This documentation is valid for:

GeneXusCryptography Module is an independent module that implements diverse cryptographic functions.

The module is based on Bouncy Castle on both implementations; Java and .Net (C# & NetCore).

The module is organized in folders using cryptography categories.

- Hash: Contains Hashing class with hash algorithm implementations.
- PasswordDerivation: Contains algorithm implementations for Scrypt and Bcrypt password derivation/verification/storage algorithms.
- Symmetric: Contains SymmetricBlockCipher and SymmetricStreamCipher classes, each one implementing block/stream encryption and decryption algorithms.
- Asymmetric: Contains AsymmetricBlockCipher and AsymmetricSigner classes. They implement block encryption and decryption methods for RSA, and digital signature and verification for RSA and ECDSA key types, respectively.
- Encoders: Contains Hexa and Base64 encoding classes to encode and decode text.

GeneXus

- SecurityAPICommons Module

.Net

Requires .Net Framework 4.7 since GeneXus 17 upgrade 1

Requires dotnet SDK>=3.1 and 5.0 since GeneXus 17 Upgrade 5

Requieres dotnet SDK>= 6.0 since GeneXus 17 Upgrade 8

- BouncyCastle
- BouncyCastle_1.8.6.1 since GeneXus 16 upgrade 10
- Not in use since GeneXus 17 Upgrade 9

- Portable.BouncyCastle

Java

- BouncyCastle

You have to install **SecurityAPICommons and GeneXusCryptography modules **from the Manage Module References dialog in the Knowledge Manager option (located in the GeneXus IDE toolbar).

For Net Core is available since GeneXus 16 Upgrade 9

Java, Net Framework and Net Core Web (server-side module)

*"In computer science, cryptography refers to secure information and communication techniques derived from mathematical concepts and a set of rule-based calculations called algorithms to transform messages in ways that are hard to decipher. These deterministic algorithms are used for cryptographic key generation and digital signing and verification to protect data privacy, web browsing on the internet and confidential communications such as credit card transactions and email."* Source

The main goals of cryptography are known as **CIA**:

**C**onfidentiality**I**ntegrity**A**uthenticity

In this context, non-repudiation is another aspect of security.

There are 3 types of cryptographic functions:

- Hash. It does not use keys.
- Secret Key cryptography. It uses one type of key.
- Public Key cryptography. It uses a pair of mathematically bound keys.

The 3 types are usually used for different purposes.

Once an algorithm is established as a standard, the race begins to break it by finding its vulnerabilities.

Cryptography vs Cryptoanalysis Cryptographers create encryption codes. Cryptoanalysts try to break them.

There aren't any unbreakable algorithms, as every one of them is going to be broken eventually. So, the goal is to replace an algorithm for a better one before it is fully broken. That is why the standards change over time.

Because an attacker has infinite time and resources to reverse engineering any algorithm and it needs to be distributed to be used. Keeping a cryptographic algorithm secret is virtually impossible or useless except for those used in military environments only.

Publishing the algorithm also makes it possible for cryptoanalysts to analyze it and find vulnerabilities before some black-hat hacker does.

__Conclusion__:

**Always use public, standardized and up-to-date cryptographic algorithms.**

- Testing for weak encryption (OWASP)
- OWASP's Cryptographic Storage Cheat Sheet
- OWASP Guide to Cryptography
- NIST - Transitioning the Use of Cryptographic Algorithms and Key Lengths