.NET RSA.Create(String algName): What goes in algName?

Question

According to the MSDN documentation for the RSA class there are two RSA.Create() methods. One default implementation and one that takes a string parameter "algName". I haven't been able to find any examples using the RSA.Create(String) version anywhere online.

So my questions are: What does the parameter "algName" usually contain? What are a few algorithms that can be used? Or where can I find for information on valid algorithm names?

Answer 1

You can put anything you like, but I think you need to implement it yourself. There is only one implementation of the RSA algorithm in the .NET framework out-of-the-box, namely RSACryptoServiceProvider. http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.aspx

The Create(String) method is inherited from AsymmetricAlgorithm, and you can pass quite a few values to the method, see http://msdn.microsoft.com/en-us/library/bf2t8ayw.aspx for a complete list...

Answer 2

The various Create methods of the .NET cryptographic API are meant to work with machine.config file and the System.Security.Cryptography.CryptoConfig type.

It allows an application that use them to use the machine configured algorithm implementation (hence the use of machine.config). E.g.

RSA rsa = RSA.Create ();

will create, by default (nothing in machine.config), a RSACryptoServiceProvider. Now if you modify machine.config your application could return to you a RSAManaged instance (e.g. by configuring it to use Mono.Security.dll). This is very useful to allow applications to select specific implementations (e.g. FIPS-140 certifiied) or HSM (hardware security modules) - i.e. no need to recompile your application to support them!

Back to the original Create(string), this method let you select which implementation to use. It simply call CryptoConfig.CreateFromName(string) and cast the result back to, in this case, an RSA instance.

This is useful if you want to be sure to use a specific implementation, e.g. RSAManaged - even without linking your application to a specific assembly (e.g. Mono.Security.dll).

Answer 3

Erik A. Brandstadmoen answer was correct up until now, but with .NET 4.6 there is a 2nd RSA class now:

RSACng

https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacng(v=vs.110).aspx

RSA.Create() still returns the RSACryptoServiceProvider by default, but as mentioned above you can change this behaviour in the machine.config.

If you are interested in a more in detail comparison and examples how to override it in machine.config you can check out this blog post:

http://dusted.codes/how-to-use-rsa-in-dotnet-rsacryptoserviceprovider-vs-rsacng-and-good-practise-patterns