Cryptography in .NET with HSM without PKCS11

Question

I am developing an application performing cryptographic operation (for customer demonstration purposes) using a HSM in .NET 3.5 without PKCS#11, in c# (Cryptography namespace)

1. I have found the algorithms supported by the HSM's CSP (with certutil -csp "HSM's CSP Provider name found in regedit" -csptest), and some of them don't have a CryptoServiceProvider in the Cryptography namespace (RC2, RC4, DESX symmetric algo; MD4, MD2, AES-GMAC hash algo), but they are listed as supported in MS Documentation : https://msdn.microsoft.com/en-us/library/windows/desktop/bb931354(v=vs.85).aspx . Would anyone have an idea about how to be able to use on of these to perform operations ? In other words, is it possible to choose an algorithm which doesn't have a special CSP classe ?

2. I have a similar problem with random number generation. My HSM supports these RNG algorithm : RNG, FIPS186DSARNG, DUALECRNG (found the same way as the algo in 1.) Is there a way to generate random number with a specified algorithm in C# ?

3. I finally would like to save generated symmetric key directly on the HSM, but the Cryptography namespace only has KeyContainers for asymmetric keys.

Thank you in advance for anyone having an idea on any of these problems ! Edit : Added the version of .NET framework, 3.5

Answer 1

PKCS#11 interface is superior when compared to CSP interface which for example does not support persistence of symmetric keys. There were some improvements in .NET 4.6.2 cryptography classes but they are all CNG related.

My advice: Use PKCS#11 if you need anything else than RSA.