Menu
After reading (yet another) post by Jeff Atwood more or less concluding that us mortal developers shouldn't be getting too involved with encryption, I'm left wondering what library I should be using. The only two libraries I've found that seem legitimate are entlib's and Bouncy Castle, but they don't seem much more of an abstraction than the .NET cryptography APIs to me.
I guess what I'm wondering is if there is a "jQuery of cryptography libraries" that is simple, widely-trusted, open and well-documented.
918
Create an RSA public/private keypair. Transmit the public key (or for proof of concept, just move it in a string variable) Create a new RSA crypto provider and encrypt a string with the public key. Transmit the encrypted string (or data) back to the original crypto provider and decrypt the string.
tinycrypt is a library of cryptographic algorithms with a focus on small, simple implementation.
Hyperledger Ursa is a shared cryptographic library that enables people (and projects) to avoid duplicating other cryptographic work and hopefully increase security in the process. The library is an opt-in repository for Hyperledger projects (and, potentially others) to place and use crypto.
edit: Here is a comprehensive list of popular crypto libraries from https://github.com/quozd/awesome-dotnet/blob/master/README.md#cryptography:
Original answer follows.
The Bouncy Castle library is indeed a well respected, and mature encryption library, but what's wrong with using many of the fantastic encryption functions that are built right into the .NET framework?
System.Security.Cryptography Namespace
In my experience, these implementations are rock-solid, provide numerous options (for example: you've usually got a Crypto API, CNG and Managed implementations of each algorithm to choose from) , and you're not going to "get it wrong", since you're only using the implementation. If you're slightly worried that you might use them incorrectly, you can always follow MSDN's own example code.
147
You have completely misunderstood the maxim "do not implement encryption routines yourself". What this means is: do not roll your own RSA/DSA/whatever encryption algorithm. It doesn't mean that you shouldn't use one written by someone who knows what they are doing. In fact, if anything, adding more layers between you and the trusted algorithm is going to hurt you, and not the reverse.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
