What does the class name ending "Managed" mean (C# .NET)?

Question

I'm relatively new to C# so please bear with me. I understand the basic difference between managed and unmanaged code. But I'm still a bit confused when to use some methods.

For instance what does the word "Managed" mean in some class name endings. Does it mean that they are managed and all others aren't? For example what is the difference between Aes and AesManaged or SHA512 and SHA512Managed? I know that you can't derive from Managed classes, but that is all that I know.

Also when should one use "Managed" classess, for instance when to choose Aes over AesManaged?

(I already read about basics of managed code on wikipedia (here) and also found a nice explanation about basics of managed code (here)

Thank you for your time and answers.

Answer 1

There are two kinds of cryptography wrappers in .NET, the classes whose name ends in Managed and those whose name end in CryptoServiceProvider. Only the CryptoServiceProvider versions are FIPS 140-1 certified. They are wrappers around native code that Microsoft submitted to the USA department of commerce, verifying that the algorithms meet the security requirements as outlined in the this document. They also require the operating system to have these native libraries installed. FIPS compliance is a big deal whenever you contract with a USA government agency or any entity that stipulates that your code must be FIPS certified.

The Managed versions of the algorithms are written in managed code and don't have a dependency on the native crypto API libraries. They are not FIPS certified. There is a registry setting your customer can use that enforces FIPS compliance. The Managed classes will throw an exception in their constructor when it is turned on. More about that in this blog post.

Answer 2

Have a look at the Remarks section:

This is an abstract class. The only implementation of this class is SHA512Managed.

Meaning, SHA512 (and any other combination of Method and MethodManaged) is just a base class describing a contract any implementor has to fullfil, it on itself doesn't have functionality.

In the case of SHA512Managed, there is just one implementation - the managed one. There could be others using an implementation in C or C++.

Answer 3

In the case of those classes, SHA512 both a factory for creating SHA512 implementations and the base class for the implementations and SHA512Managed is one such implementation written in managed code (think C#). I took a look and the libraries seem to come with other implementations as well, including at least one that uses native Windows APIs.