开发者

.Net RNGCryptoServiceProvider class versus Win32 CryptGenRandom() function

I have a new application being written in .Net. I also have a leg开发者_StackOverflow社区acy version of the application that must be maintained (for the meantime), which has been written in VB6 and utilizes C++ DLLs. Certain C++ native DLLs must continue to be utilized and shared by the new .Net application via P/Invoke.

The legacy app currently utilizes a random number generator, which will be replaced to use CryptGenRandom() function available through Win32 APIs. The new .Net app has the same need and can utilize the RNGCryptoServiceProvider class.

Question: Under the hood does the .Net RNGCryptoServiceProvider class utilize the Win32 CryptGenRandom() function? If so, I would be interested in any links on available documentation in regards to this.


Actually, the .Net RNGCryptoServiceProvider class obtains random data from a "Cryptographic Service Provider" (CSP) (so says the documentation). In the CryptoAPI, a CSP is a loadable DLL which provides some cryptographic services, mainly private key storage, signature computations... and also random number generation. A CSP can be used only if it has been signed (by Microsoft) and registered (by writing in some specific registry keys).

The CryptGenRandom() function uses the default CSP (the one registered as to be used by default, normally one of the CSP which come with the operating system itself) and invokes the CPGenRandom() function on that CSP. RNGCryptoServiceProvider does the same. Hence, it does not call CryptGenRandom(), but it feeds on the same cryptographically strong source.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜