Microsoft Enterprise Library 5.0 |
When Should I Use the Cryptography Application Block? |
You should use the Cryptography Application Block when you need hashing and/or symmetric encryption functionality. You can use these functions in conjunction with the cryptographic providers included with the block or with your own custom cryptographic providers. If the data only needs to be encrypted, and it does not need to be decrypted (for example, a password), you can use hashing. If the data needs to be both encrypted and decrypted (for example, to transmit sensitive customer data), you can use symmetric encryption.
Scenarios for the Cryptography Application Block
The Cryptography Application Block is designed to address most common tasks that developers face when they are writing applications that require cryptography functionality. These tasks have been arranged according to scenarios. Each scenario gives an example of a real-world situation, such as authenticating a user, discusses the cryptography functions that the situation requires, and shows the code that accomplishes the task.
The goal of arranging these tasks according to scenarios is to give the code some context. Instead of showing an isolated group of methods, with no sense of where they can best be used, scenarios provide a setting for the code, putting it in situations familiar to developers whose applications must use cryptography features.
The scenarios are the following:
- Encrypting data
- Decrypting data
- Getting a hash of data
- Checking whether a hash matches some text
For more information about each of these scenarios, see Key Scenarios.
Benefits of the Cryptography Application Block
The Cryptography Application Block simplifies the work of developers by abstracting application code from specific cryptography providers. It has the following features:
- It reduces the requirement to write boilerplate code to perform standard tasks; it does this by providing implementations that you can use to solve common application cryptography problems.
- It helps maintain consistent cryptography practices, both within an application and across the enterprise.
- It allows administrators to manage cryptography configuration, including using Group Policy.
- It eases the learning curve for developers by using a consistent architectural model across the various areas of functionality that are provided.
- It provides implementations that you can use to solve common application cryptography problems.
- It is extensible; this means it supports custom implementations of cryptography providers.
Limitations of the Cryptography Application Block
The Cryptography Application Block supports only symmetric algorithms. Symmetric algorithms use the same key for both encryption and decryption. The Cryptography Application Block does not support asymmetric (also known as public-key) encryption, which uses one key to encrypt a message and another key to decrypt the message.
A prerequisite for symmetric encryption is that the application that sends the data and the application that receives the data trust one another. Typically, this is only true if the sender and the receiver are the same application. This restriction often precludes the use of the block for encrypting data across the network.
The Cryptography Application Block does not completely address the issue of how you can safely distribute your keys. It is relatively easy to safely distribute keys on your own secured computers. Other situations, such as sharing multiple keys between multiple parties, require careful planning. One approach is to export your keys to a key file before you distribute them. The key file is encrypted with a password that you supply when you export the keys. You can transport the key file to the computer that requires the keys and then use the configuration tools to import the encrypted key file. When you import the encrypted key file, the configuration tools will prompt you for the password that you used when you encrypted the file.