I worked to make our .NET application compatible with FIPS and found that the ManagedCryptography classes (e.g. AESManaged) do not match FIPS. I read several other articles and questions on which classes are compatible, for example When will the C # AES algorithm comply with FIPS? and http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/e0b4493f-6e20-4b75-a118-6b6e5d26a2a6 . It seems that the CryptoServiceProvider classes meet the requirements of ARE FIPS, but the managed classes are not.
Managed
AESManaged
I'm just wondering if anyone can explain the difference between classes CryptoServiceProviderand classes Managed? And if someone can explain why the classes CryptoServiceProviderare FIPS compatible, but the managed classes are not, so I can explain to my boss why I have to rewrite our encryption methods. Are they fundamentally different under the hood? Or does MS simply not expose the NIST managed certification classes? If classes Managedsimply transfer classes CryptoServiceProvider, then why are classes Managednot automatically compatible with FIPS? And if I write a class to wrap a FIPS-compatible class in a more user-friendly class, is my software no longer FIPS compatible?
CryptoServiceProvider
Thank.
"FIPS-" - - FIPS. , , FIPS, . - .
CryptoServiceProvider CryptoAPI ( Windows API) , CryptoAPI FIPS ( ). , .NET - , CryptoAPI. , .
, , , . , .NET(IL ) , , .. .
- - , . . , - , , .