.Net RNGCryptoServiceProvider class versus Win32 CryptGenRandom() function
https://stackoverflow.com/questions/4250490
-
27-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a new application being written in .Net. I also have a legacy version of the application that must be maintained (for the meantime), which has been written in VB6 and utilizes C++ DLLs. Certain C++ native DLLs must continue to be utilized and shared by the new .Net application via P/Invoke.
The legacy app currently utilizes a random number generator, which will be replaced to use CryptGenRandom() function available through Win32 APIs. The new .Net app has the same need and can utilize the RNGCryptoServiceProvider class.
Question: Under the hood does the .Net RNGCryptoServiceProvider class utilize the Win32 CryptGenRandom() function? If so, I would be interested in any links on available documentation in regards to this.
Solution
Actually, the .Net RNGCryptoServiceProvider class obtains random data from a "Cryptographic Service Provider" (CSP) (so says the documentation). In the CryptoAPI, a CSP is a loadable DLL which provides some cryptographic services, mainly private key storage, signature computations... and also random number generation. A CSP can be used only if it has been signed (by Microsoft) and registered (by writing in some specific registry keys).
The CryptGenRandom() function uses the default CSP (the one registered as to be used by default, normally one of the CSP which come with the operating system itself) and invokes the CPGenRandom() function on that CSP. RNGCryptoServiceProvider does the same. Hence, it does not call CryptGenRandom(), but it feeds on the same cryptographically strong source.
