypto.html

What follows is part of Sebastian's response to yesterday's post (note Fx1.2 is Whidbey, v2.0 of the Framework):

Actually all Fx cryptographic algorithms are supported, including the new one in Fx1.2 - and them some...

The mscorlib.dll assembly contains the following algorithms.
- DSACryptoServiceProvider *
- RSACryptoServiceProvider *, **
- DESCryptoServiceProvider *
- RC2CryptoServiceProvider *
- RijndaelManaged
- RIPEMD160Managed ***
- SHA1CryptoServiceProvider *, ****
- SHA1Managed ****
- SHA256Managed
- SHA284Managed
- SHA512Managed
- TripleDESCryptoServiceProvider *
and all HMAC (SHA1, MD5, RIPEMD160, SHA256, SHA384, SHA512)

* For compatibility we had to keep the <algo>CryptoServiceProvider names but the implementations are fully managed.
** Support both PKCS1 and OAEP padding.
*** To support upcoming Fx 1.2
**** They are actually the same implementation.

Mono.Security.dll assembly also have some additional algorithms*
- RSAManaged
- DHManaged
- ARC4Managed **
- MD2Managed ***
- MD4Managed ***
which were required for other "internal" pieces like NTLM authentication and SSL/TLS (both available as managed implementation inside the same assembly).

* Note the absence of DSAManaged from this assembly! Sadly the DSA abstract class has an internal constructor making it impossible to inherit from it outside mscorlib. I hope this get corrected in Fx 1.2.
** Compatible with RSA RC4 stream cipher.
*** MD2Managed and MDManaged are present but we STRONGLY discourage their use in new applications. Their presence was required to support older X.509 certificates (signed using a MD2 hash) and to support NTLM authentication (which use MD4).

> Also, how easy would it be to get the Mono algorithms to compile using the Microsoft toolset and distribute them with an application? Would I need just a .cs file or two, or are there a slew of dependencies to worry about?

Using Mono.Security.dll on Windows should be very easy (i.e. it shouldn't require any change or I missed my target ;-).

Other algorithms (corlib) may have dependencies on BigInteger (DSA, RSA) and other internal classes from Mono.* namespaces. However they do not depend on some Mono's internal (with the notable exception of the RNGCryptoServiceProvider class) so it's only a matter to include the right files. Some people ported the corlib's source for the Compact Framework without too much problems (few changes were required because many overloaded methods are missing in CF).

The licensing is also very friendly as Mono class library use the MIT X.11 license (https://www.opensource.org/licenses/mit-license.php). Finally anyone can follow the current status of Mono's cryptography by bookmarking this page: https://www.go-mono.com/crypto.html