Cryptography Information

Topics: Cryptography Application Block
Mar 15, 2007 at 5:12 PM
Edited Apr 5, 2007 at 9:09 PM
The Cryptography Applicaiton Block appears to reduce to a single line of code the task of encrypting string data.

It would appear to save the developer the time and trouble of learning the details of the System.Security.Cryptography namespace.

Using the Enterprise Configuraiton tool, a developer can select the symmetric provider of their choice.

As a security professional, I would be interested to know, where can someone go to learn what default Cryptography settings have been applied when a developer uses the Enterprise Configuration tool to create a symmetric provider?

For example, in the following blog entry:

The "The Differences Between Rijndael and AES" are listed:

"When you need to write managed code that encrypts or decrypts data according to the AES standard, most people just plug the RijndaelManaged class in and go on their way. After all, Rijndael was the winner of the NIST competition to select the algorithm that would become AES. However, there are some differences between Rijndael and the official FIPS-197 specification for AES.

Namely, Rijndael allows for both key and block sizes to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And the key size does not in fact have to match the block size). However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key size may be either 128, 192, or 256 bits."

In other words, since the Enteprise Library appears to reduce the number of available options for ease of use, if someone wanted to customize the default options, would they need to customize the Applicaiton Block or are these settings available in a .Config file somewhere?

Additional Informaiton

According to a post on the .NET Security Blog

There may be a new AES provider shiped with Orcas.

Will the Enterprise Library be waiting until this release to add support for AES?