In .NET Core 2.1, the following enhancements are added to the cryptography APIs.
SignedCms class enables the signing and verifying of CMS/PKCS #7 messages.
SignedCmsclass in the .NET Framework.
The Cryptographic Message Syntax RFC specifies the following MIME types and file name extensions for CMS/PKCS #7 messages with these content types.
|Content type||MIME type||Extension|
New overloads of the following methods accept a hash algorithm identifier to enable callers to get certificate thumbprint values using algorithms other than SHA-1.
X509Certificate.GetCertHash: Returns the hash value for the X.509v3 certificate computed by using the specified cryptographic hash algorithm.
X509Certificate.GetCertHashString: Returns a hexadecimal string containing the hash value for the X.509v3 certificate computed using the specified cryptographic hash algorithm.
Span<T> based cryptography APIs are available for hashing, HMAC, cryptographic random number generation, asymmetric signature generation, asymmetric signature processing, and RSA encryption.
The performance of
System.Security.Cryptography.Rfc2898DeriveBytes has improved by about 15% by using a
Span<T> based implementation.
System.Security.Cryptography.CryptographicOperations class includes two new methods.
FixedTimeEqualstakes a fixed amount of time to return for any two inputs of the same length, which making suitable for use in cryptographic verification to avoid contributing to timing side-channel information.
ZeroMemoryis a memory-clearing routine that cannot be optimized.
RandomNumberGenerator.Fill method fills a
Span<T> with random values.
System.Security.Cryptography.Pkcs.EnvelopedCms is now supported on Linux and macOS.
Elliptic-Curve Diffie-Hellman (ECDH) is now available in the
System.Security.Cryptography.ECDiffieHellman class family.
The instance returned by
RSA.Create can encrypt or decrypt with OAEP using a SHA-2 digest, as well as generate or validate signatures using RSA-PSS.