System.Security.Cryptography for Windows Store and Windows Phone? Yes!

  |   Lukas Pokorny

When .NET Framework was released in early 2002, it introduced System.Security.Cryptography namespace that provides a set of cryptographic objects for common algorithms such as RSA, DSA, SHA-1, MD5, 3DES, Rijndael (which later became AES), and more. Although this API is not very pretty (and breaks .NET's own capitalization rules for acronyms), it's well known and widely used. It's still available in .NET 4.0/4.5/4.6 and features even more algorithms such as SHA-2.

No longer part of the "modern" API?

Unfortunately, in 2012, Microsoft introduced a new Windows Runtime API, intended to be used by both classic Windows applications and the Windows Store ("Metro", or "Modern UI") applications.
Although .NET Framework supports this new platform as well, a very large portion of its good old API is not available there. This includes:

  • most of System.IO
  • System.Net.Sockets
  • System.Security.Cryptography

An equivalent functionality is now provided by the new Windows.* namespaces (such as Windows.Security.Cryptography), but they feature a completely different API that lacks many features of its older counterpart. To make things even more difficult, Windows.Security.Cryptography was not available in Windows Phone 8.0 (it appeared in Windows Phone 8.1, fortunately).

Although the new API can be used in "classic" .NET applications as well, it's only available in Windows 8.0 or higher, which means that:

  1. Porting existing cryptograhpic .NET applications to Windows Store and Windows Phone 8.1 is problematic - in fact, it's much more difficult than porting to Android or iOS through Xamarin and Mono.
  2. When creating new cryptographic applications, you have to write two versions of cryptographic code - one for Windows 7 or earlier, and the other for Windows Store / Windows Phone 8.1.

Bring it back!

Fortunately, in many cases, you can now get rid of both of these problems by using our new Rebex Cryptography library that reimplements many parts of the missing System.Security.Cryptography functionality on top of Windows.Security.Cryptography and Rebex Security and is available for free.

It brings back the good old RSACryptoServiceProvider, DSACryptoServiceProvider, RandomNumberGenerator, Rfc2898DeriveBytes, RijndaelManaged, AesCryptoServiceProvider, TripleDESCryptoServiceProvider, MD5CryptoServiceProvider, DeriveBytes, CryptoStream objects, and more!

Need to calculate a hash? Just download it, add reference to Rebex.Security.dll to your project, and simply write code the way you used to until 2012:

// create an instance of SHA-256 hash algorithm object
using (var sha2 = SHA256.Create())  
        // compute hash value of sample emssage
        byte[] data = Encoding.UTF8.GetBytes("Sample message.");
        byte[] hash = sha2.ComputeHash(data);
        // ...

Or perhaps verify an RSA signature? Then try this:

// verify signature using the public key
bool valid;  
using (var rsa = new RSACryptoServiceProvider())  
        valid = rsa.VerifyData(data, SHA1.Create(), signature);

There are more samples available at Rebex Labs, but they are not usually needed - the library does not provide anything new, it just brings back what has been removed. Or at least most of it. If the class you need is not available yet, please let us know!

Showcase your application on Rebex.Net

Have you created an interesting application using Rebex components? Would you like to share your development experience with the world? To include your app in our App Showcase, please contact us at