System.Security.Cryptography

This assembly provides the core cryptographic support for .NET, including hashing (e.g. SHA256), symmetric-key message authentication (e.g. HMACSHA256), symmetric-key encryption (e.g. Aes), symmetric-key authenticated encryption (e.g. AesGcm), asymmetric (public/private key) cryptography (e.g. RSA, ECDsa, or ECDiffieHellman), and X.509 public-key certificates (X509Certificate2).

Documentation can be found at https://learn.microsoft.com/dotnet/api/system.security.cryptography and https://learn.microsoft.com/dotnet/api/system.security.cryptography.x509certificates

Contribution Bar

• We consider new features, new APIs and performance changes
• We consider PRs that target this library for new source code analyzers

When contributing to this area, please consider:

• We do not provide implementations for primitive cryptographic algorithms, and do not want to.
  • Some exceptions have been made in the past, but we do not anticipate any future exceptions.
• We generally do not add API support for an algorithm unless it is supported by at least two of
  • Microsoft Windows (via CNG)
  • OpenSSL
  • Apple macOS (via CommonCrypto or CryptoKit)

See the Help Wanted issues.

Source

• The managed code for core cryptographic support is in the src subdirectory.
• Core cryptography involves a shim layer for performing interop on most of our operating systems.
  • Apple (macOS, iOS, et cetera): System.Security.Cryptography.Native.Apple
  • Android: System.Security.Cryptography.Native.Android
  • Linux and "other UNIX" (via OpenSSL): System.Security.Cryptography.Native
• Higher level cryptographic components may be in other assemblies, such as
  • System.Security.Cryptography.Pkcs
  • System.Security.Cryptography.Cose
• The lower-level ASN.1 BER/CER/DER parser is a separate library, System.Formats.Asn1

Deployment

The System.Security.Cryptography assembly is part of the shared framework, and ships with every new release of .NET.