I the last few days I had to take a closer look at cryptographic APIs available in .NET Framework. We’re using RSA + SHA256 to give Office Online hosts opportunity to validate that a request we’re making is actually coming from us. We call that Proof Keys and you can read more about it in public documentation on Office Online Integration Documentation. Just recently we’ve noticed interesting performance problems around signing the data before we make the requests.
.NET had always had
RSAServiceCryptoProvider and that’s what we were using.
However, when .NET 4.6 shipped a new set of APIs was added, including
This new RSA Api is backed by Cryptography API: Next Generation in Windows.
Turns out that new API is not just easier to use but also much faster.