CODEWITHSUNDEEP
c#cryptography
hdev
hdev

Reputation: 6507

Use ECDiffieHellman with or without Cryptography Next Generation (CNG)

I try to figure out how ECDiffieHellman is working under .Net.

I wonder, why there are two implementations of ECDiffieHellman which seems to be very simliar.
The Cng stands for Cryptography Next Generation (CNG), it should be the better one, or not?

Why this dualism? Which one to use?

System.Security.Cryptography.ECDiffieHellman.Create()

var alice = ECDiffieHellman.Create();
var bob = ECDiffieHellman.Create();

Assert.That(alice.PublicKey.ToXmlString(),
    Is.Not.EqualTo(bob.PublicKey.ToXmlString()));

var aliceSharedSecret = alice.DeriveKeyMaterial(bob.PublicKey);
var bobSharedSecret = bob.DeriveKeyMaterial(alice.PublicKey);

Assert.That(aliceSharedSecret, Is.EqualTo(bobSharedSecret));

new System.Security.Cryptography.ECDiffieHellmanCng()

var alice = new ECDiffieHellmanCng();
var bob = new ECDiffieHellmanCng();

Assert.That(alice.PublicKey.ToXmlString(),
    Is.Not.EqualTo(bob.PublicKey.ToXmlString()));

var aliceSharedSecret = alice.DeriveKeyMaterial(bob.PublicKey);
var bobSharedSecret = bob.DeriveKeyMaterial(alice.PublicKey);

Assert.That(aliceSharedSecret, Is.EqualTo(bobSharedSecret));

Upvotes: 2

Views: 1064

Answers (1)

bartonjs
bartonjs

Reputation: 33088

ECDiffieHellman is an abstract base class, ECDiffieHellmanCng is a full implementation type, based on Windows CNG.

ECDiffieHellman.Create(), by default, returns an ECDiffieHellmanCng instance.

The DeriveKeyMaterial method, unfortunately, takes extra parameters which are exposed as properties on ECDiffieHellmanCng. This was addressed in .NET Framework 4.6.2, with the creation of several more DeriveKey* methods on the ECDiffieHellman class which use parameters only (no properties).

Upvotes: 3

Related Questions