ProtectApp .NET to CADP for .NET Core

Prerequisites

CipherTrust Manager is up and running at a supported version. For more details, refer to CipherTrust Manager Deployment.
The CADP for .NET Core library is built on .NET standard 2.1. Click here to refer the supported .NET/.NET Core application versions.
Recommended version: NET 6.0 or higher.
The supported version should be installed on your machine.
While updating your application to the supported version, ensure to:
1. Update all the Microsoft libraries used in the project.
2. Update dependent projects and libraries to the supported version.

Supported Versions

Current Setup

Product	Version
ProtectApp .NET	8.11.0
KeySecure Classic	8.5.0 or higher

Target Setup

Product	Version
CADP for .NET Core	8.12.0, 8.13.0, or 8.14.0
CipherTrust Manager	2.2 or higher

Installation Steps

Back up the ProtectAppForDotNet.properties file. By default, this file is placed at C:\Program Files\SafeNet ProtectApp\DotNet\ProtectAppForDotNet.properties in Registry.
Remove the old references of ProtectApp .NET Library from your project.
1. In Visual Studio, go to Solution Explorer > References and remove the reference of ingdnp.dll.
2. Comment out the "using Ingrian.Security.Cryptography;" line in your project. This will give build errors.
Add the CipherTrust.CADP.NETCore package to your project. For details, refer to Adding NuGet Package to the Project. All the dependent libraries will be downloaded automatically to the default NuGet installation directory C:\Users\%UserName%\.nuget\packages\ciphertrust.cadp.netcore\<product-version>\.
Configure the CADP.NETCore_Properties.xml file (placed at C:\Users\%UserName%\.nuget\packages\ciphertrust.cadp.netcore\<product-version>\content\) similar to the old properties file (backed-up in step 1).

After performing the above steps, you can now change your application as described in the subsequent sections.

Properties File

The following table compares the parameters in ProtectApp .NET and CADP for .NET Core properties files. We have only listed the differences in both files.

The following parameters have been renamed in CADP for .NET Core.
- Cert_File is renamed to ClientCert.
- Symmetric_Key_Cache_Expiry is renamed to Key_Cache_Expiry.
Default file locations are:
- ProtectApp .NET: C:\Program Files\SafeNet ProtectApp\DotNet\ProtectAppForDotNet.properties
- CADP for .NET Core: C:\Users\%UserName%\.nuget\packages\ciphertrust.cadp.netcore\<product-version>\content

Version 8.14.0

Property Name	ProtectApp .Net	CADP for .NET Core
FIPS_Mode	Yes	No
KMIP_Spec_File	Yes	No
KMIP_IP	Yes	No
KMIP_Port	Yes	No
Cipher_Spec	Yes	No
Cert_File_Location	Yes	No
EToken_Name	Yes	No
EToken_Password	Yes	No
Key_File	Yes	No
EvpContext_Idle_Timeout	Yes	No
Ignore_DNS_Resolution_Failure	Yes	No
FPE_Unicode_File	Yes	No

Version 8.13.0

Property Name	ProtectApp .Net	CADP for .NET Core
FIPS_Mode	Yes	No
KMIP_Spec_File	Yes	No
KMIP_IP	Yes	No
KMIP_Port	Yes	No
Cipher_Spec	Yes	No
Cert_File_Location	Yes	No
EToken_Name	Yes	No
EToken_Password	Yes	No
Key_File	Yes	No
EvpContext_Idle_Timeout	Yes	No
Persistent_Cache_Enabled	Yes	No
Persistent_Cache_Directory	Yes	No
Persistent_Cache_Expiry_Keys	Yes	No
Persistent_Cache_Max_Size	Yes	No
Ignore_DNS_Resolution_Failure	Yes	No
FPE_Unicode_File	Yes	No

Version 8.12.0

Property Name	ProtectApp .Net	CADP for .NET Core
FIPS_Mode	Yes	No
KMIP_Spec_File	Yes	No
KMIP_IP	Yes	No
KMIP_Port	Yes	No
Syslog_Server_IP	Yes	No
Syslog_Server_Port	Yes	No
Syslog_Server_Protocol	Yes	No
Syslog_no_of_retries	Yes	No
Syslog_Retry_Interval	Yes	No
Syslog_Retry_Limit	Yes	No
Syslog_CA	Yes	No
Syslog_Cert	Yes	No
Syslog_Key	Yes	No
Syslog_Passphrase	Yes	No
Cipher_Spec	Yes	No
Cert_File_Location	Yes	No
EToken_Name	Yes	No
EToken_Password	Yes	No
Key_File	Yes	No
EvpContext_Idle_Timeout	Yes	No
Persistent_Cache_Enabled	Yes	No
Persistent_Cache_Directory	Yes	No
Persistent_Cache_Expiry_Keys	Yes	No
Persistent_Cache_Max_Size	Yes	No
Ignore_DNS_Resolution_Failure	Yes	No
FPE_Unicode_File	Yes	No

Limitations

This section lists limitations in CADP for .NET Core.

Version 8.14.0

Configuration Parameters
Cipher_Spec and Ignore_DNS_Resolution_Failure are not supported.
Crypto operations
Sign and Verify certificates in CMS format, Execution of Bulk operation on passed IV list, inDataList (input data list), UserSpecList for any Key, Random Load Balancing, and FPE Formats are not supported.
Key Management
AES Key Wrapping, Deriving any symmetric key from any symmetric key, Modifying Group Permissions for a Key, and Importing Symmetric and Asymmetric Key are not supported.
ExportWrappedAESKey API has limited support in CADP for .NET Core. You can only export symmetric key bytes wrapped with RSA key bytes. ECC, TDES, and AES are not supported.
DN_T_KeyLifecycleState is not supported in SetKeyParameter.
NAE Certificate Management
Exporting a CA Chain, Deleting a Certificate, ExportCertificate, GetKeyNames, and Retrieves a list of key names that are accessible by the authenticated user are not supported.
Algorithms
DES algorithms are not supported.
For EC keys, encryption and decryption is not supported.
MAC and Verify For MAC
For versioned keys, the MAC generated using ProtectApp .NET in local mode with ComputeHash API doesn't match the MAC generated by CADP for .NET Core. This leads to the failure of MACverify using CADP for .NET Core.
Below are the possible workarounds:
Workaround 1
You can use this workaround if all the data is hashed using the latest key version.
1. Clone the latest key version and rename the cloned key. For example, clone the "pa_net_key_latest_version" key and change its name to "cadp_net_core_key".
2. Clear the Versioned Key check box under NAE tab for the new cloned key ("cadp_net_core_key").
3. Use the key ("cadp_net_core_key") in CADP for .NET Core for the MACVerify operation.
Workaround 2
Rehash the original data using ProtectApp .NET in remote mode before migrating to CADP for .NET Core.

Version 8.13.0

Configuration Parameters
Persistent Key Cache-related parameters, Cipher_Spec, and Ignore_DNS_Resolution_Failure are not supported.
Crypto operations
CryptoDataUtility, Sign and Verify certificates in CMS format, Execution of Bulk operation on passed IV list, inDataList (input data list), UserSpecList for any Key, Random Load Balancing, and FPE Formats are not supported.
Key Management
AES Key Wrapping, Deriving any symmetric key from any symmetric key, Key Group Permissions and Modifying Group Permissions for a Key, and Importing Symmetric and Asymmetric Key are not supported.
ExportWrappedAESKey API has limited support in CADP for .NET Core. You can only export symmetric key bytes wrapped with RSA key bytes. ECC, TDES, and AES are not supported.
DN_T_KeyLifecycleState is not supported in SetKeyParameter.
NAE Certificate Management
Exporting a CA Chain, Deleting a Certificate, ExportCertificate, GetKeyNames, and Retrieves a list of key names that are accessible by the authenticated user are not supported.
Algorithms
EC and DES algorithms are not supported.
MAC and Verify For MAC
For versioned keys, the MAC generated using ProtectApp .NET in local mode with ComputeHash API doesn't match the MAC generated by CADP for .NET Core. This leads to the failure of MACverify using CADP for .NET Core.
Below are the possible workarounds:
Workaround 1
You can use this workaround if all the data is hashed using the latest key version.
1. Clone the latest key version and rename the cloned key. For example, clone the "pa_net_key_latest_version" key and change its name to "cadp_net_core_key".
2. Clear the Versioned Key check box under NAE tab for the new cloned key ("cadp_net_core_key").
3. Use the key ("cadp_net_core_key") in CADP for .NET Core for the MACVerify operation.
Workaround 2
Rehash the original data using ProtectApp .NET in remote mode before migrating to CADP for .NET Core.

Version 8.12.0

Configuration Parameters
Syslog-related parameters, Persistent Key Cache-related parameters, Cipher_Spec, and Ignore_DNS_Resolution_Failure are not supported.
Crypto operations
CryptoDataUtility, Sign and Verify certificates in CMS format, Execution of Bulk operation on passed IV list, inDataList (input data list), UserSpecList for any Key, Random Load Balancing, and FPE Formats are not supported.
Key Management
AES Key Wrapping, Deriving any symmetric key from any symmetric key, Key Group Permissions and Modifying Group Permissions for a Key, and Importing Symmetric and Asymmetric Key are not supported.
DN_T_KeyLifecycleState is not supported in SetKeyParameter.
ExportWrappedAESKey API has limited support in CADP for .NET Core. You can only export symmetric key bytes wrapped with RSA key bytes. ECC, TDES, and AES are not supported.
NAE Certificate Management
Exporting a CA Chain, Deleting a Certificate, ExportCertificate, GetKeyNames, and Retrieves a list of key names that are accessible by the authenticated user are not supported.
Algorithms
EC and DES algorithms are not supported.
MAC and Verify For MAC
For versioned keys, the MAC generated using ProtectApp .NET in local mode with ComputeHash API doesn't match the MAC generated by CADP for .NET Core. This leads to the failure of MACverify using CADP for .NET Core.
Below are the possible workarounds:
Workaround 1
You can use this workaround if all the data is hashed using the latest key version.
1. Clone the latest key version and rename the cloned key. For example, clone the "pa_net_key_latest_version" key and change its name to "cadp_net_core_key".
2. Clear the Versioned Key check box under NAE tab for the new cloned key ("cadp_net_core_key").
3. Use the key ("cadp_net_core_key") in CADP for .NET Core for the MACVerify operation.
Workaround 2
Rehash the original data using ProtectApp .NET in remote mode before migrating to CADP for .NET Core.

Deprecated Support

FIPS_Mode
KMIP
EvpContext_Idle_Timeout
EToken_Name, EToken_Password
FPE_Unicode_File
Note
You can directly provide the charset range in the application.

Mapping Legacy Calls to CADP for .NET Core

Class Replacements

Version 8.14.0

ProtectApp .NET	CADP for .NET Core	References
NAESession	NaeSession	CADP.NetCore.Sessions;
NAEException	NaeException	CADP.NetCore.ExceptionHandler;
NAERijndaelKey	NaeRijndaelKey	CADP.NetCore.Crypto;
Rijndael	NaeRijndaelKey	CADP.NetCore.Crypto;
NAEFPE	NaeFpe	CADP.NetCore.Crypto;
FPE_Cardinality.CARD10	NaeFpe.Cardinality.CARD10	CADP.NetCore.Crypto; New enum is introduced for Cardinality.
FPE_Cardinality.CARD62	NaeFpe.Cardinality.CARD62	CADP.NetCore.Crypto;
FPE_Cardinality.CARD26	NaeFpe.Cardinality.CARD26	CADP.NetCore.Crypto;
NAEAESGCM	NaeAesGcm	CADP.NetCore.Crypto;
NAEHMACSHA1	NaeHmacKey	CADP.NetCore.Crypto;
HMAC	NaeHmacKey	CADP.NetCore.Crypto;
NAERSAKey	NaeRsaKey	CADP.NetCore.Crypto;
NAEKeyManagement	NaeKeyManagement	CADP.NetCore.KeyManagement;
NAEECKey	NaeECIESKey	CADP.NetCore.Crypto
NAEECKey.I_T_Curve_ID.I_T_prime256v1	NaeECIESKey.SupportedCurves.prime256v1_256	CADP.NetCore.Crypto

Version 8.13.0

ProtectApp .NET	CADP for .NET Core	References
NAESession	NaeSession	CADP.NetCore.Sessions;
NAEException	NaeException	CADP.NetCore.ExceptionHandler;
NAERijndaelKey	NaeRijndaelKey	CADP.NetCore.Crypto;
Rijndael	NaeRijndaelKey	CADP.NetCore.Crypto;
NAEFPE	NaeFpe	CADP.NetCore.Crypto;
FPE_Cardinality.CARD10	NaeFpe.Cardinality.CARD10	CADP.NetCore.Crypto; New enum is introduced for Cardinality.
FPE_Cardinality.CARD62	NaeFpe.Cardinality.CARD62	CADP.NetCore.Crypto;
FPE_Cardinality.CARD26	NaeFpe.Cardinality.CARD26	CADP.NetCore.Crypto;
NAEAESGCM	NaeAesGcm	CADP.NetCore.Crypto;
NAEHMACSHA1	NaeHmacKey	CADP.NetCore.Crypto;
HMAC	NaeHmacKey	CADP.NetCore.Crypto;
NAERSAKey	NaeRsaKey	CADP.NetCore.Crypto;
NAEKeyManagement	NaeKeyManagement	CADP.NetCore.KeyManagement;

Version 8.12.0

ProtectApp .NET	CADP for .NET Core	References
NAESession	NaeSession	CADP.NetCore.Sessions;
NAEException	NaeException	CADP.NetCore.ExceptionHandler;
NAERijndaelKey	NaeRijndaelKey	CADP.NetCore.Crypto;
Rijndael	NaeRijndaelKey	CADP.NetCore.Crypto;
NAEFPE	NaeFpe	CADP.NetCore.Crypto;
FPE_Cardinality.CARD10	NaeFpe.Cardinality.CARD10	CADP.NetCore.Crypto; New enum is introduced for Cardinality.
FPE_Cardinality.CARD62	NaeFpe.Cardinality.CARD62	CADP.NetCore.Crypto;
FPE_Cardinality.CARD26	NaeFpe.Cardinality.CARD26	CADP.NetCore.Crypto;
NAEAESGCM	NaeAesGcm	CADP.NetCore.Crypto;
NAEHMACSHA1	NaeHmacKey	CADP.NetCore.Crypto;
HMAC	NaeHmacKey	CADP.NetCore.Crypto;
NAERSAKey	NaeRsaKey	CADP.NetCore.Crypto;
NAEKeyManagement	NaeKeyManagement	CADP.NetCore.KeyManagement;

API Call Replacements

Create an NAE Session

ProtectApp .NET	CADP for .NET Core
Property File is read from Registry.	After installing the NuGet package, the new properties file is available at the default installation location of the NuGet package. For more details, refer to Create an NAE Session. For sample, refer to CryptoOpRijndael.
new NAESession(sUsername, password.ToString());	var propertyFilePath = @"C:\Users\%UserName%.nuget\packages\ciphertrust.cadp.netcore\\content\CADP.NETCore_Properties.xml"; new NaeSession(sUsername, password.ToString(), propertyFilePath);

Get Keys

ProtectApp .NET	CADP for .NET Core
key = (Rijndael)session.GetKey("SafeNet_example_Rijndael_key");	Use NaeKeyManagement API to get a key. NaeKeyManagement nkm = new NaeKeyManagement(session); key = (NaeRijndaelKey)nkm.GetKey("SafeNet_example_Rijndael_key"); For more details, refer to Getting an Instance of a Key Object and Alternative Method to Get an Instance of a Key Object. For sample, refer to CryptoOpRijndael.

ProtectApp .NET

CADP for .NET Core

key = (Rijndael)session.GetKey("SafeNet_example_Rijndael_key");

Use NaeKeyManagement API to get a key.

NaeKeyManagement nkm = new NaeKeyManagement(session);

key = (NaeRijndaelKey)nkm.GetKey("SafeNet_example_Rijndael_key");

For more details, refer to Getting an Instance of a Key Object and Alternative Method to Get an Instance of a Key Object.
For sample, refer to CryptoOpRijndael.

Export Keys

ProtectApp .NET	CADP for .NET Core
keyMngmt.ExportSymmetricKey(session, keyName, keyBytes);	keyMngmt.ExportKey(keyName, NaeKeyManagement.KeyType.None); To export a key, pass key name and its type using enum NaeKeyManagement.KeyType. The key type can be public, private, or both. For more details, refer to Exporting a Key.
keyMngmt.ExportSymmetricKey(session, keyName, keyBytes);	keyMngmt.ExportKey(keyName, true, NaeKeyManagement.KeyType.None); To export all versions of the versioned key, pass value as `true`. For more details, refer to Exporting all Versions of a Versioned Key.
NAERSAKey obj = new NAERSAKey(session,”KeyName”); RSAParameters rsaParam = obj.ExportParameters(true); If the boolean value `includePrivateParameters` is `true`, both the public and private parts of the key are exported. If the value is false, only the public part of the key is exported.	keyMngmt.ExportKey(keyName, NaeKeyManagement.KeyType.Public); This will export public part of the key.Use `NaeKeyManagement.KeyType.PublicPrivate` to export both the public and private parts of the key. For more details, refer to Exporting a Key. For versioned key, refer to Exporting all Versions of a Versioned Key.

Get Attributes of Keys

ProtectApp .NET	CADP for .NET Core
keyMngmt.GetKeyAttributes(session, keyname);	Dictionary<string, object> SystemAttr = new Dictionary<string, object>(); Dictionary<string, object> CustomAttr = new Dictionary<string, object>(); keyMngmt.GetKeyAttributes(keyname, SystemAttr, CustomAttr); Pass both the dictionaries to fill in the attributes. For more details, refer to Getting Attributes of a Key. For sample, refer to NaeKeyManagement.
string result = keyMngmt.FindInAttributeList("Versioned", (int)DN_T_NAEKeyAttributeType.System);	var result = SystemAttr["Versioned"]; The `SystemAttr` is a dictionary; therefore, it returns all the attributes as key-value pairs.
keyMngmt.FindInAttributeList("Algorithm", (int)DN_T_NAEKeyAttributeType.System);	var result = SystemAttr["Algorithm"]; The `SystemAttr` is a dictionary; therefore, it returns all the attributes as key-value pairs.
keyMngmt.SetKeyParameters(session, keyname, (int)DN_T_KeyParameterTypeEnum.DN_T_KeyLifecycleState,(int)DN_T_KeyParameterValueEnum.DN_T_KeyParameter_State_Retired);	keyMngmt.SetKeyParameter( keyname, NaeKeyManagement.KeyParameterType.KeyVersion, NaeKeyManagement.KeyParameterValue.VersionIncrement); Use `enum NaeKeyManagement.KeyParameterType.KeyVersion` and `NaeKeyManagement.KeyParameterValue.VersionIncrement` to increment the key version. For more details, refer to Creating a New Version of the Versioned Key.

Delete Keys

ProtectApp .NET	CADP for .NET Core
NAEKeyManagement keyMngmt = new NAEKeyManagement(); keyMngmt.DestroyKey(session, keyName);	NaeKeyManagement nkm = new NaeKeyManagement(session); keyMngmt.DeleteKey(keyName); For more details, refer to Deleting a Key using the Key Name.

Export Wrapped Keys

ProtectApp .NET	CADP for .NET Core
NAEKeyManagement naeKeyMgmt = new NAEKeyManagement(); NAEKeyBytes pubKeyBytes = new NAEKeyBytes(); naeKeyMgmt.ExportObject(session,"SafeNet_example_RSA_key",NAEKeyManagement.ExportReqType.ERT_PUBLIC_KEY,NAEKeyManagement.ExportFormat.PEM_PKCS1, null, pubKeyBytes); NAEKeyBytes wrappedBytes = new NAEKeyBytes(); naeKeyMgmt.ExportWrappedKey(session,"SafeNet_example_Rijndael_key", pubKeyBytes.keyBytes, KeyWrapFormat.RAW_PKCS1v15, wrappedBytes);	NaeKeyManagement nkm = new NaeKeyManagement(session); var aesKey = (NaeRijndaelKey)GetOrGenerateKey(nkm, session, wrapKeyName, KeyType.AES); var rsakey = (NaeRsaKey)GetOrGenerateKey(nkm, session, wrappingKeyName, KeyType.RSA); Var exportedpublicBytes = nkm.ExportKey(wrappingKeyName, NaeKeyManagement.KeyType.Public); var exportedFinalBytes = nkm.ExportWrappedKey(wrapKeyName, exportedpublicBytes, NaeKeyManagement.KeyWrapFormat.PKCS1v15); For more details, refer to Exporting a Wrapped Key. For sample, refer to ExportWrappedKey.

ProtectApp .NET

CADP for .NET Core

NAEKeyManagement naeKeyMgmt = new NAEKeyManagement();
NAEKeyBytes pubKeyBytes = new NAEKeyBytes();
naeKeyMgmt.ExportObject(session,"SafeNet_example_RSA_key",NAEKeyManagement.ExportReqType.ERT_PUBLIC_KEY,NAEKeyManagement.ExportFormat.PEM_PKCS1, null, pubKeyBytes);

NAEKeyBytes wrappedBytes = new NAEKeyBytes();

naeKeyMgmt.ExportWrappedKey(session,"SafeNet_example_Rijndael_key", pubKeyBytes.keyBytes, KeyWrapFormat.RAW_PKCS1v15, wrappedBytes);

NaeKeyManagement nkm = new NaeKeyManagement(session);
var aesKey = (NaeRijndaelKey)GetOrGenerateKey(nkm, session,
wrapKeyName, KeyType.AES); var rsakey = (NaeRsaKey)GetOrGenerateKey(nkm, session, wrappingKeyName, KeyType.RSA);
Var exportedpublicBytes = nkm.ExportKey(wrappingKeyName, NaeKeyManagement.KeyType.Public);
var exportedFinalBytes = nkm.ExportWrappedKey(wrapKeyName, exportedpublicBytes, NaeKeyManagement.KeyWrapFormat.PKCS1v15);

For more details, refer to Exporting a Wrapped Key.
For sample, refer to ExportWrappedKey.

Encryption and Decryption

AES/GCM

ProtectApp .NET	CADP for .NET Core
NAEAESGCM AesGcm = new NAEAESGCM(session, keyName);	NaeAesGcm AesGcm = new NaeAesGcm(session, keyName, TAG_LENGTH); If key is already created, the `Tag_length` should be provided while creating the NaeAesGcm() object. For more details, refer to NaeAesGcm. For sample, refer to CryptoOpAesGcm.
UserSpec userSpec = new UserSpec(); userSpec.InitializeAESGCM(DEFAULT_AAD, TAG_LENGTH); AesGcm.SetUserSpec(userSpec);	Since `InitializeAESGCM()` is not present; therefore, the `AAD_Data` needs to be provided when performing any crypto operation such as Encrypt and Decrypt. Also, the `UserSpec` cannot be used to initialize TagLength and AAD Data (Tag length supported is 12 to 16). For more details, refer to AES/GCM.
AesGcm.IV = iv;	Passed during the encrypt and decrypt calls. The IV should be 12 bytes.
Remove all `CreateEncryptor()` along with MemoryStream and CryptoStream.	byte[] authtag = null; encrBytes = AesGcm.Encrypt(iv, toEncrypt, out authtag, Encoding.ASCII.GetBytes(DEFAULT_AAD)); This tag will return with encrypted data and should be passed while decrypting. The AAD data will be passed in Encrypt() and is exposed in the aes gcm class object.
Remove all `CreateDecryptor()` along with MemoryStream and CryptoStream.	decrBytes = AesGcm.Decrypt(iv, toDecrypt, authtag, Encoding.ASCII.GetBytes(DEFAULT_AAD));

FPE

ProtectApp .NET	CADP for .NET Core
userSpec.InitializeFPE("NONE", "012345678901abcf");	UserSpec userSpec = new UserSpec(); userSpec.TweakAlgo = "NONE"; userSpec.TweakData = "012345678901abcf"; Since `InitializeFPE` is not provided in UserSpec; therefore, create object and provide TweakData and TweakAlgo. For more details, refer to NaeFpe and Format Preserving Encryption. For sample, refer to CryptoOpFpe.
fpe = new NAEFPE(session, keyName, FPE_CryptographicAlgo.AES, FPE_Cardinality.CARD10, userSpec);	fpe = new NaeFpe(session, keyName, NaeFpe.AlgorithmName.FPE_AES_CARD10, userSpec); To use FPE/AES/CARD10, use `NaeFpe.AlgorithmName.FPE_AES_CARD10` enum. FPE has many variants such as FF1v2 and FF3. For more details, refer to FPE/AES.

RSA

ProtectApp .NET	CADP for .NET Core
String sEncrypted = Convert.ToBase64String(key.Encrypt(inputBytes, false));	String sEncrypted = Convert.ToBase64String(key.Encrypt(inputBytes, RSAEncryptionPadding.Pkcs1)); Provide the "RSAEncryptionPadding" enum value. For more details, refer to Encrypt a String Using an RSA Key and NaeRSAKey. For sample, refer to CryptoOpRSAEncDec.
byte[] outputBytes = key.Decrypt(inputBytes, false);	byte[] outputBytes = key.Decrypt(inputBytes, RSAEncryptionPadding.Pkcs1); Provide the "RSAEncryptionPadding" enum value. For more details, refer to Decrypt a String Using an RSA Key and RSA.

Sign and Verify

RSA

ProtectApp .NET	CADP for .NET Core
byte[] signedBytes = key.SignData(dataToSign, "SHA1withRSA");	byte[] signedBytes = key.SignData(dataToSign, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); Pass the Hash Algorithm and RSA Sign Padding. For more details, refer to Sign and SignVerify Data using an RSA Key and NaeRSAKey. For sample, refer to CryptoOpRsaSignVerify.
bool signVerified = key.SignVerify(inputBytes, signedBytes, "SHA1withRSA");	bool signVerified = key.VerifyData(inputBytes, signedBytes, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); Pass the Hash Algorithm and RSA Sign Padding. For more details, refer to RSA.
byte[] macBytes = key.Mac(inputBytes, "HmacSHA1");	byte[] macBytes = key.GenerateMac(inputBytes); Hash Algorithm is already passed when key is created.
bool macVerified = key.MacVerify(inputBytes, macBytes, "HmacSHA1");	bool macVerified = key.VerifyMac(inputBytes, macBytes); Hash Algorithm is already passed when key is created.

EC (Applicable for 8.14.0)

ProtectApp .NET CADP for .NET Core

ProtectApp .NET	CADP for .NET Core
key.SignData(dataToSign, "SHA1withECDSA");	key.SignData(dataToSign, HashAlgorithmName.SHA1); Pass the Hash Algorithm. For more details, refer to Supported Algorithms. For sample, refer to CryptoOpECSignVerify.cs. For EC keys, encryption and decryption is not supported.
key.SignVerify(inputBytes, signedBytes, algoName);	key.VerifyData(inputBytes, 0, inputBytes.Length, signedBytes, HashAlgorithmName.SHA1);
key = new NaeECIESKey(session, keyName);	NaeKeyManagement nkm = new NaeKeyManagement(session); key = (NaeECIESKey)nkm.GetKey(keyName); NaeECIESKey ecKey = new NaeECIESKey(session, NaeECIESKey.SupportedCurves.brainpoolP224r1_224); NOTE: `ecKey.CurveID = (int)(NaeECIESKey.SupportedCurves.brainpoolP224r1_224);` To set the curve, pass the value in NaeECIESkey constructor. Setting the value using "CurveID" property is not supported.

key.SignData(dataToSign, "SHA1withECDSA");

key.SignData(dataToSign, HashAlgorithmName.SHA1);

Pass the Hash Algorithm.
For more details, refer to Supported Algorithms.
For sample, refer to CryptoOpECSignVerify.cs.
For EC keys, encryption and decryption is not supported.

key.SignVerify(inputBytes, signedBytes, algoName);

key.VerifyData(inputBytes, 0, inputBytes.Length, signedBytes, HashAlgorithmName.SHA1);

key = new NaeECIESKey(session, keyName);

NaeKeyManagement nkm = new NaeKeyManagement(session);
key = (NaeECIESKey)nkm.GetKey(keyName);
NaeECIESKey ecKey = new NaeECIESKey(session, NaeECIESKey.SupportedCurves.brainpoolP224r1_224);

NOTE:
ecKey.CurveID = (int)(NaeECIESKey.SupportedCurves.brainpoolP224r1_224);
To set the curve, pass the value in NaeECIESkey constructor. Setting the value using "CurveID" property is not supported.

Mac and Verify for HMAC

ProtectApp .NET	CADP for .NET Core
NAEHMACSHA1 HmacSHAkey = new NAEHMACSHA1(session, "SafeNET_HMAC_example_key");	NaeHmacKey HmacSHAkey = new NaeHmacKey(session,HmacAlgo.HmacSHA1,SafeNet_HMAC_example_key"); Since NaeHmacKey supports multiple HMAC Algorithms; therefore, enum can be passed with multiple values. For more details, refer to HMAC-SHA.
NAEHMACSHA1 HmacSHAkey = new NAEHMACSHA1(session);	NaeHmacKey HmacSHAkey = new NaeHmacKey(session, HmacAlgo.HmacSHA1) For more details, refer to MAC/Hash-related Calls. For sample, refer to CryptoOpMacVerify.
byte[] mac = hmacKey.ComputeHash(inputBytes);	Same as ProtectApp .NET.
Not applicable.	byte[] hashGenerateMac = key.GenerateMac(inputBytes); This is a new method exposed to Generate MAC.
Not applicable.	bool answer = key.VerifyMac(inputBytes, hashGenerateMac); The input bytes and Mac are passed to the VerifyMac() function, it returns true if hash matches else false is returned. For more details, refer to Generate and Verify MAC.

ProtectApp .NET to CADP for .NET Core

Prerequisites

Supported Versions

Current Setup

Target Setup

Installation Steps

Properties File

Limitations

Deprecated Support

Mapping Legacy Calls to CADP for .NET Core

Class Replacements

API Call Replacements

Create an NAE Session

Get Keys

Export Keys

Get Attributes of Keys

Delete Keys

Export Wrapped Keys

Encryption and Decryption

Sign and Verify

Mac and Verify for HMAC

On this page

Suggest A Change