diff --git a/xml/System.Security.Cryptography/ECDiffieHellman.xml b/xml/System.Security.Cryptography/ECDiffieHellman.xml
index 25d5a1d3fcd..745b18a8f95 100644
--- a/xml/System.Security.Cryptography/ECDiffieHellman.xml
+++ b/xml/System.Security.Cryptography/ECDiffieHellman.xml
@@ -262,7 +262,7 @@
4.0.0.0
- Derives bytes that can be used as a key using a hash function .
+ Performs key derivation using a specified hash algorithm.
@@ -294,9 +294,9 @@
The other party's public key.
- The hash algorithm to use to derive the key material.
- Derives bytes that can be used as a key using a hash function, given another party's public key and hash algorithm's name.
- The key material from the key exchange with the other party's public key.
+ The hash algorithm to use to derive the key material.
+ Performs key derivation using a specified hash algorithm.
+ The hash of the shared secret.
- is over a different curve than this key.
+ The curve used by has a different size than the curve from this key.
+
+-or-
+
+The parameter does not specify a hash.
+
+
+ is .
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -340,15 +352,37 @@
The other party's public key.
- The hash algorithm to use to derive the key material.
+ The hash algorithm to use to derive the key material.
A value to prepend to the derived secret before hashing.
A value to append to the derived secret before hashing.
- When implemented in a derived class, derives bytes that can be used as a key using a hash function, given another party's public key, hash algorithm's name, a prepend value and an append value.
- The key material from the key exchange with the other party's public key.
- To be added.
+ When implemented in a derived class, performs key derivation using a specified hash algorithm with optional prepended or appended data.
+ The hash of the shared secret after prepending or appending data as requested.
+
+
+
A derived class must override this method.
-
- is over a different curve than this key.
+ The curve used by has a different size than the curve from this key.
+
+-or-
+
+The parameter does not specify a hash.
+
+
+ is .
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -357,7 +391,7 @@
4.0.0.0
- Derives bytes that can be used as a key using a Hash-based Message Authentication Code (HMAC).
+ Performs key derivation using a specified HMAC (Hash-based Message Authentication Code) algorithm.
@@ -392,8 +426,8 @@
The other party's public key.
The hash algorithm to use to derive the key material.
The key for the HMAC.
- Derives bytes that can be used as a key using a Hash-based Message Authentication Code (HMAC).
- The key material from the key exchange with the other party's public key.
+ Performs key derivation using a specified HMAC (Hash-based Message Authentication Code) algorithm.
+ The HMAC of the shared secret.
-
- is over a different curve than this key.
+ The curve used by has a different size than the curve from this key.
+
+-or-
+
+The parameter does not specify a hash.
+
+
+ is .
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -442,12 +487,35 @@
The key for the HMAC.
A value to prepend to the derived secret before hashing.
A value to append to the derived secret before hashing.
- When implemented in a derived class, derives bytes that can be used as a key using a Hash-based Message Authentication Code (HMAC).
- The key material from the key exchange with the other party's public key.
- To be added.
+ When implemented in a derived class, performs key derivation using a specified HMAC (Hash-based Message Authentication Code) algorithm with optional prepended or appended data.
+ The HMAC of the shared secret after prepending or appending data as requested.
+
+
+
A derived class must override this method.
-
- is over a different curve than this key.
+ The curve used by has a different size than the curve from this key.
+
+-or-
+
+The parameter does not specify a hash.
+
+
+ is .
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -483,16 +551,28 @@
The other party's public key.
- Derives bytes that can be used as a key, given another party's public key.
- The key material from the key exchange with the other party's public key.
+ When implemented in a derived class, performs a key derivation on the shared secret.
+ The result of the key derivation function, using the shared secret as an input.
class.
-
+## Remarks
+
+The default behavior of this method is equivalent to calling specifying SHA-256 as the hash algorithm with no prepend or append values.
+Some implementations allow the behavior of this method to be changed,
+and callers are advised to call whichever method explicitly says it performs the key derivation they need.
+
]]>
+
+ The curve used by has a different size than the curve from this key.
+
+ is .
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -527,16 +607,37 @@
The other party's public key.
The ASCII-encoded PRF label.
The 64-byte PRF seed.
- When implemented in a derived class, derives bytes that can be used as a key using a Transport Layer Security (TLS) Pseudo-Random Function (PRF) derivation algorithm.
- The key material from the key exchange with the other party's public key.
- To be added.
+ When implemented in a derived class, performs key derivation using the TLS (Transport Layer Security) 1.1 PRF (Pseudo-Random Function).
+ The first 48 bytes from the TLS 1.1 PRF, using the shared secret as the key.
+
+
+
A derived class must override this method.
- is over a different curve than this key.
+ The curve used by has a different size than the curve from this key.
- or is .
+ , or is .
- is not exactly 64 bytes in length.
+ is not exactly 64 bytes in length.
+
+-or-
+
+The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -757,8 +858,10 @@
The contents of do not represent an ASN.1-BER-encoded PKCS#8 ECPrivateKey structure.
@@ -803,11 +906,13 @@ The key import failed.
The password is incorrect.
@@ -830,8 +935,7 @@ The contents of represent the key in a format that is
-or-
-The algorithm-specific key import failed.
-
+The algorithm-specific key import failed.
@@ -872,6 +976,7 @@ The algorithm-specific key import failed.
When the contents of `source` indicate an algorithm that uses PBKDF1 (Password-Based Key Derivation Function 1) or PBKDF2 (Password-Based Key Derivation Function 2), the password is converted to bytes via the UTF-8 encoding.
This method only supports the binary (BER/CER/DER) encoding of EncryptedPrivateKeyInfo.
If the value is Base64-encoded or in the PEM text format, the caller must Base64-decode the contents before calling this method.
+
]]>
The password is incorrect.
@@ -890,8 +995,7 @@ The contents of represent the key in a format that is
-or-
-The algorithm-specific key import failed.
-
+The algorithm-specific key import failed.
@@ -973,6 +1077,7 @@ The algorithm-specific key import failed.
## Remarks
This method only supports the binary (BER/CER/DER) encoding of PrivateKeyInfo.
If the value is Base64-encoded or in the PEM text format, the caller must Base64-decode the contents before calling this method.
+
]]>
The contents of do not represent an ASN.1-BER-encoded PKCS#8 PrivateKeyInfo structure.
@@ -987,8 +1092,7 @@ The contents of represent the key in a format that is
-or-
-The algorithm-specific key import failed.
-
+The algorithm-specific key import failed.
@@ -1026,6 +1130,7 @@ The algorithm-specific key import failed.
## Remarks
This method only supports the binary (DER) encoding of SubjectPublicKeyInfo.
If the value is Base64-encoded or in the PEM text format, the caller must Base64-decode the contents before calling this method.
+
]]>
The contents of do not represent an ASN.1-DER-encoded X.509 SubjectPublicKeyInfo structure.
@@ -1040,8 +1145,7 @@ The contents of represent the key in a format that is
-or-
-The algorithm-specific key import failed.
-
+The algorithm-specific key import failed.
@@ -1263,14 +1367,14 @@ The algorithm-specific key import failed.
## Remarks
The password bytes are passed directly into the Key Derivation Function (KDF) used by the algorithm indicated by `pbeParameters`.
This enables compatibility with other systems which use a text encoding other than UTF-8 when processing passwords with PBKDF2 (Password-Based Key Derivation Function 2).
+
]]>
The key could not be exported.
-or-
- indicates that should be used, which requires -based passwords.
-
+ indicates that should be used, which requires -based passwords.
@@ -1313,6 +1417,7 @@ The algorithm-specific key import failed.
## Remarks
When `pbeParameters` indicates an algorithm that uses PBKDF2 (Password-Based Key Derivation Function 2), the password is converted to bytes via the UTF-8 encoding.
+
]]>
The key could not be exported.
diff --git a/xml/System.Security.Cryptography/ECDiffieHellmanCng.xml b/xml/System.Security.Cryptography/ECDiffieHellmanCng.xml
index 0477b5b0550..f5482b53bd7 100644
--- a/xml/System.Security.Cryptography/ECDiffieHellmanCng.xml
+++ b/xml/System.Security.Cryptography/ECDiffieHellmanCng.xml
@@ -224,7 +224,7 @@
4.0.0.0
- Derives bytes that can be used as a key using a hash function .
+ Performs key derivation using a specified hash algorithm.
@@ -260,28 +260,26 @@
The other party's public key.
- The hash algorithm to use to derive the key material.
+ The hash algorithm to use to derive the key material.
A value to prepend to the derived secret before hashing.
A value to append to the derived secret before hashing.
- Derives bytes that can be used as a key using a hash function, given another party's public key, hash algorithm's name, a prepend value and an append value.
- The key material from the key exchange with the other party's public key.
-
-
-
+ Performs key derivation using a specified hash algorithm with optional prepended or appended data.
+ The hash of the shared secret after prepending or appending data as requested.
+ To be added.
+ A derived class must override this method.
+ The curve used by has a different size than the curve from this key.
+
+-or-
+
+The parameter does not specify a hash.
+
- is .
-
- is not an ECDH key, or it is not the correct size.
-
- -or-
-
- . is or .
- All other errors.
+ is .
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -331,25 +329,21 @@
The key for the HMAC.
A value to prepend to the derived secret before hashing.
A value to append to the derived secret before hashing.
- Derives bytes that can be used as a key using a Hash-based Message Authentication Code (HMAC).
- The key material from the key exchange with the other party's public key.
-
-
-
+ Performs key derivation using a specified HMAC (Hash-based Message Authentication Code) algorithm with optional prepended or appended data.
+ The HMAC of the shared secret after prepending or appending data as requested.
+ To be added.
+ The curve used by has a different size than the curve from this key.
+
+-or-
+
+The parameter does not specify a hash.
- is .
-
- is not an ECDH key, or it is not the correct size.
-
- -or-
-
- . is or .
- All other errors.
+ is .
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -483,27 +477,24 @@
The other party's public key.
The ASCII-encoded PRF label.
The 64-byte PRF seed.
- Derives bytes that can be used as a key using a Transport Layer Security (TLS) Pseudo-Random Function (PRF) derivation algorithm.
- The key material from the key exchange with the other party's public key.
+ Performs key derivation using the TLS (Transport Layer Security) 1.1 PRF (Pseudo-Random Function).
+ The first 48 bytes from the TLS 1.1 PRF, using the shared secret as the key.
To be added.
-
- is .
-
- -or-
-
- is .
-
- -or-
-
- is .
+ A derived class must override this method.
- is not an ECDH key, or it is not the correct size.
+ The curve used by has a different size than the curve from this key.
+
+ , or is .
- is not exactly 64 bytes in length.
-
- -or-
-
- All other cryptographic errors.
+ is not exactly 64 bytes in length.
+
+-or-
+
+The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -625,8 +616,9 @@
- To be added.
- To be added.
+
+ to release managed and unmanaged resources; to release only unmanaged resources.
+ Releases the resources used by the current instance of the class.
To be added.
@@ -1043,9 +1035,22 @@
System.Int32
- To be added.
- To be added.
- To be added.
+ Gets or sets the size, in bits, of the key modulus used by the asymmetric algorithm.
+ The size, in bits, of the key modulus used by the asymmetric algorithm.
+
+ method.
+
+]]>
+
+
+ is not permitted by .
+
@@ -1109,9 +1114,25 @@
System.Security.Cryptography.KeySizes[]
- To be added.
- To be added.
- To be added.
+ Gets the key sizes, in bits, that are supported by the property setter.
+ An array that contains the key sizes supported by the property setter.
+
+
+
+
@@ -1388,7 +1409,7 @@
## Remarks
-- This value is used for key derivation if the property is set to . By default, the value is `false`.
+This value is used for key derivation if the property is set to . By default, the value is `false`.
]]>
diff --git a/xml/System.Security.Cryptography/ECDiffieHellmanOpenSsl.xml b/xml/System.Security.Cryptography/ECDiffieHellmanOpenSsl.xml
index d1c490cfa71..f0481063d4f 100644
--- a/xml/System.Security.Cryptography/ECDiffieHellmanOpenSsl.xml
+++ b/xml/System.Security.Cryptography/ECDiffieHellmanOpenSsl.xml
@@ -15,8 +15,16 @@
- To be added.
- To be added.
+ Provides an implementation of the Elliptic Curve Diffie-Hellman (ECDH) algorithm backed by OpenSSL.
+
+ factory methods instead of a specific derived implementation.
+
+ ]]>
+
@@ -33,8 +41,18 @@
- To be added.
- To be added.
+ Initializes a new instance of the class with a default curve of NIST P-521/secp521r1.
+
+ method, or other key import method, the key size from this constructor has no meaning.
+
+ ]]>
+
+
@@ -54,9 +72,27 @@
- To be added.
- To be added.
- To be added.
+ The size of the key to generate, when a key is needed.
+ Initializes a new instance of the class defaulting to the NIST prime curve of the specified size.
+
+
+ constructor
+or the method.
+
+This constructor does not generate a new public/private keypair immediately, it just sets the size which will be used to generate a key when one is needed.
+If key is loaded via the method, or other key import method, the key size from this constructor has no meaning.
+
+ ]]>
+
+ The value is not supported by this implementation.
+
+
+
@@ -76,9 +112,24 @@
- To be added.
- To be added.
- To be added.
+ The OpenSSL EC_KEY* value to use as the key.
+ Initializes a new instance of the class from an existing OpenSSL key represented as an EC_KEY*.
+
+ [!IMPORTANT]
+> OpenSSL supports multiple library versions being loaded within the same process.
+> Before calling this constructor verify your pointer value came from the same version of OpenSSL that this class uses, see for more information.
+
+ ]]>
+
+
+ is .
+
+ is not a valid EC_KEY*.
+
@@ -98,9 +149,12 @@
- To be added.
- To be added.
+ The curve used to generate an ephemeral public/private key pair.
+ Initializes a new instance of the class and generates a new key on the specified curve.
To be added.
+
+ does not validate.
+
@@ -120,9 +174,25 @@
- To be added.
- To be added.
- To be added.
+ The OpenSSL EVP_PKEY* value to use as the key, represented as a .
+ Initializes a new instance of the class from an existing OpenSSL key represented as an EVP_PKEY*.
+
+ [!IMPORTANT]
+> OpenSSL supports multiple library versions being loaded within the same process.
+> Before calling this constructor, verify your pointer value came from the same version of OpenSSL that this class uses.
+> For more information, see .
+ ]]>
+
+
+ represents an invalid handle.
+
+ is .
+
+ does not represent a elliptic curve (EC) key.
+
@@ -148,13 +218,27 @@
- To be added.
- To be added.
- To be added.
- To be added.
- To be added.
- To be added.
+ The other party's public key.
+ The hash algorithm to use to derive the key material.
+ A value to prepend to the derived secret before hashing.
+ A value to append to the derived secret before hashing.
+ Performs key derivation using a specified hash algorithm with optional prepended or appended data.
+ The hash of the shared secret after prepending or appending data as requested.
To be added.
+
+ The curve used by has a different size than the curve from this key.
+
+-or-
+
+The parameter does not specify a hash.
+
+ is .
+
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -181,14 +265,28 @@
- To be added.
- To be added.
- To be added.
- To be added.
- To be added.
- To be added.
- To be added.
+ The other party's public key.
+ The hash algorithm to use to derive the key material.
+ The key for the HMAC.
+ A value to prepend to the derived secret before hashing.
+ A value to append to the derived secret before hashing.
+ Performs key derivation using a specified HMAC (Hash-based Message Authentication Code) algorithm with optional prepended or appended data.
+ The HMAC of the shared secret after prepending or appending data as requested.
To be added.
+
+ The curve used by has a different size than the curve from this key.
+
+-or-
+
+The parameter does not specify a hash.
+
+ is .
+
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -211,10 +309,18 @@
- To be added.
- To be added.
- To be added.
+ The other party's public key.
+ Performs a key derivation on the shared secret.
+ The SHA-256 hash of the shared secret.
To be added.
+ The curve used by has a different size than the curve from this key.
+
+ is .
+ The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -239,12 +345,26 @@
- To be added.
- To be added.
- To be added.
- To be added.
- To be added.
+ The other party's public key.
+ The ASCII-encoded PRF label.
+ The 64-byte PRF seed.
+ Performs key derivation using the TLS (Transport Layer Security) 1.1 PRF (Pseudo-Random Function).
+ The first 48 bytes from the TLS 1.1 PRF, using the shared secret as the key.
To be added.
+ A derived class must override this method.
+ The curve used by has a different size than the curve from this key.
+
+ , or is .
+
+ is not exactly 64 bytes in length.
+
+-or-
+
+The curve used by is different than the curve from this key.
+
+-or-
+
+This instance represents only a public key.
@@ -265,9 +385,18 @@
- To be added.
- To be added.
- To be added.
+ Gets a representation of the cryptographic key.
+ A representation of the cryptographic key.
+
+ object with its own lifetime.
+The objects returned by this method can safely be used even after this instance has been disposed.
+
+]]>
+
@@ -290,10 +419,12 @@
- To be added.
- To be added.
- To be added.
+
+ to include private parameters; otherwise, .
+ Exports either the public or the public and private key information using the explicit curve form from the current key to an structure so that it can be passed to the method.
+ An object that represents the point on the curve for this key, using the explicit curve format.
To be added.
+ The method cannot obtain curve values.
@@ -316,10 +447,19 @@
- To be added.
- To be added.
- To be added.
- To be added.
+
+ to include private parameters; otherwise, .
+ Exports the key used by the object into an object.
+ The key and named curve parameters used by the object.
+
+ field contains named curve parameters; otherwise, it contains explicit parameters.
+
+ ]]>
+
+ The method cannot obtain curve values.
@@ -342,9 +482,18 @@
- To be added.
- To be added.
- To be added.
+ The curve used to generate an ephemeral public/private key pair.
+ Generates a new ephemeral public/private key pair for the specified curve.
+
+ method) and must not be implicit.
+
+ ]]>
+
+
+ does not validate.
@@ -367,9 +516,22 @@
- To be added.
- To be added.
- To be added.
+ The curve's parameters to import.
+ Imports the specified parameters for an object as a key into the current instance.
+
+ method replaces the existing key that this object is working with by creating a new object. If `parameters` contains only the field, then only a public key is imported. If `parameters` also contains , then a full key pair is be imported. The `parameter` value specifies the type of the curve to import.
+
+ ]]>
+
+
+ does not validate.
+
+ references a curve that cannot be imported.
+
+ references a curve that is not supported by this platform.
@@ -389,8 +551,8 @@
System.Security.Cryptography.ECDiffieHellmanPublicKey
- To be added.
- To be added.
+ Gets the public key that can be used by another object to generate a shared secret agreement.
+ The public key that is associated with this instance of the object.
To be added.