I have a high-level goal of creating a static utility class that encapsulates the encryption for my .NET application. Inside I'd like to minimize the object creations that aren't necessary.
My question is: what is the thread-safety of the classes which implement symmetric encryption within the .NET Framework? Specifically System.Security.Cryptography.RijndaelManaged
and the ICryptoTransform
types it generates.
For instance, in my class constructor can I simply do something along the following lines?
static MyUtility()
{
using (RijndaelManaged rm = new RijndaelManaged())
{
MyUtility.EncryptorTransform = rm.CreateEncryptor(MyUtility.MyKey, MyUtility.MyIV);
MyUtility.DecryptorTransform = rm.CreateDecryptor(MyUtility.MyKey, MyUtility.MyIV);
}
}
Side-stepping the issue of is it secure to have Key and IV exist within this class, this example block brings up a number of other questions:
Can I continually reuse the EncryptorTransform and DecryptorTransform over and over? The
*.CanReuseTransform
and*.CanTransformMultipleBlocks
properties imply "yes", but are there any caveats I should be aware of?Since
RijndaelManaged
implementsIDisposable
my inclination is to put it within ausing
block especially since it probably ties into external OS-level libs. Are there any caveats with this since I'm keeping theICryptoTransform
objects around?Potentially the most important question, in a highly multithreaded environment, will I run into issues with sharing the
ICryptoTransform
objects between threads?If the answer to #3 is that it isn't thread-safe, will I experience serious performance degradation from locking while I use the
ICryptoTransform
objects? (Depends on load I suppose.)Would it be more performant to simply instantiate new
RijndaelManaged
each time? Or store oneRijndaelManaged
and generatenew RijndaelManaged().CreateEncryptor(...)
each time?
I am hoping that someone out there knows how these work under the hood or are experienced with issues from similar implementations. I've found that a lot of these kinds of performance and thread-related issues typically do not manifest themselves until there is a sizable amount of load.
Thanks!