.NET Framework Cryptography Model
http://msdn.microsoft.com/en-us/library/0ss79b2x(v=vs.110).aspxQuotes from web page:
Choosing an Algorithm
You can select an algorithm for different reasons: for example, for data integrity, for data privacy, or to generate a key. Symmetric and hash algorithms are intended for protecting data for either integrity reasons (protect from change) or privacy reasons (protect from viewing). Hash algorithms are used primarily for data integrity.Here is a list of recommended algorithms by application:
- Data privacy: (Symmetric (secret-key) encryption)
- Data integrity: (Hash-based Message Authentication Code)
- Digital signature:
- Key exchange: (Asymmetric (public-key) encryption)
- Random number generation:
- Generating a key from a password:
AesCryptoServiceProvider vs AesManaged
Aes is inherited by two classes: AesCryptoServiceProvider and AesManaged. The AesCryptoServiceProvider class is a wrapper around the Windows Cryptography API (CAPI) implementation of Aes, whereas the AesManaged class is written entirely in managed code. There is also a third type of implementation, Cryptography Next Generation (CNG), in addition to the managed and CAPI implementations. An example of a CNG algorithm is ECDiffieHellmanCng. CNG algorithms are available on Windows Vista and later.You can choose which implementation is best for you. The managed implementations are available on all platforms that support the .NET Framework. The CAPI implementations are available on older operating systems, and are no longer being developed. CNG is the very latest implementation where new development will take place. However, the managed implementations are not certified by the Federal Information Processing Standards (FIPS), and may be slower than the wrapper classes.