Table of Contents

Class CryptographyProviders

Namespace
Yubico.YubiKey.Cryptography
Assembly
Yubico.YubiKey.dll

This class contains properties that specify cryptographic providers.

public static class CryptographyProviders
Inheritance
object
CryptographyProviders

Remarks

During the course of operations, the SDK will need to perform cryptographic operations, such as random number generation, HMAC, Triple-DES encryption, and so on. Any SDK operation that needs crypto will get it from this class.

The properties in this class are delegates. They are functions that can build objects that will perform the required crypto. The reason these properties are methods that build objects, rather than objects themselves, is because the crypto classes implement IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

This class will return default implementations, but can be replaced. That is, if you do nothing, the SDK will use default C# cryptography. If you want the SDK to use your own implementations, you can do so. See the User's Manual entry on alternate crypto implementations for a detailed description of replacing the defaults. Generally, you will simply need to set the appropriate property with a new function.

Most applications will not replace the defaults, but for those that want the SDK to use a hardware RNG, hardware accelerator, or any other specific implementation for whatever reason, it is possible.

Properties

AesCreator

This property is a delegate (function pointer). The method loaded will return an instance of AES.

public static Func<Aes> AesCreator { get; set; }

Property Value

Func<Aes>

Remarks

When an SDK operation needs to encrypt or decrypt data using AES, it will do so using an implementation of the System.Security.Cryptography.AES abstract class. However, when it needs the AES class, it will ask this delegate to build an object, rather than ask for an object itself. This has to do with the fact that the AES class implements IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

The method loaded will return an object. This class is initialized with a method that will build and return an instance of the C# default implementation. For example, it could be used as follows.

AES aesObject = CryptographyProviders.AesCreator();

If you want to replace the implementation, you will likely do something like this in your application.

CryptographyProviders.AesCreator = () =>
{
    Handle aesHandle = GetHandle();
    return AesImpl.GetAesObject(aesHandle);
};

AesGcmPrimitivesCreator

This property is a delegate (function pointer). This method will return an instance of IAesGcmPrimitives.

public static Func<IAesGcmPrimitives> AesGcmPrimitivesCreator { get; set; }

Property Value

Func<IAesGcmPrimitives>

Remarks

When an SDK operation needs to perform AES-GCM encrypt or decrypt, it will do so using an implementation of the IAesGcmPrimitives interface. However, when it needs an instance, it will this delegate to build an object, rather than build it itself.

For example:

IAesGcmPrimitives aesGcm = CryptographyProviders.AesGcmPrimitivesCreator();

If you want to replace the implementation, you will likely do something like this in your application. The body of the delegate is responsible for creating an instance of AES-GCM based on an implementation of your own choosing.

CryptographyProviders.AesGcmPrimitivesCreator = () =>
{
    Handle aesHandle = GetHandle();
    return AesGcmImpl.GetAesGcmObject(aesHandle);
}

CmacPrimitivesCreator

This property is a delegate (function pointer). This method will return an instance of ICmacPrimitives, built to use the specified algorithm.

public static Func<CmacBlockCipherAlgorithm, ICmacPrimitives> CmacPrimitivesCreator { get; set; }

Property Value

Func<CmacBlockCipherAlgorithm, ICmacPrimitives>

Remarks

Note that ICmacPrimitives implements IDisposable, so either call Dispose when done with it, or use the using keyword.

For example,

using ICmacPrimitives cmacObj =
    CryptographyProviders.CmacPrimitivesCreator(CmacBlockCipherAlgorithm.Aes128);

DesCreator

This property is a delegate (function pointer). The method loaded will return an instance of DES.

public static Func<DES> DesCreator { get; set; }

Property Value

Func<DES>

Remarks

When an SDK operation needs to encrypt or decrypt data using DES, it will do so using an implementation of the System.Security.Cryptography.DES abstract class. However, when it needs the DES class, it will ask this delegate to build an object, rather than ask for an object itself. This has to do with the fact that the DES class implements IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

The method loaded will return an object. This class is initialized with a method that will build and return an instance of the C# default implementation. For example, it could be used as follows.

DES desObject = CryptographyProviders.DesCreator();

If you want to replace the implementation, you will likely do something like this in your application.

CryptographyProviders.DesCreator = () =>
{
    Handle desHandle = GetHandle();
    return DesImpl.GetDesObject(desHandle);
};

EcdhPrimitivesCreator

This property is a delegate (function pointer). This method will return an instance of IEcdhPrimitives.

public static Func<IEcdhPrimitives> EcdhPrimitivesCreator { get; set; }

Property Value

Func<IEcdhPrimitives>

Remarks

When an SDK operation needs to perform compute the ECDH shared secret, it will do so using an implementation of the IEcdhPrimitives interface. However, when it needs an instance, it will as this delegate to build an object, rather than build it itself.

If you want to replace the implementation, you will likely do something like this in your application. The body of the delegate is responsible for creating an instance of ECDH based on an implementation of your own choosing.

CryptographyProviders.EcdhPrimitivesCreator = () =>
{
    Handle ecdhHandle = GetHandle();
    return EcdhImpl.GetEcdhObject(ecdhHandle);
}

HmacCreator

This property is a delegate (function pointer). This method will return an instance of HMAC.

public static Func<string, HMAC> HmacCreator { get; set; }

Property Value

Func<string, HMAC>

RngCreator

This property is a delegate (function pointer). The method loaded will return an instance of RandomNumberGenerator.

public static Func<RandomNumberGenerator> RngCreator { get; set; }

Property Value

Func<RandomNumberGenerator>

Remarks

When an SDK operation needs random numbers it will generate them using an implementation of the System.Security.Cryptography.RandomNumberGenerator abstract class. However, when it needs the RNG class, it will ask this delegate to build an object, rather than ask for an object itself. This has to do with the fact that the RandomNumberGenerator class implements IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

The method loaded will return an object. This class is initialized with a method that will build and return an instance of the C# default implementation. For example, it could be used as follows.

RandomNumberGenerator randomObject =
    CryptographyProviders.RngCreator();

If you want to replace the implementation, you will likely do something like this in your application.

CryptographyProviders.RngCreator = () =>
{
    Handle rngHandle = RngImpl.GetRngHandle();
    return RngImpl.GetRandomObject(rngHandle);
};

Sha1Creator

This property is a delegate (function pointer). The method loaded will return an instance of SHA1.

public static Func<SHA1> Sha1Creator { get; set; }

Property Value

Func<SHA1>

Remarks

When an SDK operation needs to digest data using SHA-1, it will do so using an implementation of the System.Security.Cryptography.SHA1 abstract class. However, when it needs the SHA1 class, it will ask this delegate to build an object, rather than ask for an object itself. This has to do with the fact that the SHA1 class implements IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

The method loaded will return an object. This class is initialized with a method that will build and return an instance of the C# default implementation. For example, it could be used as follows.

SHA1 sha1Object = CryptographyProviders.Sha1Creator();

If you want to replace the implementation, you will likely do something like this in your application.

CryptographyProviders.Sha1Creator = () =>
{
    Handle sha1Handle = Sha1Impl.GetSha1Handle();
    return Sha1Impl.GetSha1Object(sha1Handle);
};

Sha256Creator

This property is a delegate (function pointer). The method loaded will return an instance of SHA256.

public static Func<SHA256> Sha256Creator { get; set; }

Property Value

Func<SHA256>

Remarks

When an SDK operation needs to digest data using SHA-256, it will do so using an implementation of the System.Security.Cryptography.SHA256 abstract class. However, when it needs the SHA256 class, it will ask this delegate to build an object, rather than ask for an object itself. This has to do with the fact that the SHA256 class implements IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

The method loaded will return an object. This class is initialized with a method that will build and return an instance of the C# default implementation. For example, it could be used as follows.

SHA256 sha256Object = CryptographyProviders.Sha256Creator();

If you want to replace the implementation, you will likely do something like this in your application.

CryptographyProviders.Sha256Creator = () =>
{
    Handle sha256Handle = Sha256Impl.GetSha256Handle();
    return Sha256Impl.GetSha256Object(sha256Handle);
};

Sha384Creator

This property is a delegate (function pointer). The method loaded will return an instance of SHA384.

public static Func<SHA384> Sha384Creator { get; set; }

Property Value

Func<SHA384>

Remarks

When an SDK operation needs to digest data using SHA-384, it will do so using an implementation of the System.Security.Cryptography.SHA384 abstract class. However, when it needs the SHA384 class, it will ask this delegate to build an object, rather than ask for an object itself. This has to do with the fact that the SHA384 class implements IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

The method loaded will return an object. This class is initialized with a method that will build and return an instance of the C# default implementation. For example, it could be used as follows.

SHA384 sha384Object = CryptographyProviders.Sha384Creator();

If you want to replace the implementation, you will likely do something like this in your application.

CryptographyProviders.Sha384Creator = () =>
{
    Handle sha384Handle = Sha384Impl.GetSha384Handle();
    return Sha384Impl.GetSha384Object(sha384Handle);
};

Sha512Creator

This property is a delegate (function pointer). The method loaded will return an instance of SHA512.

public static Func<SHA512> Sha512Creator { get; set; }

Property Value

Func<SHA512>

Remarks

When an SDK operation needs to digest data using SHA-512, it will do so using an implementation of the System.Security.Cryptography.SHA512 abstract class. However, when it needs the SHA512 class, it will ask this delegate to build an object, rather than ask for an object itself. This has to do with the fact that the SHA512 class implements IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

The method loaded will return an object. This class is initialized with a method that will build and return an instance of the C# default implementation. For example, it could be used as follows.

SHA512 sha512Object = CryptographyProviders.Sha512Creator();

If you want to replace the implementation, you will likely do something like this in your application.

CryptographyProviders.Sha512Creator = () =>
{
    Handle sha512Handle = Sha512Impl.GetSha512Handle();
    return Sha512Impl.GetSha512Object(sha512Handle);
};

TripleDesCreator

This property is a delegate (function pointer). The method loaded will return an instance of TripleDES.

public static Func<TripleDES> TripleDesCreator { get; set; }

Property Value

Func<TripleDES>

Remarks

When an SDK operation needs to encrypt or decrypt data using Triple-DES, it will do so using an implementation of the System.Security.Cryptography.TripleDES abstract class. However, when it needs the Triple-DES class, it will ask this delegate to build an object, rather than ask for an object itself. This has to do with the fact that the TripleDES class implements IDisposable. In order to avoid the complex problem of ownership of an object that will be disposed once it goes out of scope, the SDK will create a new object each time one is needed. This new object will be in scope only for the duration of its use in the SDK, and will be disposed immediately when the SDK is done with it.

The method loaded will return an object. This class is initialized with a method that will build and return an instance of the C# default implementation. For example, it could be used as follows.

TripleDES tripleDesObject = CryptographyProviders.TripleDesCreator();

If you want to replace the implementation, you will likely do something like this in your application.

CryptographyProviders.TripleDesCreator = () =>
{
    Handle tripleDesHandle = GetHandle();
    return TDesImpl.GetTripleDesObject(tripleDesHandle);
};