Microsoft cranks up encryption in .Net Framework

Posted on 04-08-2016 , by: admin , in , 0 Comments

Microsoft has released .Net Framework 4.6.2, tightening security in multiple areas, including the BCL (Base Class Library). The new version also makes improvements to the SQL client, Windows Communication Foundation, the CLR (Common Language Runtime), and the ASP.Net web framework.

The security focus in the BCL impacts PKI capabilities, and X.509 certificates now support the FIPS 186-3 digital signature algorithm. “This support enables X.509 certificates with keys that exceed 1024-bit,” Microsoft’s Stacey Haffner said. “It also enables computing signatures with the SHA-2 family of hash algorithms (SHA256, SHA384, and SHA512).”

The library also supports persisted-key symmetric encryption. “The Windows Cryptography Library (CNG) supports storing persisted symmetric keys on software and hardware devices. The .Net Framework now exposes this CNG capability,” said Haffner.

In the SQL client, the .Net Framework Data Provider for SQL Server — System.Data.SqlClient — introduces enhancements for the Always Encrypted feature for protecting sensitive data, such as credit card numbers. To improve performance, encryption metadata for query parameters is now cached, and for security, column encryption key entries in the key cache are evicted after a configurable time interval.