Are CNG classes in .NET Cryptography namespace FIPS certified?
Question
From https://docs.microsoft.com/en-us/dotnet/standard/security/cryptographic-services :
Managed code wrappers for the Federal Information Processing Standard (FIPS) certified implementations of the AES, SHA-256, SHA-384, and SHA-512 implementations are available in the new AesCryptoServiceProvider, SHA256CryptoServiceProvider, SHA384CryptoServiceProvider, and SHA512CryptoServiceProvider classes.
Does this mean that CNG classes are not FIPS certified? I'm asking this because sometimes the docs lack information (for example Public Key Encryption section doesn't even mention CNG implementation)
EDIT:
The Cryptography Next Generation (CNG) classes provide a managed wrapper around the native CNG functions.
So CNG is a managed code wrapper, thus confirming my initial guess?
1 answers
solution1
1 ACCPTED 2018-07-17 16:51:13
The "managed wrapper" just means "is a C# API that takes care of calling the CNG C API". The cryptography is provided by a FIPS Certified library (provided that the OS is configured to be in the mode under which the library got certified). It's the same statement used for the CAPI versions Managed code wrappers for ... .
So, they're exactly as certified as the *CryptoServiceProvider types, in that they're not directly certified, but they're also not doing the cryptographic operations themselves.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.