Which classes/algorithms in System.Security.Cryptography are identical to those in the unmanaged CryptoAPI?

Question

For a VB.NET-based VSTO add-in we need to plan for a future port to TwinBasic which is based on unmanaged COM architecture.

Especially for encrypted data we need to make sure we use an encryption algorithm that is identical whether the code is managed VB.NET or unmanaged TwinBasic.

I read the following:

“In the .NET Framework, the classes in the http://System.Security.Cryptography namespace manage many details of cryptography for you. Some are wrappers for the unmanaged Microsoft Cryptography API (CryptoAPI)”

http://www.vb-net.com/VB2015/Language/Strings.%20Culture,%20Convert,%20Validate,%20Crypt.pdf

Figuring out which System.Security.Cryptography classes are unmanaged Microsoft Cryptography API (CryptoAPI) wrappers is not something I know how to do well.

Which encryption algorithm in System.Security.Cryptography should I use, one that is decently solid (and hopefully uses hardware encryption for performance), so that I can use the identical algorithm later with unmanaged TwinBasic code in CryptoAPI?

I will use the algorithm both to encrypt/decrypt separate strings as well as entire JSON files.

Your experienced advice and considerations are very helpful thank you!

---

FYI TwinBasic is VB6 extended with a lot of new functionality and language features please see more at twinbasic.com.

Answer 1

As stated by @wqw in a comment on Jun 24 2021:

Just use some AEAD cipher like AES in GCM mode and you're future proof. AES is supported by each and every crypto library and is implemented in hardware on most CPUs.