New Post: Creating AES Keys with CngKey

March 6, 2013, 2:48 pm

≫ Next: New Post: MSFT: What is the roadmap / future of this project ?

≪ Previous: New Post: MSFT: What is the roadmap / future of this project ?

Hi

I have a project that will need to use a HSM. The HSM supports CNG.

I am trying to create an AES Key like below:

CngKey aesCreate = CngKey.Create(new CngAlgorithm("AES"), "MyKeyAES");

But I get the following CryptographicException "The requested operation is not supported."

I need to be able to store AES keys in the HSM. Am I going about this the right way or have I got it completely wrong.

Thanks

Steve

↧

New Post: MSFT: What is the roadmap / future of this project ?

April 21, 2013, 3:31 am

≫ Next: New Post: MSFT: What is the roadmap / future of this project ?

≪ Previous: New Post: Creating AES Keys with CngKey

I would like to know as well.

↧

New Post: MSFT: What is the roadmap / future of this project ?

May 21, 2013, 9:51 am

≫ Next: New Post: AesCng can't use any other key than 128 bits

≪ Previous: New Post: MSFT: What is the roadmap / future of this project ?

I am interested in the GCM - EAX - OCB support as well.

It was interesting to see recent developer code on some MSDN blogs reference Mono, for security functions. Is this a trend of things to come?

↧

New Post: AesCng can't use any other key than 128 bits

July 1, 2013, 11:31 am

≫ Next: Source code checked in, #75436

≪ Previous: New Post: MSFT: What is the roadmap / future of this project ?

Hi All

I am trying to use AesCNG class with key length = 192.
When I call ValidKeySize() it only validates key size 128.

In the AesCng.cs I found this code:

    public override KeySizes[] LegalBlockSizes
    {
        get { return m_symmetricAlgorithm.LegalBlockSizes; }
    }

    public override KeySizes[] LegalKeySizes
    {
        get { return m_symmetricAlgorithm.LegalBlockSizes; }
    }

I suspect LegalKeySize should return m_symmetricAlgorithm.LegalKeySizes property instead, or this is some restriction regarding FIPS compliance?

Best

↧

Source code checked in, #75436

September 17, 2014, 12:57 pm

≫ Next: Source code checked in, #75437

≪ Previous: New Post: AesCng can't use any other key than 128 bits

Adding missing file for PBKDF2 support.

↧

Source code checked in, #75437

September 17, 2014, 2:28 pm

≫ Next: New Post: namespace conflict

≪ Previous: Source code checked in, #75436

Removing testrunconfig file, no longer required after VS2013 upgrade. It was causing unit tests to not execute correctly.

↧

New Post: namespace conflict

October 5, 2014, 3:31 am

≫ Next: Updated Wiki: Security.Cryptography.dll

≪ Previous: Source code checked in, #75437

I am struggling to use the Security.Cryptography.dll because it conflicts with System.Security namespace.
I am working with C++/cli and the compiler comes out with errorC2872:'Security' : ambiguous symbol.
I have tried to define a typedef for it but it fails there as well.

This might be silly but can someone enlighten me on how to get over this?

↧

Updated Wiki: Security.Cryptography.dll

October 17, 2014, 3:18 pm

≫ Next: Source code checked in, #75667

≪ Previous: New Post: namespace conflict

Security.Cryptography.dll

Security.Cryptography.dll provides a new set of algorithm implementations to augment the built in .NET framework supported algorithms. It also provides some APIs to extend the existing framework cryptography APIs. All of the CNG APIs provided in this library require Windows Vista or greater to run. AuthenticatedAesCng additionally requires Windows Vista SP1 or greater. The library itself is built upon the .NET Framework version 3.5. The sources are provided in a Visual Studio 2008 project.

Download

Security.Cryptography 1.6

Class Reference

Security.Cryptography.AesCng - A managed wrapper around the CNG implementation of the AES algorithm.
Security.Cryptography.AuthenticatedAes - Base class for implementations of the authenticated AES algorithm.
Security.Cryptography.AuthenticatedAesCng - A managed wrapper around the CNG implementation of the authenticated AES algorithm.
Security.Cryptography.AuthenticatedSymmetricAlgorithm - Base class for authenticated symmetric algorithms to derive from.
Security.Cryptography.CngAlgorithm2 - A set of additional CngAlgorithm objects for algorithms not in the framework's CngAlgorithm type.
Security.Cryptography.CngChainingMode - Pseudo-enumeration of chaining modes supported by CNG.
Security.Cryptography.CngProvider2 - A set of additional CngProvider objects for providers not in the framework's CngProvider type.
Security.Cryptography.CngProviderCollection - Enumerates over the installed CNG providers on the machine
Security.Cryptography.CryptoConfig2 - Provides CryptoConfig like access to all of the algorithms included in standard CryptoConfig, as well as the algorithms in the .NET 3.5 System.Core.dll assembly and in the Security.Cryptography.dll assembly.
Security.Cryptography.HMACSHA256Cng - A managed wrapper around the CNG implementation of HMAC SHA256.
Security.Cryptography.HMACSHA384Cng - A managed wrapper around the CNG implementation of HMAC SHA384.
Security.Cryptography.HMACSHA512Cng - A managed wrapper around the CNG implementation of HMAC SHA512.
Security.Cryptography.IAuthenticatedCryptoTransform - Interface for crypto transforms that support generating an authentication tag.
Security.Cryptography.ICngAlgorithm - Interface for algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICngAsymmetricAlgorithm - Interface for asymmetric algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICngSymmetricAlgorithm - Interface for symmetric algorithms which wrap CNG to provide information about the CNG algorithm they're wrapping.
Security.Cryptography.ICryptoTransform2 - Extended crypto transform interface which provides additional information about the transform's capabilities.
Security.Cryptography.Oid2 - An enhanced OID class.
Security.Cryptography.OidGroup - Enumeration of recognized OID categories
Security.Cryptography.OidRegistrationOptions - Flags for use when registering a new OID on the machine
Security.Cryptography.RNGCng - A managed wrapper around the CNG random number generator
Security.Cryptography.RSACng - A managed wrapper around the CNG implementation of the RSA algorithm
Security.Cryptography.RSAPKCS1SHA256SignatureDescription - A signature description class for RSA-SHA256 signatures.
Security.Cryptography.TripleDESCng - A managed wrapper around the CNG implementation of the 3DES algorithm

Security.Cryptography.X509Certificates.AlternateNameType - Types of alternate names exposed by X509 certificates
Security.Cryptography.X509Certificates.SafeCertContextHandle - Safe handle class which exposes an X509 certificate's CERT_CONTEXT
Security.Cryptography.X509Certificates.X509AlternateName - Base type for alternate name data exposed on an X509 certificate
Security.Cryptography.X509Certificates.X509AlternateNameBlob - Exposes alternate name data stored as a blob
Security.Cryptography.X509Certificates.X509AlternateNameIPAddress - Exposes alterante name data stored as an IP address
Security.Cryptography.X509Certificates.X509AlternateNameOther - Exposes other alternate name data, along with an identification OID
Security.Cryptography.X509Certificates.X509AlternateNameString - Exposes alternate name data stored as a string
Security.Cryptography.X509Certificates.X509CertificateCreationOptions - Flags for use when creating a new X509 certificate
Security.Cryptography.X509Certificates.X509CertificateCreationParameters - Configuration parameters for use when creating a new X509 certificate
Security.Cryptography.X509Certificates.X509CertificateSignatureAlgorithm - Algorithms which can be used to sign a new X509 certificate

Security.Cryptography.Xml.TransformFactory - A factory to aid in programmatically creating XML digital signature transforms.
Security.Cryptography.Xml.XmlDsigXPathWithNamespacesTransform - An alternate implementation of the XmlDsigXPathTransform which allows the XPath expression to use all XML namespaces in scope for the XPath node in the transform.

System.Security.Cryptography.CngProvider - A set of extension methods for the CngProvider type
System.Security.Cryptography.CngKey - A set of extension methods for the CngKey type

System.Security.Cryptography.X509Certificates.X509Certificate - A set of extension methods for the X509Certificate type
System.Security.Cryptography.X509Certificates.X509Certificate2 - A set of extension methods for the X509Certificate2 type

System.Security.Cryptography.Xml.EncryptedXml - A set of extension methods for the EncryptedXml type

↧

Source code checked in, #75667

October 17, 2014, 4:29 pm

≫ Next: Released: Security.Cryptography 1.7 (Oct 17, 2014)

≪ Previous: Updated Wiki: Security.Cryptography.dll

Updating Security.Cryptography version number to 1.7

↧

Released: Security.Cryptography 1.7 (Oct 17, 2014)

October 17, 2014, 4:51 pm

≫ Next: Created Release: Security.Cryptography 1.7 (Oct 17, 2014)

≪ Previous: Source code checked in, #75667

The 1.7 update to Security.Cryptography.dll contains support for PBKDF2 (theCNG implementation). This release of Security.Cryptography.dll requires Visual Studio 2013 and the .NET Framework v3.5. (Previous versions used VS2008)

New APIs include:

BCryptPBKDF2.CreateHash - Hash a password and salt with a specified iteration count and hash function. Supported hash functions are SHA-1, SHA-256, SHA-384 and SHA-512

This release includes all check-ins through change set 75667

↧

Created Release: Security.Cryptography 1.7 (Oct 17, 2014)

October 17, 2014, 4:51 pm

≫ Next: Source code checked in, #75704

≪ Previous: Released: Security.Cryptography 1.7 (Oct 17, 2014)

The 1.7 update to Security.Cryptography.dll contains support for PBKDF2 (the CNG implementation). This release of Security.Cryptography.dll requires Visual Studio 2013 and the .NET Framework v3.5. (Previous versions used VS2008)

New APIs include:

BCryptPBKDF2.CreateHash - Hash a password and salt with a specified iteration count and hash function. Supported hash functions are SHA-1, SHA-256, SHA-384 and SHA-512

This release includes all check-ins through change set 75667

↧

Source code checked in, #75704

October 24, 2014, 10:54 am

≫ Next: Source code checked in, #75705

≪ Previous: Created Release: Security.Cryptography 1.7 (Oct 17, 2014)

Updating annotations to allow Security.Cryptography to be used with .NET 4.5 as well as 3.5 (the default).

↧

Source code checked in, #75705

October 24, 2014, 11:01 am

≫ Next: Released: Security.Cryptography 1.7.1 (Oct 24, 2014)

≪ Previous: Source code checked in, #75704

Updating version number to 1.7.1 for update release

↧

Released: Security.Cryptography 1.7.1 (Oct 24, 2014)

October 24, 2014, 11:13 am

≫ Next: Created Release: Security.Cryptography 1.7.1 (Oct 24, 2014)

≪ Previous: Source code checked in, #75705

A minor update to the 1.7 release of Security.Cryptography, updating the .NET annotations to allow the library to be used on two versions of the CLR (.NET 3.5 and 4.5). Users of version 1.7 on .NET 3.5 should see no change, and may treat this update as optional.

See the release notes of the 1.7 release for changes from the 1.6 release.

This release includes all check-ins through change set 75705

↧

Created Release: Security.Cryptography 1.7.1 (Oct 24, 2014)

October 24, 2014, 11:13 am

≫ Next: Source code checked in, #75777

≪ Previous: Released: Security.Cryptography 1.7.1 (Oct 24, 2014)

↧

Source code checked in, #75777

November 14, 2014, 5:34 pm

≫ Next: Released: Security.Cryptography 1.7.2 (Nov 14, 2014)

≪ Previous: Created Release: Security.Cryptography 1.7.1 (Oct 24, 2014)

Adding support for PBKDF2 on Win7/Server 2008. Updating version to 1.7.2 for release.

↧

Released: Security.Cryptography 1.7.2 (Nov 14, 2014)

November 14, 2014, 5:43 pm

≫ Next: Created Release: Security.Cryptography 1.7.2 (Nov 14, 2014)

≪ Previous: Source code checked in, #75777

Updating PBKDF2 to support Win7/Server2k8, in addition to Win8/Server2012.

This release includes all check-ins through change set 75777.

↧

Created Release: Security.Cryptography 1.7.2 (Nov 14, 2014)

November 14, 2014, 5:43 pm

≫ Next: Updated Wiki: Home

≪ Previous: Released: Security.Cryptography 1.7.2 (Nov 14, 2014)

Updating PBKDF2 to support Win7/Server2k8, in addition to Win8/Server2012.

This release includes all check-ins through change set 75777.

↧

Updated Wiki: Home

November 14, 2014, 5:45 pm

≫ Next: Updated Wiki: Security.Cryptography.dll

≪ Previous: Created Release: Security.Cryptography 1.7.2 (Nov 14, 2014)

Introduction

Welcome to the CLR security team's Codeplex site. On this site you'll find a set of projects that extend the security APIs shipped with the .NET framework to provide additional functionality. We also have some tools to help in debugging security related problems in your code.

The latest rollup package of all of the assemblies on this site can be found here: CLR Security June 2010 Release. Note that this release will be the final release of the CLR Security CodePlex project which supports Visual Studio 2008 and the .NET Framework v3.5.

Project Description: Security.dll
Security.dll provides a set of extension methods to ease working with the Code Access Security system in the .NET Framework. Within this project you will find:

Methods to create partially trusted instances of objects
Methods to determine the grant set of an assembly or AppDomain
Methods to help in creating and examining simple sandbox domains
Methods to make working with classes like Evidence and SecurityElement easier

Download Security 1.2

Project Description: Security.Cryptography.dll
Security.Cryptography.dll provides a new set of algorithm implementations to augment the built in .NET framework supported algorithms. It also provides some APIs to extend the existing framework cryptography APIs. Within this project you will find:

A CNG implementation of the AES, RSA, HMACSHA2, and TripleDES encryption algorithms
A CNG implementation of a random number generator
A CNG implementation of authenticated symmetric encryption.
A class that allows dynamically creating algorithms both from this library as well as all of the algorithms that ship with .NET 3.5
An enumerator over all of the installed CNG providers on the current machine
Extension methods that allow access to all of the keys installed in a CNG provider, as well as all of the algorithms the provider supports
Extension methods to access X509Certificates that store their key with CNG, as well as create self signed X509Certificates.
Other utility types and methods

Download Security.Cryptography 1.7.2

Project Description: Security.Cryptography.Debug.dll
Have you ever run into an indecipherable cryptographic exception complaining about "Padding is invalid and cannot be removed" when using the .NET Framework's symmetric algorithms? Since nearly all bugs relating to symmetric algorithms tend to result in this same exception, it can be incredibly difficult to track down exactly what went wrong to cause the exception. Security.Cryptography.Debug.dll is a tool that can be used in these circumstances in order to help you figure out the root cause of your cryptographic exception.

Download Security.Cryptography.Debug 1.1

Project Description: PTRunner.exe
PTRunner is a host application which runs programs in a sandbox. It allows you to choose from a set of standard CLR sandboxes (such as Execution, Internet and LocalIntranet), or provide your own custom permission sets. Additionally, PTRunner allows you to expose a set of fully trusted assemblies to the code in the sandboxed AppDomain.

PTRunner is a .NET 4.0 application, and requires the .NET Framework v4.0 beta 1 in order to run.

Download PTRunner 1.0

↧

Updated Wiki: Security.Cryptography.dll

November 14, 2014, 5:45 pm

≫ Next: Updated Wiki: Security.Cryptography.dll

≪ Previous: Updated Wiki: Home

Security.Cryptography.dll

Download

Security.Cryptography 1.7.2

Class Reference

↧