The full .NET Framework includes rich support for cryptographic functions, such as computing hashes and encrypting data using a variety of algorithms. For example, developers can use the RC2 or RC4 algorithms for data encrtption and the MD5 algorithm for computing hashes. In contrast, the .NET Compact Framework contains only enough cryptography support to allow the HttpWebRequest to access secure Web pages (see Chapter 5, "Network Connectivity with the .NET Compact Framework").
Most Windows CE devices and all Pocket PC devices include an implementation of the CryptoAPI, which is a native code library that performs a wide variety of cryptographic functions. Its architecture allows developers to add new algorithm packages, thus extending the cryptography capabilities while retaining a familiar API for accessing new algorithms.
Because the .NET Compact Framework itself does not support most cryptography functions, performing cryptography requires platform invoking into the CryptoAPI. Readers will need a good understanding of how platform invoking works on the .NET Compact Framework. This subject is covered in detail in Chapter 12, "Interacting with Native Code."
Performing Cryptography with the ManagedCryptoAPI Class
The CryptoAPI is a very rich programming interface, but it is rife with pitfalls and has a very steep learning curve.
This chapter presents a deep enough explanation of the CryptoAPI for you to understand how to encrypt and decrypt data, share session keys, and compute hashes. To isolate developers from complexities of the CryptoAPI, this chapter uses a wrapper class called ManagedCryptoAPI to access the functionality exposed by the CryptoAPI. The ManagedCryptoAPI wrapper class provided with this chapter is not part of the .NET Compact Framework. All of the examples in this chapter use the ManagedCryptoAPI class to perform cryptography- related work.
The ManagedCryptoAPI wrapper class demonstrates the central concepts needed to understand the CryptoAPI. CryptoAPI is complex enough to deserve a book in its own right, and there are some optimizations that ManagedCryptoAPI does not employ . Specifically, ManagedCryptoAPI always allocates enough memory before making calls into CryptoAPI to ensure that the calls always succeed. CryptoAPI supports a more advanced approach in which programs inquire how much memory would be required for a given call into CryptoAPI to succeed, allocate the needed memory, and then make the call. Because this level of complexity would obfuscate the central concepts that ManagedCryptoAPI is meant to demonstrate , such optimizations are omitted.