summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/asn1/DerObjectIdentifier.cs2
-rw-r--r--crypto/src/asn1/bc/BCObjectIdentifiers.cs11
-rw-r--r--crypto/src/asn1/bsi/BsiObjectIdentifiers.cs9
-rw-r--r--crypto/src/asn1/crmf/AttributeTypeAndValue.cs2
-rw-r--r--crypto/src/asn1/crmf/Controls.cs6
-rw-r--r--crypto/src/cmp/CertificateConfirmationContent.cs13
-rw-r--r--crypto/src/cmp/CertificateConfirmationContentBuilder.cs41
-rw-r--r--crypto/src/cmp/CertificateStatus.cs34
-rw-r--r--crypto/src/cmp/CmpException.cs17
-rw-r--r--crypto/src/cmp/GeneralPkiMessage.cs27
-rw-r--r--crypto/src/cmp/ProtectedPkiMessage.cs50
-rw-r--r--crypto/src/cmp/ProtectedPkiMessageBuilder.cs37
-rw-r--r--crypto/src/cmp/RevocationDetails.cs13
-rw-r--r--crypto/src/cmp/RevocationDetailsBuilder.cs6
-rw-r--r--crypto/src/cms/CMSEnvelopedDataGenerator.cs2
-rw-r--r--crypto/src/cms/CMSSignedGenerator.cs607
-rw-r--r--crypto/src/cms/CMSSignedHelper.cs2
-rw-r--r--crypto/src/cms/EnvelopedDataHelper.cs118
-rw-r--r--crypto/src/crmf/AuthenticatorControl.cs10
-rw-r--r--crypto/src/crmf/CertificateRequestMessage.cs40
-rw-r--r--crypto/src/crmf/CertificateRequestMessageBuilder.cs50
-rw-r--r--crypto/src/crmf/CrmfException.cs19
-rw-r--r--crypto/src/crmf/DefaultPKMacPrimitivesProvider.cs7
-rw-r--r--crypto/src/crmf/EncryptedValueBuilder.cs39
-rw-r--r--crypto/src/crmf/IControl.cs2
-rw-r--r--crypto/src/crmf/IEncryptedValuePadder.cs5
-rw-r--r--crypto/src/crmf/IPKMacPrimitivesProvider.cs16
-rw-r--r--crypto/src/crmf/PKMacBuilder.cs76
-rw-r--r--crypto/src/crmf/PkiArchiveControl.cs11
-rw-r--r--crypto/src/crmf/PkiArchiveControlBuilder.cs5
-rw-r--r--crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs10
-rw-r--r--crypto/src/crmf/RegTokenControl.cs11
-rw-r--r--crypto/src/crypto/ICipher.cs2
-rw-r--r--crypto/src/crypto/ICipherBuilder.cs11
-rw-r--r--crypto/src/crypto/ICipherBuilderWithKey.cs6
-rw-r--r--crypto/src/crypto/IDecryptorBuilderProvider.cs3
-rw-r--r--crypto/src/crypto/IKeyUnwrapper.cs7
-rw-r--r--crypto/src/crypto/IKeyWrapper.cs4
-rw-r--r--crypto/src/crypto/IMacFactory.cs4
-rw-r--r--crypto/src/crypto/Security.cs88
-rw-r--r--crypto/src/crypto/SimpleBlockResult.cs74
-rw-r--r--crypto/src/crypto/operators/Asn1CipherBuilder.cs26
-rw-r--r--crypto/src/crypto/operators/Asn1KeyWrapper.cs101
-rw-r--r--crypto/src/crypto/operators/CmsContentEncryptorBuilder.cs37
-rw-r--r--crypto/src/crypto/operators/CmsKeyTransRecipientInfoGenerator.cs19
-rw-r--r--crypto/src/crypto/operators/GenericKey.cs9
-rw-r--r--crypto/src/crypto/parameters/ECGOST3410Parameters.cs18
-rw-r--r--crypto/src/crypto/parameters/ECNamedDomainParameters.cs27
-rw-r--r--crypto/src/crypto/signers/DsaDigestSigner.cs2
-rw-r--r--crypto/src/crypto/tls/AbstractTlsClient.cs4
-rw-r--r--crypto/src/crypto/tls/DtlsReliableHandshake.cs2
-rw-r--r--crypto/src/crypto/tls/TlsEccUtilities.cs4
-rw-r--r--crypto/src/crypto/tls/TlsUtilities.cs2
-rw-r--r--crypto/src/crypto/util/AlgorithmIdentifierFactory.cs1
-rw-r--r--crypto/src/crypto/util/CipherFactory.cs14
-rw-r--r--crypto/src/crypto/util/CipherKeyGeneratorFactory.cs44
-rw-r--r--crypto/src/math/ec/rfc8032/Ed25519.cs2
-rw-r--r--crypto/src/math/ec/rfc8032/Ed448.cs2
-rw-r--r--crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfo.cs18
-rw-r--r--crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfoBuilder.cs17
-rw-r--r--crypto/src/pkcs/PkcsException.cs9
-rw-r--r--crypto/src/pkix/PkixCertPathValidatorUtilities.cs2
-rw-r--r--crypto/src/security/DigestUtilities.cs5
-rw-r--r--crypto/src/util/io/MemoryInputStream.cs14
-rw-r--r--crypto/src/util/io/MemoryOutputStream.cs10
-rw-r--r--crypto/src/x509/X509Certificate.cs6
66 files changed, 861 insertions, 1031 deletions
diff --git a/crypto/src/asn1/DerObjectIdentifier.cs b/crypto/src/asn1/DerObjectIdentifier.cs
index 495260a68..1c8032f45 100644
--- a/crypto/src/asn1/DerObjectIdentifier.cs
+++ b/crypto/src/asn1/DerObjectIdentifier.cs
@@ -211,7 +211,7 @@ namespace Org.BouncyCastle.Asn1
         }
 
         private static bool IsValidBranchID(
-            String branchID, int start)
+            string branchID, int start)
         {
             bool periodAllowed = false;
 
diff --git a/crypto/src/asn1/bc/BCObjectIdentifiers.cs b/crypto/src/asn1/bc/BCObjectIdentifiers.cs
index 4f23c101a..1e2448853 100644
--- a/crypto/src/asn1/bc/BCObjectIdentifiers.cs
+++ b/crypto/src/asn1/bc/BCObjectIdentifiers.cs
@@ -5,23 +5,20 @@ namespace Org.BouncyCastle.Asn1.BC
 	public abstract class BCObjectIdentifiers
 	{
         /**
-         *  iso.org.dod.internet.private.enterprise.legion-of-the-bouncy-castle
-         *<p>
-         *  1.3.6.1.4.1.22554
+         * iso.org.dod.internet.private.enterprise.legion-of-the-bouncy-castle
+         * <p>1.3.6.1.4.1.22554</p>
          */
         public static readonly DerObjectIdentifier bc = new DerObjectIdentifier("1.3.6.1.4.1.22554");
 
         /**
          * pbe(1) algorithms
-         * <p>
-         * 1.3.6.1.4.1.22554.1
+         * <p>1.3.6.1.4.1.22554.1</p>
          */
         public static readonly DerObjectIdentifier bc_pbe        = bc.Branch("1");
 
         /**
          * SHA-1(1)
-         * <p>
-         * 1.3.6.1.4.1.22554.1.1
+         * <p>1.3.6.1.4.1.22554.1.1</p>
          */
         public static readonly DerObjectIdentifier bc_pbe_sha1   = bc_pbe.Branch("1");
 
diff --git a/crypto/src/asn1/bsi/BsiObjectIdentifiers.cs b/crypto/src/asn1/bsi/BsiObjectIdentifiers.cs
index 95a0d7b52..50ada2e02 100644
--- a/crypto/src/asn1/bsi/BsiObjectIdentifiers.cs
+++ b/crypto/src/asn1/bsi/BsiObjectIdentifiers.cs
@@ -79,23 +79,22 @@ namespace Org.BouncyCastle.Asn1.Bsi
 	    public static readonly DerObjectIdentifier ecka_eg_SessionKDF_AES192  = ecka_eg_SessionKDF.Branch("3");
 	    public static readonly DerObjectIdentifier ecka_eg_SessionKDF_AES256  = ecka_eg_SessionKDF.Branch("4");
 
-	    /** AES encryption (CBC) and authentication (CMAC)
+	    /* AES encryption (CBC) and authentication (CMAC)
 	     * OID: 0.4.0.127.0.7.1.x */
 	    //TODO: replace "1" with correct OID
 	    //public static readonly DerObjectIdentifier aes_cbc_cmac = algorithm.Branch("1");
 
-	    /** AES encryption (CBC) and authentication (CMAC) with 128 bit
+	    /* AES encryption (CBC) and authentication (CMAC) with 128 bit
 	     * OID: 0.4.0.127.0.7.1.x.y1 */
 	    //TODO:  replace "1" with correct OID
 	    //public static readonly DerObjectIdentifier id_aes128_CBC_CMAC = aes_cbc_cmac.Branch("1");
 
-
-	    /** AES encryption (CBC) and authentication (CMAC) with 192 bit
+        /* AES encryption (CBC) and authentication (CMAC) with 192 bit
 	     * OID: 0.4.0.127.0.7.1.x.y2 */
 	    //TODO:  replace "1" with correct OID
 	    //public static readonly DerObjectIdentifier id_aes192_CBC_CMAC = aes_cbc_cmac.Branch("1");
 
-	    /** AES encryption (CBC) and authentication (CMAC) with 256 bit
+	    /* AES encryption (CBC) and authentication (CMAC) with 256 bit
 	     * OID: 0.4.0.127.0.7.1.x.y3 */
 	    //TODO:  replace "1" with correct OID
 	    //public static readonly DerObjectIdentifier id_aes256_CBC_CMAC = aes_cbc_cmac.Branch("1");
diff --git a/crypto/src/asn1/crmf/AttributeTypeAndValue.cs b/crypto/src/asn1/crmf/AttributeTypeAndValue.cs
index 0a4b5bdbe..e7587896a 100644
--- a/crypto/src/asn1/crmf/AttributeTypeAndValue.cs
+++ b/crypto/src/asn1/crmf/AttributeTypeAndValue.cs
@@ -28,7 +28,7 @@ namespace Org.BouncyCastle.Asn1.Crmf
         }
 
         public AttributeTypeAndValue(
-            String oid,
+            string oid,
             Asn1Encodable value)
             : this(new DerObjectIdentifier(oid), value)
         {
diff --git a/crypto/src/asn1/crmf/Controls.cs b/crypto/src/asn1/crmf/Controls.cs
index 5f132155a..70b48a959 100644
--- a/crypto/src/asn1/crmf/Controls.cs
+++ b/crypto/src/asn1/crmf/Controls.cs
@@ -1,8 +1,8 @@
-using Org.BouncyCastle.Utilities;
-using System;
-using System.Collections.Generic;
+using System;
 using System.Text;
 
+using Org.BouncyCastle.Utilities;
+
 namespace Org.BouncyCastle.Asn1.Crmf
 {
     public class Controls
diff --git a/crypto/src/cmp/CertificateConfirmationContent.cs b/crypto/src/cmp/CertificateConfirmationContent.cs
index 13d1dab8e..ad46ca039 100644
--- a/crypto/src/cmp/CertificateConfirmationContent.cs
+++ b/crypto/src/cmp/CertificateConfirmationContent.cs
@@ -1,15 +1,14 @@
-
-using Org.BouncyCastle.Cms;
-using Org.BouncyCastle.Asn1.Cmp;
+using System;
 
+using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Cms;
 
 namespace Org.BouncyCastle.Cmp
 {
     public class CertificateConfirmationContent
     {
-        private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder;
-        private CertConfirmContent content;
-
+        private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder;
+        private readonly CertConfirmContent content;
 
         public CertificateConfirmationContent(CertConfirmContent content)
         {
@@ -38,6 +37,6 @@ namespace Org.BouncyCastle.Cmp
             }
 
             return ret;
-        } 
+        }
     }
 }
diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
index 3180d66a5..611fa4449 100644
--- a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
+++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs
@@ -1,5 +1,6 @@
-using System.Collections;
-using System.Collections.Generic;
+using System;
+using System.Collections;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
@@ -7,22 +8,24 @@ using Org.BouncyCastle.Cms;
 using Org.BouncyCastle.Crypto.IO;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Cmp
 {
     public class CertificateConfirmationContentBuilder
     {
-        DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
-        private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder;
-        private List<object> acceptedCerts = new List<object>();
-        private List<object> acceptedReqIds = new List<object>();
+        private static readonly DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
 
-        public CertificateConfirmationContentBuilder() : this(new DefaultDigestAlgorithmIdentifierFinder())
-        {
+        private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder;
+        private readonly IList acceptedCerts = Platform.CreateArrayList();
+        private readonly IList acceptedReqIds = Platform.CreateArrayList();
 
+        public CertificateConfirmationContentBuilder()
+            : this(new DefaultDigestAlgorithmIdentifierFinder())
+        {
         }
-    
+
         public CertificateConfirmationContentBuilder(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder)
         {
             this.digestAlgFinder = digestAlgFinder;
@@ -41,27 +44,19 @@ namespace Org.BouncyCastle.Cmp
             Asn1EncodableVector v = new Asn1EncodableVector();
             for (int i = 0; i != acceptedCerts.Count; i++)
             {
-                X509Certificate cert = (X509Certificate) acceptedCerts[i];
-                BigInteger reqId = (BigInteger) acceptedReqIds[i];
+                X509Certificate cert = (X509Certificate)acceptedCerts[i];
+                BigInteger reqId = (BigInteger)acceptedReqIds[i];
 
 
-                
-                AlgorithmIdentifier algorithmIdentifier =  sigAlgFinder.Find(cert.SigAlgName);
+                AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName);
 
                 AlgorithmIdentifier digAlg = digestAlgFinder.find(algorithmIdentifier);
-                if (digAlg == null)
-                {
+                if (null == digAlg)
                     throw new CmpException("cannot find algorithm for digest from signature");
-                }
-
-                DigestSink sink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm));
-
-                sink.Write(cert.GetEncoded());
 
-                byte[] dig = new byte[sink.Digest.GetDigestSize()];
-                sink.Digest.DoFinal(dig, 0);
+                byte[] digest = DigestUtilities.CalculateDigest(digAlg.Algorithm, cert.GetEncoded());
 
-                v.Add(new CertStatus(dig,reqId));
+                v.Add(new CertStatus(digest, reqId));
             }
 
             return new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)),
diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs
index 92a94ea05..0f1d9af9b 100644
--- a/crypto/src/cmp/CertificateStatus.cs
+++ b/crypto/src/cmp/CertificateStatus.cs
@@ -1,4 +1,6 @@
-using Org.BouncyCastle.Asn1.Cmp;
+using System;
+
+using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Cms;
 using Org.BouncyCastle.Crypto.IO;
@@ -11,9 +13,10 @@ namespace Org.BouncyCastle.Cmp
 {
     public class CertificateStatus
     {
-        private DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
-        private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder;
-        private CertStatus certStatus;
+        private static readonly DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
+
+        private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder;
+        private readonly CertStatus certStatus;
 
         public CertificateStatus(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus)
         {
@@ -21,10 +24,10 @@ namespace Org.BouncyCastle.Cmp
             this.certStatus = certStatus;
         }
 
-         public PkiStatusInfo PkiStatusInfo
-         {
-             get { return certStatus.StatusInfo; }
-         }
+        public PkiStatusInfo PkiStatusInfo
+        {
+            get { return certStatus.StatusInfo; }
+        }
 
         public BigInteger CertRequestId
         {
@@ -33,19 +36,12 @@ namespace Org.BouncyCastle.Cmp
 
         public bool IsVerified(X509Certificate cert)
         {
+            AlgorithmIdentifier digAlg = digestAlgFinder.find(sigAlgFinder.Find(cert.SigAlgName));
+            if (null == digAlg)
+                throw new CmpException("cannot find algorithm for digest from signature " + cert.SigAlgName);
 
-            AlgorithmIdentifier digAlg = digestAlgFinder.find( sigAlgFinder.Find(cert.SigAlgName));
-            if (digAlg == null)
-            {
-                throw new CmpException("cannot find algorithm for digest from signature "+cert.SigAlgName);
-            }
-
-            DigestSink digestSink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm));
-
-            digestSink.Write(cert.GetEncoded());
+            byte[] digest = DigestUtilities.CalculateDigest(digAlg.Algorithm, cert.GetEncoded());
 
-            byte[] digest = new byte[digestSink.Digest.GetDigestSize()];
-            digestSink.Digest.DoFinal(digest, 0);
             return Arrays.ConstantTimeAreEqual(certStatus.CertHash.GetOctets(), digest);
         }
     }
diff --git a/crypto/src/cmp/CmpException.cs b/crypto/src/cmp/CmpException.cs
index 2237b453d..7573c034f 100644
--- a/crypto/src/cmp/CmpException.cs
+++ b/crypto/src/cmp/CmpException.cs
@@ -1,26 +1,21 @@
 using System;
-#if !PORTABLE
-using System.Runtime.Serialization;
-#endif
 
 namespace Org.BouncyCastle.Cmp
 {
-    public class CmpException : Exception
+    public class CmpException
+        : Exception
     {
         public CmpException()
         {
         }
 
-        public CmpException(string message) : base(message)
-        {
-        }
-
-        public CmpException(string message, Exception innerException) : base(message, innerException)
+        public CmpException(string message)
+            : base(message)
         {
         }
 
-#if !PORTABLE
-        protected CmpException(SerializationInfo info, StreamingContext context) : base(info, context)
+        public CmpException(string message, Exception innerException)
+            : base(message, innerException)
         {
         }
 #endif
diff --git a/crypto/src/cmp/GeneralPkiMessage.cs b/crypto/src/cmp/GeneralPkiMessage.cs
index ad55a8005..9b12ee77b 100644
--- a/crypto/src/cmp/GeneralPkiMessage.cs
+++ b/crypto/src/cmp/GeneralPkiMessage.cs
@@ -1,20 +1,24 @@
-namespace Org.BouncyCastle.Asn1.Cmp
+using System;
+
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cmp;
+
+namespace Org.BouncyCastle.Cmp
 {
-    public class GeneralPKIMessage
+    public class GeneralPkiMessage
     {
         private readonly PkiMessage pkiMessage;
 
-        private static PkiMessage parseBytes(byte[] encoding)
+        private static PkiMessage ParseBytes(byte[] encoding)
         {
             return PkiMessage.GetInstance(Asn1Object.FromByteArray(encoding));
         }
 
-
         /// <summary>
         /// Wrap a PKIMessage ASN.1 structure.
         /// </summary>
         /// <param name="pkiMessage">PKI message.</param>
-        public GeneralPKIMessage(PkiMessage pkiMessage)
+        public GeneralPkiMessage(PkiMessage pkiMessage)
         {
             this.pkiMessage = pkiMessage;
         }
@@ -23,24 +27,19 @@
         /// Create a PKIMessage from the passed in bytes.
         /// </summary>
         /// <param name="encoding">BER/DER encoding of the PKIMessage</param>
-        public GeneralPKIMessage(byte[] encoding) : this(parseBytes(encoding))
+        public GeneralPkiMessage(byte[] encoding)
+            : this(ParseBytes(encoding))
         {
         }
 
         public PkiHeader Header
         {
-            get
-            {
-                return pkiMessage.Header;
-            }
+            get { return pkiMessage.Header; }
         }
 
         public PkiBody Body
         {
-            get
-            {
-                return pkiMessage.Body;
-            }
+            get { return pkiMessage.Body; }
         }
 
         /// <summary>
diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs
index e05efe768..faddb0df1 100644
--- a/crypto/src/cmp/ProtectedPkiMessage.cs
+++ b/crypto/src/cmp/ProtectedPkiMessage.cs
@@ -1,12 +1,12 @@
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.X509;
-using System;
+using System;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Crmf;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Utilities;
-
-using Org.BouncyCastle.Crmf;
+using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Cmp
 {
@@ -15,20 +15,17 @@ namespace Org.BouncyCastle.Cmp
     /// </summary>
     public class ProtectedPkiMessage
     {
-        private PkiMessage pkiMessage;
+        private readonly PkiMessage pkiMessage;
 
         /// <summary>
         /// Wrap a general message.
         /// </summary>
         /// <exception cref="ArgumentException">If the general message does not have protection.</exception>
         /// <param name="pkiMessage">The General message</param>
-        public ProtectedPkiMessage(GeneralPKIMessage pkiMessage)
+        public ProtectedPkiMessage(GeneralPkiMessage pkiMessage)
         {
-
             if (!pkiMessage.HasProtection)
-            {
                 throw new ArgumentException("pki message not protected");
-            }
 
             this.pkiMessage = pkiMessage.ToAsn1Structure();
         }
@@ -40,10 +37,8 @@ namespace Org.BouncyCastle.Cmp
         /// <param name="pkiMessage">The PKI message</param>
         public ProtectedPkiMessage(PkiMessage pkiMessage)
         {
-            if (pkiMessage.Header.ProtectionAlg == null)
-            {
+            if (null == pkiMessage.Header.ProtectionAlg)
                 throw new ArgumentException("pki message not protected");
-            }
 
             this.pkiMessage = pkiMessage;
         }
@@ -51,25 +46,37 @@ namespace Org.BouncyCastle.Cmp
         /// <summary>
         /// Message header
         /// </summary>
-        public PkiHeader Header { get { return pkiMessage.Header; } }
+        public PkiHeader Header
+        {
+            get { return pkiMessage.Header; }
+        }
 
         /// <summary>
         /// Message Body
         /// </summary>
-        public PkiBody Body { get { return pkiMessage.Body; } }
+        public PkiBody Body
+        {
+            get { return pkiMessage.Body; }
+        }
 
         /// <summary>
         /// Return the underlying ASN.1 structure contained in this object.
         /// </summary>
         /// <returns>PKI Message structure</returns>
-        public PkiMessage ToAsn1Message() { return pkiMessage; }
+        public PkiMessage ToAsn1Message()
+        {
+            return pkiMessage;
+        }
 
         /// <summary>
         /// Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[])
         /// to verify the message if this method returns true.
         /// </summary>
         /// <returns>true if protection MAC PBE based, false otherwise.</returns>
-        public bool HasPasswordBasedMacProtected { get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } }
+        public bool HasPasswordBasedMacProtected
+        {
+            get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); }
+        }
 
         /// <summary>
         /// Return the extra certificates associated with this message.
@@ -78,11 +85,8 @@ namespace Org.BouncyCastle.Cmp
         public X509Certificate[] GetCertificates()
         {
             CmpCertificate[] certs = pkiMessage.GetExtraCerts();
-
-            if (certs == null)
-            {
+            if (null == certs)
                 return new X509Certificate[0];
-            }
 
             X509Certificate[] res = new X509Certificate[certs.Length];
             for (int t = 0; t < certs.Length; t++)
@@ -107,7 +111,7 @@ namespace Org.BouncyCastle.Cmp
             return result.IsVerified(pkiMessage.Protection.GetBytes());
         }
 
-        private Object Process(IStreamCalculator streamCalculator)
+        private object Process(IStreamCalculator streamCalculator)
         {
             Asn1EncodableVector avec = new Asn1EncodableVector();
             avec.Add(pkiMessage.Header);
@@ -135,9 +139,7 @@ namespace Org.BouncyCastle.Cmp
         public bool Verify(PKMacBuilder pkMacBuilder, char[] password)
         {
             if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm))
-            {
                 throw new InvalidOperationException("protection algorithm is not mac based");
-            }
 
             PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters);
 
diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
index dd65fd2bc..8ce0d48dc 100644
--- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
+++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
@@ -1,11 +1,12 @@
 using System;
 using System.Collections;
-using System.Collections.Generic;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Operators;
+using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Cmp
@@ -14,15 +15,14 @@ namespace Org.BouncyCastle.Cmp
     {
         private PkiHeaderBuilder hdrBuilBuilder;
         private PkiBody body;
-        private List<object> generalInfos = new List<object>();
-        private List<object> extraCerts = new List<object>();
+        private IList generalInfos = Platform.CreateArrayList();
+        private IList extraCerts = Platform.CreateArrayList();
 
-        public ProtectedPkiMessageBuilder(GeneralName sender, GeneralName recipient) : this(PkiHeader.CMP_2000, sender,
-            recipient)
+        public ProtectedPkiMessageBuilder(GeneralName sender, GeneralName recipient)
+            : this(PkiHeader.CMP_2000, sender, recipient)
         {
         }
 
-
         public ProtectedPkiMessageBuilder(int pvno, GeneralName sender, GeneralName recipient)
         {
             hdrBuilBuilder = new PkiHeaderBuilder(pvno, sender, recipient);
@@ -97,22 +97,21 @@ namespace Org.BouncyCastle.Cmp
                 throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier");
             }
 
-            FinalizeHeader((AlgorithmIdentifier) signatureFactory.AlgorithmDetails);
+            FinalizeHeader((AlgorithmIdentifier)signatureFactory.AlgorithmDetails);
             PkiHeader header = hdrBuilBuilder.Build();
             DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body));
             return FinalizeMessage(header, protection);
         }
 
         public ProtectedPkiMessage Build(IMacFactory factory)
-        {           
-                IStreamCalculator calculator = factory.CreateCalculator();                
-                FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails);
-                PkiHeader header = hdrBuilBuilder.Build();
-                DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body));
-                return FinalizeMessage(header, protection);        
+        {
+            IStreamCalculator calculator = factory.CreateCalculator();
+            FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails);
+            PkiHeader header = hdrBuilBuilder.Build();
+            DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body));
+            return FinalizeMessage(header, protection);
         }
 
-
         private void FinalizeHeader(AlgorithmIdentifier algorithmIdentifier)
         {
             hdrBuilBuilder.SetProtectionAlg(algorithmIdentifier);
@@ -121,7 +120,7 @@ namespace Org.BouncyCastle.Cmp
                 InfoTypeAndValue[] genInfos = new InfoTypeAndValue[generalInfos.Count];
                 for (int t = 0; t < genInfos.Length; t++)
                 {
-                    genInfos[t] = (InfoTypeAndValue) generalInfos[t];
+                    genInfos[t] = (InfoTypeAndValue)generalInfos[t];
                 }
 
                 hdrBuilBuilder.SetGeneralInfo(genInfos);
@@ -135,7 +134,7 @@ namespace Org.BouncyCastle.Cmp
                 CmpCertificate[] cmpCertificates = new CmpCertificate[extraCerts.Count];
                 for (int i = 0; i < cmpCertificates.Length; i++)
                 {
-                    byte[] cert = ((X509Certificate) extraCerts[i]).GetEncoded();
+                    byte[] cert = ((X509Certificate)extraCerts[i]).GetEncoded();
                     cmpCertificates[i] = CmpCertificate.GetInstance((Asn1Sequence.FromByteArray(cert)));
                 }
 
@@ -152,7 +151,7 @@ namespace Org.BouncyCastle.Cmp
             avec.Add(body);
             byte[] encoded = new DerSequence(avec).GetEncoded();
             signer.Stream.Write(encoded, 0, encoded.Length);
-            Object result = signer.GetResult();
+            object result = signer.GetResult();
 
             if (result is DefaultSignatureResult)
             {
@@ -164,10 +163,10 @@ namespace Org.BouncyCastle.Cmp
             }
             else if (result is byte[])
             {
-                return (byte[]) result;
+                return (byte[])result;
             }
 
             throw new InvalidOperationException("result is not byte[] or DefaultSignatureResult");
         }
     }
-}
\ No newline at end of file
+}
diff --git a/crypto/src/cmp/RevocationDetails.cs b/crypto/src/cmp/RevocationDetails.cs
index 6e1cb34c3..2d3f9a5eb 100644
--- a/crypto/src/cmp/RevocationDetails.cs
+++ b/crypto/src/cmp/RevocationDetails.cs
@@ -1,4 +1,6 @@
-using Org.BouncyCastle.Asn1.Cmp;
+using System;
+
+using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 
@@ -6,7 +8,7 @@ namespace Org.BouncyCastle.Cmp
 {
     public class RevocationDetails
     {
-        private RevDetails revDetails;
+        private readonly RevDetails revDetails;
 
         public RevocationDetails(RevDetails revDetails)
         {
@@ -25,10 +27,7 @@ namespace Org.BouncyCastle.Cmp
 
         public BigInteger SerialNumber
         {
-            get
-            {
-                return revDetails.CertDetails.SerialNumber.Value; //   getCertDetails().getSerialNumber().getValue();
-            }
+            get { return revDetails.CertDetails.SerialNumber.Value; }
         }
 
         public RevDetails ToASN1Structure()
@@ -36,4 +35,4 @@ namespace Org.BouncyCastle.Cmp
             return revDetails;
         }
     }
-}
\ No newline at end of file
+}
diff --git a/crypto/src/cmp/RevocationDetailsBuilder.cs b/crypto/src/cmp/RevocationDetailsBuilder.cs
index 464c0bb13..b3be01242 100644
--- a/crypto/src/cmp/RevocationDetailsBuilder.cs
+++ b/crypto/src/cmp/RevocationDetailsBuilder.cs
@@ -1,4 +1,6 @@
-using Org.BouncyCastle.Asn1;
+using System;
+
+using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1.X509;
@@ -50,7 +52,7 @@ namespace Org.BouncyCastle.Cmp
             return this;
         }
 
-        public RevocationDetails build()
+        public RevocationDetails Build()
         {
             return new RevocationDetails(new RevDetails(_templateBuilder.Build()));
         }
diff --git a/crypto/src/cms/CMSEnvelopedDataGenerator.cs b/crypto/src/cms/CMSEnvelopedDataGenerator.cs
index 8ba41161e..c844ca6fa 100644
--- a/crypto/src/cms/CMSEnvelopedDataGenerator.cs
+++ b/crypto/src/cms/CMSEnvelopedDataGenerator.cs
@@ -158,7 +158,7 @@ namespace Org.BouncyCastle.Cms
 
         public CmsEnvelopedData Generate(CmsProcessable content, ICipherBuilderWithKey cipherBuilder)
         {
-            AlgorithmIdentifier encAlgId = null;
+            //AlgorithmIdentifier encAlgId = null;
             KeyParameter encKey;
             Asn1OctetString encContent;
 
diff --git a/crypto/src/cms/CMSSignedGenerator.cs b/crypto/src/cms/CMSSignedGenerator.cs
index 1ac9f39b7..c7bc4ea43 100644
--- a/crypto/src/cms/CMSSignedGenerator.cs
+++ b/crypto/src/cms/CMSSignedGenerator.cs
@@ -26,337 +26,328 @@ using Org.BouncyCastle.X509.Store;
 
 namespace Org.BouncyCastle.Cms
 {
+    public class DefaultSignatureAlgorithmIdentifierFinder
+    {
+        private static readonly IDictionary algorithms = Platform.CreateHashtable();
+        private static readonly ISet noParams = new HashSet();
+        private static readonly IDictionary _params = Platform.CreateHashtable();
+        private static readonly ISet pkcs15RsaEncryption = new HashSet();
+        private static readonly IDictionary digestOids = Platform.CreateHashtable();
+
+        private static readonly IDictionary digestBuilders = Platform.CreateHashtable();
 
-        public class DefaultSignatureAlgorithmIdentifierFinder
+        private static readonly DerObjectIdentifier ENCRYPTION_RSA = PkcsObjectIdentifiers.RsaEncryption;
+        private static readonly DerObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.IdDsaWithSha1;
+        private static readonly DerObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ECDsaWithSha1;
+        private static readonly DerObjectIdentifier ENCRYPTION_RSA_PSS = PkcsObjectIdentifiers.IdRsassaPss;
+        private static readonly DerObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.GostR3410x94;
+        private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.GostR3410x2001;
+        private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_256 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256;
+        private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_512 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512;
+
+        static DefaultSignatureAlgorithmIdentifierFinder()
         {
-            private static readonly IDictionary algorithms = Platform.CreateHashtable();
-            private static readonly ISet noParams = new HashSet();
-            private static readonly IDictionary _params = Platform.CreateHashtable();
-            private static readonly ISet pkcs15RsaEncryption = new HashSet();
-            private static readonly IDictionary digestOids = Platform.CreateHashtable();
+            algorithms["MD2WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD2WithRsaEncryption;
+            algorithms["MD2WITHRSA"] = PkcsObjectIdentifiers.MD2WithRsaEncryption;
+            algorithms["MD5WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD5WithRsaEncryption;
+            algorithms["MD5WITHRSA"] = PkcsObjectIdentifiers.MD5WithRsaEncryption;
+            algorithms["SHA1WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption;
+            algorithms["SHA1WITHRSA"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption;
+            algorithms["SHA-1WITHRSA"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption;
+            algorithms["SHA224WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption;
+            algorithms["SHA224WITHRSA"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption;
+            algorithms["SHA256WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption;
+            algorithms["SHA256WITHRSA"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption;
+            algorithms["SHA384WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption;
+            algorithms["SHA384WITHRSA"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption;
+            algorithms["SHA512WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption;
+            algorithms["SHA512WITHRSA"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption;
+            algorithms["SHA1WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["SHA224WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["SHA256WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["SHA384WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["SHA512WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["SHA3-224WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["SHA3-256WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["SHA3-384WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["SHA3-512WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
+            algorithms["RIPEMD160WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160;
+            algorithms["RIPEMD160WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160;
+            algorithms["RIPEMD128WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128;
+            algorithms["RIPEMD128WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128;
+            algorithms["RIPEMD256WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256;
+            algorithms["RIPEMD256WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256;
+            algorithms["SHA1WITHDSA"] = X9ObjectIdentifiers.IdDsaWithSha1;
+            algorithms["SHA-1WITHDSA"] = X9ObjectIdentifiers.IdDsaWithSha1;
+            algorithms["DSAWITHSHA1"] = X9ObjectIdentifiers.IdDsaWithSha1;
+            algorithms["SHA224WITHDSA"] = NistObjectIdentifiers.DsaWithSha224;
+            algorithms["SHA256WITHDSA"] = NistObjectIdentifiers.DsaWithSha256;
+            algorithms["SHA384WITHDSA"] = NistObjectIdentifiers.DsaWithSha384;
+            algorithms["SHA512WITHDSA"] = NistObjectIdentifiers.DsaWithSha512;
+            algorithms["SHA3-224WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_224; //  id_dsa_with_sha3_224;
+            algorithms["SHA3-256WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_256; //id_dsa_with_sha3_256;
+            algorithms["SHA3-384WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_384; //id_dsa_with_sha3_384;
+            algorithms["SHA3-512WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_512; //id_dsa_with_sha3_512;
+            algorithms["SHA3-224WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_224;//   id_ecdsa_with_sha3_224;
+            algorithms["SHA3-256WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_256;//id_ecdsa_with_sha3_256;
+            algorithms["SHA3-384WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_384;//id_ecdsa_with_sha3_384;
+            algorithms["SHA3-512WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_512;//id_ecdsa_with_sha3_512;
+            algorithms["SHA3-224WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224;//   id_rsassa_pkcs1_v1_5_with_sha3_224;
+            algorithms["SHA3-256WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256;// id_rsassa_pkcs1_v1_5_with_sha3_256;
+            algorithms["SHA3-384WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384;// id_rsassa_pkcs1_v1_5_with_sha3_384;
+            algorithms["SHA3-512WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512;// id_rsassa_pkcs1_v1_5_with_sha3_512;
+            algorithms["SHA3-224WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224;// id_rsassa_pkcs1_v1_5_with_sha3_224;
+            algorithms["SHA3-256WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256;// id_rsassa_pkcs1_v1_5_with_sha3_256;
+            algorithms["SHA3-384WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384; //id_rsassa_pkcs1_v1_5_with_sha3_384;
+            algorithms["SHA3-512WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512; // id_rsassa_pkcs1_v1_5_with_sha3_512;
+            algorithms["SHA1WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha1;
+            algorithms["ECDSAWITHSHA1"] = X9ObjectIdentifiers.ECDsaWithSha1;
+            algorithms["SHA224WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha224;
+            algorithms["SHA256WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha224;
+            algorithms["SHA384WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha384;
+            algorithms["SHA512WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha256;
+
+
+            algorithms["GOST3411WITHGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94;
+            algorithms["GOST3411WITHGOST3410-94"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94;
+            algorithms["GOST3411WITHECGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001;
+            algorithms["GOST3411WITHECGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001;
+            algorithms["GOST3411WITHGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001;
+            algorithms["GOST3411WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
+            algorithms["GOST3411WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
+            algorithms["GOST3411WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
+            algorithms["GOST3411WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
+            algorithms["GOST3411-2012-256WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
+            algorithms["GOST3411-2012-512WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
+            algorithms["GOST3411-2012-256WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
+            algorithms["GOST3411-2012-512WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
+            algorithms["SHA1WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA1;
+            algorithms["SHA224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA224;
+            algorithms["SHA256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA256;
+            algorithms["SHA384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA384;
+            algorithms["SHA512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA512;
+            algorithms["RIPEMD160WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_RIPEMD160;
+            algorithms["SHA1WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_1;
+            algorithms["SHA224WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_224;
+            algorithms["SHA256WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_256;
+            algorithms["SHA384WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_384;
+            algorithms["SHA512WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_512;
+            algorithms["SHA3-512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA3_512;
+            algorithms["SHA512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA512;
+            algorithms["SM3WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sm3;
+
+            algorithms["SHA256WITHXMSS"] = BCObjectIdentifiers.xmss_with_SHA256;
+            algorithms["SHA512WITHXMSS"] = BCObjectIdentifiers.xmss_with_SHA512;
+            algorithms["SHAKE128WITHXMSS"] = BCObjectIdentifiers.xmss_with_SHAKE128;
+            algorithms["SHAKE256WITHXMSS"] = BCObjectIdentifiers.xmss_with_SHAKE256;
+
+            algorithms["SHA256WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_with_SHA256;
+            algorithms["SHA512WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_with_SHA512;
+            algorithms["SHAKE128WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_with_SHAKE128;
+            algorithms["SHAKE256WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_with_SHAKE256;
 
-            private static readonly IDictionary digestBuilders = Platform.CreateHashtable();
 
+            //
+            // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
+            // The parameters field SHALL be NULL for RSA based signature algorithms.
+            //
+            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha1);
+            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha224);
+            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha256);
+            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha384);
+            noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha512);
+            noParams.Add((object)X9ObjectIdentifiers.IdDsaWithSha1);
+            noParams.Add((object)NistObjectIdentifiers.DsaWithSha224);
+            noParams.Add((object)NistObjectIdentifiers.DsaWithSha256);
+            noParams.Add((object)NistObjectIdentifiers.DsaWithSha384);
+            noParams.Add((object)NistObjectIdentifiers.DsaWithSha512);
+            noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_224);
+            noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_256);
+            noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_384);
+            noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_512);
+            noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_224);
+            noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_256);
+            noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_384);
+            noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_512);
 
-            private static readonly DerObjectIdentifier ENCRYPTION_RSA = PkcsObjectIdentifiers.RsaEncryption;
-            private static readonly DerObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.IdDsaWithSha1;
-            private static readonly DerObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ECDsaWithSha1;
-            private static readonly DerObjectIdentifier ENCRYPTION_RSA_PSS = PkcsObjectIdentifiers.IdRsassaPss;
-            private static readonly DerObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.GostR3410x94;
-            private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.GostR3410x2001;
-            private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_256 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256;
-            private static readonly DerObjectIdentifier ENCRYPTION_ECGOST3410_2012_512 = RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512;
 
+            //
+            // RFC 4491
+            //
+            noParams.Add((object)CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
+            noParams.Add((object)CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
+            noParams.Add((object)RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256);
+            noParams.Add((object)RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512);
 
-            static DefaultSignatureAlgorithmIdentifierFinder()
-            {
-                algorithms["MD2WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD2WithRsaEncryption;
-                algorithms["MD2WITHRSA"] = PkcsObjectIdentifiers.MD2WithRsaEncryption;
-                algorithms["MD5WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.MD5WithRsaEncryption;
-                algorithms["MD5WITHRSA"] = PkcsObjectIdentifiers.MD5WithRsaEncryption;
-                algorithms["SHA1WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption;
-                algorithms["SHA1WITHRSA"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption;
-                algorithms["SHA-1WITHRSA"] = PkcsObjectIdentifiers.Sha1WithRsaEncryption;
-                algorithms["SHA224WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption;
-                algorithms["SHA224WITHRSA"] = PkcsObjectIdentifiers.Sha224WithRsaEncryption;
-                algorithms["SHA256WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption;
-                algorithms["SHA256WITHRSA"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption;
-                algorithms["SHA384WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption;
-                algorithms["SHA384WITHRSA"] = PkcsObjectIdentifiers.Sha384WithRsaEncryption;
-                algorithms["SHA512WITHRSAENCRYPTION"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption;
-                algorithms["SHA512WITHRSA"] = PkcsObjectIdentifiers.Sha512WithRsaEncryption;
-                algorithms["SHA1WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["SHA224WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["SHA256WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["SHA384WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["SHA512WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["SHA3-224WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["SHA3-256WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["SHA3-384WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["SHA3-512WITHRSAANDMGF1"] = PkcsObjectIdentifiers.IdRsassaPss;
-                algorithms["RIPEMD160WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160;
-                algorithms["RIPEMD160WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160;
-                algorithms["RIPEMD128WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128;
-                algorithms["RIPEMD128WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128;
-                algorithms["RIPEMD256WITHRSAENCRYPTION"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256;
-                algorithms["RIPEMD256WITHRSA"] = TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256;
-                algorithms["SHA1WITHDSA"] = X9ObjectIdentifiers.IdDsaWithSha1;
-                algorithms["SHA-1WITHDSA"] = X9ObjectIdentifiers.IdDsaWithSha1;
-                algorithms["DSAWITHSHA1"] = X9ObjectIdentifiers.IdDsaWithSha1;
-                algorithms["SHA224WITHDSA"] = NistObjectIdentifiers.DsaWithSha224;
-                algorithms["SHA256WITHDSA"] = NistObjectIdentifiers.DsaWithSha256;
-                algorithms["SHA384WITHDSA"] = NistObjectIdentifiers.DsaWithSha384;
-                algorithms["SHA512WITHDSA"] = NistObjectIdentifiers.DsaWithSha512;
-                algorithms["SHA3-224WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_224; //  id_dsa_with_sha3_224;
-                algorithms["SHA3-256WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_256; //id_dsa_with_sha3_256;
-                algorithms["SHA3-384WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_384; //id_dsa_with_sha3_384;
-                algorithms["SHA3-512WITHDSA"] = NistObjectIdentifiers.IdDsaWithSha3_512; //id_dsa_with_sha3_512;
-                algorithms["SHA3-224WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_224;//   id_ecdsa_with_sha3_224;
-                algorithms["SHA3-256WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_256;//id_ecdsa_with_sha3_256;
-                algorithms["SHA3-384WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_384;//id_ecdsa_with_sha3_384;
-                algorithms["SHA3-512WITHECDSA"] = NistObjectIdentifiers.IdEcdsaWithSha3_512;//id_ecdsa_with_sha3_512;
-                algorithms["SHA3-224WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224;//   id_rsassa_pkcs1_v1_5_with_sha3_224;
-                algorithms["SHA3-256WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256;// id_rsassa_pkcs1_v1_5_with_sha3_256;
-                algorithms["SHA3-384WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384;// id_rsassa_pkcs1_v1_5_with_sha3_384;
-                algorithms["SHA3-512WITHRSA"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512;// id_rsassa_pkcs1_v1_5_with_sha3_512;
-                algorithms["SHA3-224WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224;// id_rsassa_pkcs1_v1_5_with_sha3_224;
-                algorithms["SHA3-256WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256;// id_rsassa_pkcs1_v1_5_with_sha3_256;
-                algorithms["SHA3-384WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384; //id_rsassa_pkcs1_v1_5_with_sha3_384;
-                algorithms["SHA3-512WITHRSAENCRYPTION"] = NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512; // id_rsassa_pkcs1_v1_5_with_sha3_512;
-                algorithms["SHA1WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha1;
-                algorithms["ECDSAWITHSHA1"] = X9ObjectIdentifiers.ECDsaWithSha1;
-                algorithms["SHA224WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha224;
-                algorithms["SHA256WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha224;
-                algorithms["SHA384WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha384;
-                algorithms["SHA512WITHECDSA"] = X9ObjectIdentifiers.ECDsaWithSha256;
-
-
-                algorithms["GOST3411WITHGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94;
-                algorithms["GOST3411WITHGOST3410-94"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94;
-                algorithms["GOST3411WITHECGOST3410"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001;
-                algorithms["GOST3411WITHECGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001;
-                algorithms["GOST3411WITHGOST3410-2001"] = CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001;
-                algorithms["GOST3411WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
-                algorithms["GOST3411WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
-                algorithms["GOST3411WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
-                algorithms["GOST3411WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
-                algorithms["GOST3411-2012-256WITHECGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
-                algorithms["GOST3411-2012-512WITHECGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
-                algorithms["GOST3411-2012-256WITHGOST3410-2012-256"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256;
-                algorithms["GOST3411-2012-512WITHGOST3410-2012-512"] = RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512;
-                algorithms["SHA1WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA1;
-                algorithms["SHA224WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA224;
-                algorithms["SHA256WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA256;
-                algorithms["SHA384WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA384;
-                algorithms["SHA512WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_SHA512;
-                algorithms["RIPEMD160WITHPLAIN-ECDSA"] = BsiObjectIdentifiers.ecdsa_plain_RIPEMD160;
-                algorithms["SHA1WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_1;
-                algorithms["SHA224WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_224;
-                algorithms["SHA256WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_256;
-                algorithms["SHA384WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_384;
-                algorithms["SHA512WITHCVC-ECDSA"] = EacObjectIdentifiers.id_TA_ECDSA_SHA_512;
-                algorithms["SHA3-512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA3_512;
-                algorithms["SHA512WITHSPHINCS256"] = BCObjectIdentifiers.sphincs256_with_SHA512;
-                algorithms["SM3WITHSM2"] = GMObjectIdentifiers.sm2sign_with_sm3;
-
-                algorithms["SHA256WITHXMSS"] = BCObjectIdentifiers.xmss_with_SHA256;
-                algorithms["SHA512WITHXMSS"] = BCObjectIdentifiers.xmss_with_SHA512;
-                algorithms["SHAKE128WITHXMSS"] = BCObjectIdentifiers.xmss_with_SHAKE128;
-                algorithms["SHAKE256WITHXMSS"] = BCObjectIdentifiers.xmss_with_SHAKE256;
-
-                algorithms["SHA256WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_with_SHA256;
-                algorithms["SHA512WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_with_SHA512;
-                algorithms["SHAKE128WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_with_SHAKE128;
-                algorithms["SHAKE256WITHXMSSMT"] = BCObjectIdentifiers.xmss_mt_with_SHAKE256;
-
-
-                //
-                // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
-                // The parameters field SHALL be NULL for RSA based signature algorithms.
-                //
-                noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha1);
-                noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha224);
-                noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha256);
-                noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha384);
-                noParams.Add((object)X9ObjectIdentifiers.ECDsaWithSha512);
-                noParams.Add((object)X9ObjectIdentifiers.IdDsaWithSha1);
-                noParams.Add((object)NistObjectIdentifiers.DsaWithSha224);
-                noParams.Add((object)NistObjectIdentifiers.DsaWithSha256);
-                noParams.Add((object)NistObjectIdentifiers.DsaWithSha384);
-                noParams.Add((object)NistObjectIdentifiers.DsaWithSha512);
-                noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_224);
-                noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_256);
-                noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_384);
-                noParams.Add((object)NistObjectIdentifiers.IdDsaWithSha3_512);
-                noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_224);
-                noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_256);
-                noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_384);
-                noParams.Add((object)NistObjectIdentifiers.IdEcdsaWithSha3_512);
-
-
-                //
-                // RFC 4491
-                //
-                noParams.Add((object)CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
-                noParams.Add((object)CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
-                noParams.Add((object)RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256);
-                noParams.Add((object)RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512);
-
-                //
-                // SPHINCS-256
-                //
-                noParams.Add((object)BCObjectIdentifiers.sphincs256_with_SHA512);
-                noParams.Add((object)BCObjectIdentifiers.sphincs256_with_SHA3_512);
-
-                //
-                // XMSS
-                //
-                noParams.Add((object)BCObjectIdentifiers.xmss_with_SHA256);
-                noParams.Add((object)BCObjectIdentifiers.xmss_with_SHA512);
-                noParams.Add((object)BCObjectIdentifiers.xmss_with_SHAKE128);
-                noParams.Add((object)BCObjectIdentifiers.xmss_with_SHAKE256);
-                noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHA256);
-                noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHA512);
-                noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHAKE128);
-                noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHAKE256);
-
-                //
-                // SM2
-                //
-                noParams.Add((object)GMObjectIdentifiers.sm2sign_with_sm3);
-
-                //
-                // PKCS 1.5 encrypted  algorithms
-                //
-                pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha1WithRsaEncryption);
-                pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha224WithRsaEncryption);
-                pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha256WithRsaEncryption);
-                pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha384WithRsaEncryption);
-                pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha512WithRsaEncryption);
-                pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
-                pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
-                pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
-                pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224);
-                pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256);
-                pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384);
-                pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512);
-
-                //
-                // explicit params
-                //
-                AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
-                _params["SHA1WITHRSAANDMGF1"] = CreatePssParams(sha1AlgId, 20);
-
-                AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance);
-                _params["SHA224WITHRSAANDMGF1"] = CreatePssParams(sha224AlgId, 28);
-
-                AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance);
-                _params["SHA256WITHRSAANDMGF1"] = CreatePssParams(sha256AlgId, 32);
-
-                AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance);
-                _params["SHA384WITHRSAANDMGF1"] = CreatePssParams(sha384AlgId, 48);
-
-                AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance);
-                _params["SHA512WITHRSAANDMGF1"] = CreatePssParams(sha512AlgId, 64);
-
-                AlgorithmIdentifier sha3_224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_224, DerNull.Instance);
-                _params["SHA3-224WITHRSAANDMGF1"] = CreatePssParams(sha3_224AlgId, 28);
-
-                AlgorithmIdentifier sha3_256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_256, DerNull.Instance);
-                _params["SHA3-256WITHRSAANDMGF1"] = CreatePssParams(sha3_256AlgId, 32);
-
-                AlgorithmIdentifier sha3_384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_384, DerNull.Instance);
-                _params["SHA3-384WITHRSAANDMGF1"] = CreatePssParams(sha3_384AlgId, 48);
-
-                AlgorithmIdentifier sha3_512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_512, DerNull.Instance);
-                _params["SHA3-512WITHRSAANDMGF1"] = CreatePssParams(sha3_512AlgId, 64);
-
-                //
-                // digests
-                //
-                digestOids[PkcsObjectIdentifiers.Sha224WithRsaEncryption] = NistObjectIdentifiers.IdSha224;
-                digestOids[PkcsObjectIdentifiers.Sha256WithRsaEncryption] = NistObjectIdentifiers.IdSha256;
-                digestOids[PkcsObjectIdentifiers.Sha384WithRsaEncryption] = NistObjectIdentifiers.IdSha384;
-                digestOids[PkcsObjectIdentifiers.Sha512WithRsaEncryption] = NistObjectIdentifiers.IdSha512;
-                digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha224;
-                digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha256;
-                digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha384;
-                digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha512;
-                digestOids[NistObjectIdentifiers.IdDsaWithSha3_224] = NistObjectIdentifiers.IdSha3_224;
-                digestOids[NistObjectIdentifiers.IdDsaWithSha3_256] = NistObjectIdentifiers.IdSha3_256;
-                digestOids[NistObjectIdentifiers.IdDsaWithSha3_384] = NistObjectIdentifiers.IdSha3_384;
-                digestOids[NistObjectIdentifiers.IdDsaWithSha3_512] = NistObjectIdentifiers.IdSha3_512;
-                digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_224] = NistObjectIdentifiers.IdSha3_224;
-                digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_256] = NistObjectIdentifiers.IdSha3_256;
-                digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_384] = NistObjectIdentifiers.IdSha3_384;
-                digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_512] = NistObjectIdentifiers.IdSha3_512;
-                digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224] = NistObjectIdentifiers.IdSha3_224;
-                digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256] = NistObjectIdentifiers.IdSha3_256;
-                digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384] = NistObjectIdentifiers.IdSha3_384;
-                digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512] = NistObjectIdentifiers.IdSha3_512;
-
-                digestOids[PkcsObjectIdentifiers.MD2WithRsaEncryption] = PkcsObjectIdentifiers.MD2;
-                digestOids[PkcsObjectIdentifiers.MD4WithRsaEncryption] = PkcsObjectIdentifiers.MD4;
-                digestOids[PkcsObjectIdentifiers.MD5WithRsaEncryption] = PkcsObjectIdentifiers.MD5;
-                digestOids[PkcsObjectIdentifiers.Sha1WithRsaEncryption] = OiwObjectIdentifiers.IdSha1;
-                digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128] = TeleTrusTObjectIdentifiers.RipeMD128;
-                digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160] = TeleTrusTObjectIdentifiers.RipeMD160;
-                digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256] = TeleTrusTObjectIdentifiers.RipeMD256;
-                digestOids[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94] = CryptoProObjectIdentifiers.GostR3411;
-                digestOids[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001] = CryptoProObjectIdentifiers.GostR3411;
-                digestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256;
-                digestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512;
-                digestOids[GMObjectIdentifiers.sm2sign_with_sm3] = GMObjectIdentifiers.sm3;
+            //
+            // SPHINCS-256
+            //
+            noParams.Add((object)BCObjectIdentifiers.sphincs256_with_SHA512);
+            noParams.Add((object)BCObjectIdentifiers.sphincs256_with_SHA3_512);
 
-            }
+            //
+            // XMSS
+            //
+            noParams.Add((object)BCObjectIdentifiers.xmss_with_SHA256);
+            noParams.Add((object)BCObjectIdentifiers.xmss_with_SHA512);
+            noParams.Add((object)BCObjectIdentifiers.xmss_with_SHAKE128);
+            noParams.Add((object)BCObjectIdentifiers.xmss_with_SHAKE256);
+            noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHA256);
+            noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHA512);
+            noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHAKE128);
+            noParams.Add((object)BCObjectIdentifiers.xmss_mt_with_SHAKE256);
 
-            private static AlgorithmIdentifier Generate(string signatureAlgorithm)
-            {
-                AlgorithmIdentifier sigAlgId;
-                AlgorithmIdentifier encAlgId;
-                AlgorithmIdentifier digAlgId;
+            //
+            // SM2
+            //
+            noParams.Add((object)GMObjectIdentifiers.sm2sign_with_sm3);
 
-                string algorithmName = Strings.ToUpperCase(signatureAlgorithm);
-                DerObjectIdentifier sigOID = (DerObjectIdentifier)algorithms[algorithmName];
-                if (sigOID == null)
-                {
-                    throw new ArgumentException("Unknown signature type requested: " + algorithmName);
-                }
+            //
+            // PKCS 1.5 encrypted  algorithms
+            //
+            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha1WithRsaEncryption);
+            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha224WithRsaEncryption);
+            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha256WithRsaEncryption);
+            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha384WithRsaEncryption);
+            pkcs15RsaEncryption.Add((object)PkcsObjectIdentifiers.Sha512WithRsaEncryption);
+            pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
+            pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
+            pkcs15RsaEncryption.Add((object)TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
+            pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224);
+            pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256);
+            pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384);
+            pkcs15RsaEncryption.Add((object)NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512);
 
-                if (noParams.Contains(sigOID))
-                {
-                    sigAlgId = new AlgorithmIdentifier(sigOID);
-                }
-                else if (_params.Contains(algorithmName))
-                {
-                    sigAlgId = new AlgorithmIdentifier(sigOID, (Asn1Encodable)_params[algorithmName]);
-                }
-                else
-                {
-                    sigAlgId = new AlgorithmIdentifier(sigOID, DerNull.Instance);
-                }
+            //
+            // explicit params
+            //
+            AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
+            _params["SHA1WITHRSAANDMGF1"] = CreatePssParams(sha1AlgId, 20);
 
-                if (pkcs15RsaEncryption.Contains(sigOID))
-                {
-                    encAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance);
-                }
-                else
-                {
-                    encAlgId = sigAlgId;
-                }
+            AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance);
+            _params["SHA224WITHRSAANDMGF1"] = CreatePssParams(sha224AlgId, 28);
 
-                if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
-                {
-                    digAlgId = ((RsassaPssParameters)sigAlgId.Parameters).HashAlgorithm;
-                }
-                else
-                {
-                    digAlgId = new AlgorithmIdentifier((DerObjectIdentifier)digestOids[sigOID], DerNull.Instance);
-                }
+            AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance);
+            _params["SHA256WITHRSAANDMGF1"] = CreatePssParams(sha256AlgId, 32);
 
-                return sigAlgId;
+            AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance);
+            _params["SHA384WITHRSAANDMGF1"] = CreatePssParams(sha384AlgId, 48);
+
+            AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance);
+            _params["SHA512WITHRSAANDMGF1"] = CreatePssParams(sha512AlgId, 64);
+
+            AlgorithmIdentifier sha3_224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_224, DerNull.Instance);
+            _params["SHA3-224WITHRSAANDMGF1"] = CreatePssParams(sha3_224AlgId, 28);
+
+            AlgorithmIdentifier sha3_256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_256, DerNull.Instance);
+            _params["SHA3-256WITHRSAANDMGF1"] = CreatePssParams(sha3_256AlgId, 32);
+
+            AlgorithmIdentifier sha3_384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_384, DerNull.Instance);
+            _params["SHA3-384WITHRSAANDMGF1"] = CreatePssParams(sha3_384AlgId, 48);
+
+            AlgorithmIdentifier sha3_512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha3_512, DerNull.Instance);
+            _params["SHA3-512WITHRSAANDMGF1"] = CreatePssParams(sha3_512AlgId, 64);
+
+            //
+            // digests
+            //
+            digestOids[PkcsObjectIdentifiers.Sha224WithRsaEncryption] = NistObjectIdentifiers.IdSha224;
+            digestOids[PkcsObjectIdentifiers.Sha256WithRsaEncryption] = NistObjectIdentifiers.IdSha256;
+            digestOids[PkcsObjectIdentifiers.Sha384WithRsaEncryption] = NistObjectIdentifiers.IdSha384;
+            digestOids[PkcsObjectIdentifiers.Sha512WithRsaEncryption] = NistObjectIdentifiers.IdSha512;
+            digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha224;
+            digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha256;
+            digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha384;
+            digestOids[NistObjectIdentifiers.DsaWithSha224] = NistObjectIdentifiers.IdSha512;
+            digestOids[NistObjectIdentifiers.IdDsaWithSha3_224] = NistObjectIdentifiers.IdSha3_224;
+            digestOids[NistObjectIdentifiers.IdDsaWithSha3_256] = NistObjectIdentifiers.IdSha3_256;
+            digestOids[NistObjectIdentifiers.IdDsaWithSha3_384] = NistObjectIdentifiers.IdSha3_384;
+            digestOids[NistObjectIdentifiers.IdDsaWithSha3_512] = NistObjectIdentifiers.IdSha3_512;
+            digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_224] = NistObjectIdentifiers.IdSha3_224;
+            digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_256] = NistObjectIdentifiers.IdSha3_256;
+            digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_384] = NistObjectIdentifiers.IdSha3_384;
+            digestOids[NistObjectIdentifiers.IdEcdsaWithSha3_512] = NistObjectIdentifiers.IdSha3_512;
+            digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224] = NistObjectIdentifiers.IdSha3_224;
+            digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256] = NistObjectIdentifiers.IdSha3_256;
+            digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384] = NistObjectIdentifiers.IdSha3_384;
+            digestOids[NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512] = NistObjectIdentifiers.IdSha3_512;
+
+            digestOids[PkcsObjectIdentifiers.MD2WithRsaEncryption] = PkcsObjectIdentifiers.MD2;
+            digestOids[PkcsObjectIdentifiers.MD4WithRsaEncryption] = PkcsObjectIdentifiers.MD4;
+            digestOids[PkcsObjectIdentifiers.MD5WithRsaEncryption] = PkcsObjectIdentifiers.MD5;
+            digestOids[PkcsObjectIdentifiers.Sha1WithRsaEncryption] = OiwObjectIdentifiers.IdSha1;
+            digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128] = TeleTrusTObjectIdentifiers.RipeMD128;
+            digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160] = TeleTrusTObjectIdentifiers.RipeMD160;
+            digestOids[TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256] = TeleTrusTObjectIdentifiers.RipeMD256;
+            digestOids[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94] = CryptoProObjectIdentifiers.GostR3411;
+            digestOids[CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001] = CryptoProObjectIdentifiers.GostR3411;
+            digestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256;
+            digestOids[RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512] = RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512;
+            digestOids[GMObjectIdentifiers.sm2sign_with_sm3] = GMObjectIdentifiers.sm3;
+
+        }
+
+        private static AlgorithmIdentifier Generate(string signatureAlgorithm)
+        {
+            AlgorithmIdentifier sigAlgId;
+            AlgorithmIdentifier encAlgId;
+            AlgorithmIdentifier digAlgId;
+
+            string algorithmName = Strings.ToUpperCase(signatureAlgorithm);
+            DerObjectIdentifier sigOID = (DerObjectIdentifier)algorithms[algorithmName];
+            if (sigOID == null)
+            {
+                throw new ArgumentException("Unknown signature type requested: " + algorithmName);
             }
 
-            private static RsassaPssParameters CreatePssParams(AlgorithmIdentifier hashAlgId, int saltSize)
+            if (noParams.Contains(sigOID))
+            {
+                sigAlgId = new AlgorithmIdentifier(sigOID);
+            }
+            else if (_params.Contains(algorithmName))
             {
-                return new RsassaPssParameters(
-                    hashAlgId,
-                    new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgId),
-                    new DerInteger(saltSize),
-                    new DerInteger(1));
+                sigAlgId = new AlgorithmIdentifier(sigOID, (Asn1Encodable)_params[algorithmName]);
+            }
+            else
+            {
+                sigAlgId = new AlgorithmIdentifier(sigOID, DerNull.Instance);
             }
 
-            public AlgorithmIdentifier Find(string sigAlgName)
+            if (pkcs15RsaEncryption.Contains(sigOID))
             {
-               
-                return Generate(sigAlgName);
+                encAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance);
+            }
+            else
+            {
+                encAlgId = sigAlgId;
             }
-        }
-    
 
+            if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
+            {
+                digAlgId = ((RsassaPssParameters)sigAlgId.Parameters).HashAlgorithm;
+            }
+            else
+            {
+                digAlgId = new AlgorithmIdentifier((DerObjectIdentifier)digestOids[sigOID], DerNull.Instance);
+            }
 
+            return sigAlgId;
+        }
 
+        private static RsassaPssParameters CreatePssParams(AlgorithmIdentifier hashAlgId, int saltSize)
+        {
+            return new RsassaPssParameters(
+                hashAlgId,
+                new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgId),
+                new DerInteger(saltSize),
+                new DerInteger(1));
+        }
 
+        public AlgorithmIdentifier Find(string sigAlgName)
+        {
+            return Generate(sigAlgName);
+        }
+    }
 
     public class DefaultDigestAlgorithmIdentifierFinder
     {
@@ -449,7 +440,7 @@ namespace Org.BouncyCastle.Cms
             return digAlgId;
         }
 
-        public AlgorithmIdentifier find(String digAlgName)
+        public AlgorithmIdentifier find(string digAlgName)
         {
             return new AlgorithmIdentifier((DerObjectIdentifier)digestNameToOids[digAlgName], DerNull.Instance);
         }
@@ -583,7 +574,7 @@ namespace Org.BouncyCastle.Cms
 		 * Return a map of oids and byte arrays representing the digests calculated on the content during
 		 * the last generate.
 		 *
-		 * @return a map of oids (as String objects) and byte[] representing digests.
+		 * @return a map of oids (as string objects) and byte[] representing digests.
 		 */
         public IDictionary GetGeneratedDigests()
         {
diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs
index 5b6c93b6a..3fb3cee26 100644
--- a/crypto/src/cms/CMSSignedHelper.cs
+++ b/crypto/src/cms/CMSSignedHelper.cs
@@ -161,7 +161,7 @@ namespace Org.BouncyCastle.Cms
 		{
 			string[] aliases = (string[]) digestAliases[algName];
 
-			return aliases == null ? new String[0] : (string[]) aliases.Clone();
+			return aliases == null ? new string[0] : (string[]) aliases.Clone();
 		}
 
 		/**
diff --git a/crypto/src/cms/EnvelopedDataHelper.cs b/crypto/src/cms/EnvelopedDataHelper.cs
index fe5bc2a97..6d1c7bb3a 100644
--- a/crypto/src/cms/EnvelopedDataHelper.cs
+++ b/crypto/src/cms/EnvelopedDataHelper.cs
@@ -1,4 +1,6 @@
-using System.Collections;
+using System;
+using System.Collections;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Asn1.Oiw;
@@ -12,7 +14,6 @@ using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Crypto.Utilities;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Crypto.Utilites;
 
 namespace Org.BouncyCastle.Cms
 {
@@ -20,20 +21,15 @@ namespace Org.BouncyCastle.Cms
     {
         private static readonly IDictionary BaseCipherNames = Platform.CreateHashtable();
         private static readonly IDictionary MacAlgNames = Platform.CreateHashtable();
-
-        private static readonly IDictionary prfs = Platform.CreateHashtable();
-
-
-        public delegate IDigest DigestCreator();
+        //private static readonly IDictionary PrfDigests = Platform.CreateHashtable();
 
         static EnvelopedDataHelper()
         {
-            prfs.Add(PkcsObjectIdentifiers.IdHmacWithSha1, new DigestProvider(delegate () { return new Sha1Digest(); }));
-            prfs.Add(PkcsObjectIdentifiers.IdHmacWithSha224, new DigestProvider(delegate () { return new Sha224Digest(); }));
-            prfs.Add(PkcsObjectIdentifiers.IdHmacWithSha256, new DigestProvider(delegate () { return new Sha256Digest(); }));
-            prfs.Add(PkcsObjectIdentifiers.IdHmacWithSha384, new DigestProvider(delegate () { return new Sha384Digest(); }));
-            prfs.Add(PkcsObjectIdentifiers.IdHmacWithSha512, new DigestProvider(delegate () { return new Sha512Digest(); }));
-
+            //PrfDigests.Add(PkcsObjectIdentifiers.IdHmacWithSha1, "SHA-1");
+            //PrfDigests.Add(PkcsObjectIdentifiers.IdHmacWithSha224, "SHA-224");
+            //PrfDigests.Add(PkcsObjectIdentifiers.IdHmacWithSha256, "SHA-256");
+            //PrfDigests.Add(PkcsObjectIdentifiers.IdHmacWithSha384, "SHA-384");
+            //PrfDigests.Add(PkcsObjectIdentifiers.IdHmacWithSha512, "SHA-512");
 
             BaseCipherNames.Add(PkcsObjectIdentifiers.DesEde3Cbc, "DESEDE");
             BaseCipherNames.Add(NistObjectIdentifiers.IdAes128Cbc, "AES");
@@ -47,77 +43,53 @@ namespace Org.BouncyCastle.Cms
             MacAlgNames.Add(PkcsObjectIdentifiers.RC2Cbc, "RC2Mac");
         }
 
-        static IDigest GetPrf(AlgorithmIdentifier algID)
-        {
-            return ((DigestCreator)prfs[algID]).Invoke();
-        }
-
-
-        static IWrapper CreateRFC3211Wrapper(DerObjectIdentifier algorithm)
-
-        {
-            if (NistObjectIdentifiers.IdAes128Cbc.Equals(algorithm)
-        || NistObjectIdentifiers.IdAes192Cbc.Equals(algorithm)
-        || NistObjectIdentifiers.IdAes256Cbc.Equals(algorithm))
-            {
-                return new Rfc3211WrapEngine(new AesEngine());
-            }
-            else if (PkcsObjectIdentifiers.DesEde3Cbc.Equals(algorithm))
-            {
-                return new Rfc3211WrapEngine(new DesEdeEngine());
-            }
-            else if (OiwObjectIdentifiers.DesCbc.Equals(algorithm))
-            {
-                return new Rfc3211WrapEngine(new DesEngine());
-            }
-            else if (PkcsObjectIdentifiers.RC2Cbc.Equals(algorithm))
-            {
-                return new Rfc3211WrapEngine(new RC2Engine());
-            }
-            else
-            {
-                throw new CmsException("cannot recognise wrapper: " + algorithm);
-            }
-        }
-
-
-
-       public static object CreateContentCipher(bool forEncryption, ICipherParameters encKey,
-            AlgorithmIdentifier encryptionAlgID)
-
+        //internal static IDigest GetPrf(AlgorithmIdentifier algID)
+        //{
+        //    string digestName = (string)PrfDigests[algID];
+
+        //    return DigestUtilities.GetDigest(digestName);
+        //}
+
+        //internal static IWrapper CreateRfc3211Wrapper(DerObjectIdentifier algorithm)
+        //{
+        //    if (NistObjectIdentifiers.IdAes128Cbc.Equals(algorithm)
+        //        || NistObjectIdentifiers.IdAes192Cbc.Equals(algorithm)
+        //        || NistObjectIdentifiers.IdAes256Cbc.Equals(algorithm))
+        //    {
+        //        return new Rfc3211WrapEngine(new AesEngine());
+        //    }
+        //    else if (PkcsObjectIdentifiers.DesEde3Cbc.Equals(algorithm))
+        //    {
+        //        return new Rfc3211WrapEngine(new DesEdeEngine());
+        //    }
+        //    else if (OiwObjectIdentifiers.DesCbc.Equals(algorithm))
+        //    {
+        //        return new Rfc3211WrapEngine(new DesEngine());
+        //    }
+        //    else if (PkcsObjectIdentifiers.RC2Cbc.Equals(algorithm))
+        //    {
+        //        return new Rfc3211WrapEngine(new RC2Engine());
+        //    }
+        //    else
+        //    {
+        //        throw new CmsException("cannot recognise wrapper: " + algorithm);
+        //    }
+        //}
+
+        public static object CreateContentCipher(bool forEncryption, ICipherParameters encKey,
+             AlgorithmIdentifier encryptionAlgID)
         {
             return CipherFactory.CreateContentCipher(forEncryption, encKey, encryptionAlgID);
         }
 
-
         public AlgorithmIdentifier GenerateEncryptionAlgID(DerObjectIdentifier encryptionOID, KeyParameter encKey, SecureRandom random)
         {
             return AlgorithmIdentifierFactory.GenerateEncryptionAlgID(encryptionOID, encKey.GetKey().Length * 8, random);
         }
 
-       public  CipherKeyGenerator CreateKeyGenerator(DerObjectIdentifier algorithm, SecureRandom random)
-
+        public CipherKeyGenerator CreateKeyGenerator(DerObjectIdentifier algorithm, SecureRandom random)
         {
             return CipherKeyGeneratorFactory.CreateKeyGenerator(algorithm, random);
         }
-
-
-    }
-
-    // This exists because we can't directly put a delegate in a map as it is
-    // not an object.
-    internal class DigestProvider
-    {
-        private readonly EnvelopedDataHelper.DigestCreator creator;
-
-        public DigestProvider(EnvelopedDataHelper.DigestCreator creator)
-        {
-            this.creator = creator;
-        }
-
-        public IDigest Create()
-        {
-            return creator.Invoke();
-        }
     }
 }
diff --git a/crypto/src/crmf/AuthenticatorControl.cs b/crypto/src/crmf/AuthenticatorControl.cs
index 976135ed8..fc546ede5 100644
--- a/crypto/src/crmf/AuthenticatorControl.cs
+++ b/crypto/src/crmf/AuthenticatorControl.cs
@@ -1,4 +1,5 @@
 using System;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Crmf;
 
@@ -7,9 +8,9 @@ namespace Org.BouncyCastle.Crmf
     /// <summary>
     /// Carrier for an authenticator control.
     /// </summary>
-    public class AuthenticatorControl:IControl
+    public class AuthenticatorControl
+        : IControl
     {
-
         private static readonly DerObjectIdentifier type = CrmfObjectIdentifiers.id_regCtrl_authenticator;
 
         private readonly DerUtf8String token;
@@ -27,7 +28,7 @@ namespace Org.BouncyCastle.Crmf
         /// Basic constructor - build from a string representing the token.
         /// </summary>
         /// <param name="token">string representing the token.</param>
-        public AuthenticatorControl(String token)
+        public AuthenticatorControl(string token)
         {
             this.token = new DerUtf8String(token);
         }
@@ -43,7 +44,8 @@ namespace Org.BouncyCastle.Crmf
         /// <summary>
         /// Return the token associated with this control (a UTF8String).
         /// </summary>
-        public Asn1Encodable Value {
+        public Asn1Encodable Value
+        {
             get { return token; }
         }
     }
diff --git a/crypto/src/crmf/CertificateRequestMessage.cs b/crypto/src/crmf/CertificateRequestMessage.cs
index 5b5d37c9e..c733eecbb 100644
--- a/crypto/src/crmf/CertificateRequestMessage.cs
+++ b/crypto/src/crmf/CertificateRequestMessage.cs
@@ -1,4 +1,5 @@
 using System;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Crypto;
@@ -16,18 +17,18 @@ namespace Org.BouncyCastle.Crmf
         private readonly CertReqMsg certReqMsg;
         private readonly Controls controls;
 
-        private static CertReqMsg ParseBytes(byte[] encoding)       
-        {        
-                return CertReqMsg.GetInstance(encoding);
+        private static CertReqMsg ParseBytes(byte[] encoding)
+        {
+            return CertReqMsg.GetInstance(encoding);
         }
 
         /// <summary>
         /// Create a CertificateRequestMessage from the passed in bytes.
         /// </summary>
         /// <param name="encoded">BER/DER encoding of the CertReqMsg structure.</param>
-        public CertificateRequestMessage(byte[] encoded):this(CertReqMsg.GetInstance(encoded))
+        public CertificateRequestMessage(byte[] encoded)
+            : this(CertReqMsg.GetInstance(encoded))
         {
-
         }
 
         public CertificateRequestMessage(CertReqMsg certReqMsg)
@@ -42,7 +43,7 @@ namespace Org.BouncyCastle.Crmf
         /// <returns>A CertReqMsg</returns>
         public CertReqMsg ToAsn1Structure()
         {
-            return certReqMsg; 
+            return certReqMsg;
         }
 
         /// <summary>
@@ -70,7 +71,7 @@ namespace Org.BouncyCastle.Crmf
         /// <returns>true if a control value of type is present, false otherwise.</returns>
         public bool HasControl(DerObjectIdentifier objectIdentifier)
         {
-            return findControl(objectIdentifier) != null;
+            return FindControl(objectIdentifier) != null;
         }
 
         /// <summary>
@@ -80,7 +81,7 @@ namespace Org.BouncyCastle.Crmf
         /// <returns>the control value if present, null otherwise.</returns>
         public IControl GetControl(DerObjectIdentifier type)
         {
-            AttributeTypeAndValue found = findControl(type);
+            AttributeTypeAndValue found = FindControl(type);
             if (found != null)
             {
                 if (found.Type.Equals(CrmfObjectIdentifiers.id_regCtrl_pkiArchiveOptions))
@@ -97,14 +98,11 @@ namespace Org.BouncyCastle.Crmf
                 {
                     return new AuthenticatorControl(DerUtf8String.GetInstance(found.Value));
                 }
-            }        
+            }
             return null;
         }
 
-
-
-
-        public AttributeTypeAndValue findControl(DerObjectIdentifier type)
+        public AttributeTypeAndValue FindControl(DerObjectIdentifier type)
         {
             if (controls == null)
             {
@@ -163,9 +161,9 @@ namespace Org.BouncyCastle.Crmf
                 }
 
                 return false;
-
             }
         }
+
         /// <summary>
         /// Return whether or not a signing key proof-of-possession (POP) is valid.
         /// </summary>
@@ -189,8 +187,6 @@ namespace Org.BouncyCastle.Crmf
             throw new InvalidOperationException("not Signing Key type of proof of possession");
         }
 
-
-
         private bool verifySignature(IVerifierFactoryProvider verifierFactoryProvider, PopoSigningKey signKey)
         {
             IVerifierFactory verifer;
@@ -202,22 +198,22 @@ namespace Org.BouncyCastle.Crmf
             }
             catch (Exception ex)
             {
-                throw new CrmfException("unable to create verifier: "+ex.Message, ex);
+                throw new CrmfException("unable to create verifier: " + ex.Message, ex);
             }
 
             if (signKey.PoposkInput != null)
             {
                 byte[] b = signKey.GetDerEncoded();
-              calculator.Stream.Write(b,0,b.Length);
+                calculator.Stream.Write(b, 0, b.Length);
             }
             else
-            {              
+            {
                 byte[] b = certReqMsg.CertReq.GetDerEncoded();
-                calculator.Stream.Write(b,0,b.Length);
+                calculator.Stream.Write(b, 0, b.Length);
             }
 
-            DefaultVerifierResult result = (DefaultVerifierResult) calculator.GetResult();
-      
+            DefaultVerifierResult result = (DefaultVerifierResult)calculator.GetResult();
+
             return result.IsVerified(signKey.Signature.GetBytes());
         }
 
diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs
index 04b210ec7..88d1d87bd 100644
--- a/crypto/src/crmf/CertificateRequestMessageBuilder.cs
+++ b/crypto/src/crmf/CertificateRequestMessageBuilder.cs
@@ -1,13 +1,13 @@
 using System;
 using System.Collections;
-using System.Collections.Generic;
-using System.Text;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Math;
+using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Crmf
 {
@@ -16,7 +16,7 @@ namespace Org.BouncyCastle.Crmf
         private readonly BigInteger _certReqId;
         private X509ExtensionsGenerator _extGenerator;
         private CertTemplateBuilder _templateBuilder;
-        private List<object> _controls= new List<object>();
+        private IList _controls = Platform.CreateArrayList();
         private ISignatureFactory _popSigner;
         private PKMacBuilder _pkMacBuilder;
         private char[] _password;
@@ -43,7 +43,6 @@ namespace Org.BouncyCastle.Crmf
             return this;
         }
 
-
         public CertificateRequestMessageBuilder SetIssuer(X509Name issuer)
         {
             if (issuer != null)
@@ -77,13 +76,13 @@ namespace Org.BouncyCastle.Crmf
         public CertificateRequestMessageBuilder SetValidity(Time notBefore, Time notAfter)
         {
             _templateBuilder.SetValidity(new OptionalValidity(notBefore, notAfter));
-            return this;                
+            return this;
         }
 
         public CertificateRequestMessageBuilder AddExtension(DerObjectIdentifier oid, bool critical,
             Asn1Encodable value)
         {
-           _extGenerator.AddExtension(oid,critical, value);
+            _extGenerator.AddExtension(oid, critical, value);
             return this;
         }
 
@@ -108,7 +107,7 @@ namespace Org.BouncyCastle.Crmf
             }
 
             this._popSigner = popoSignatureFactory;
-          
+
             return this;
         }
 
@@ -122,7 +121,6 @@ namespace Org.BouncyCastle.Crmf
             this._popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT;
             this._popoPrivKey = new PopoPrivKey(msg);
 
-        
             return this;
         }
 
@@ -141,7 +139,7 @@ namespace Org.BouncyCastle.Crmf
 
             this._popoType = type;
             this._popoPrivKey = new PopoPrivKey(msg);
-            return this;        
+            return this;
         }
 
         public CertificateRequestMessageBuilder SetProofOfPossessionAgreeMac(PKMacValue macValue)
@@ -151,7 +149,7 @@ namespace Org.BouncyCastle.Crmf
                 throw new InvalidOperationException("only one proof of possession allowed");
             }
 
-            this._agreeMac = macValue;        
+            this._agreeMac = macValue;
             return this;
         }
 
@@ -188,35 +186,31 @@ namespace Org.BouncyCastle.Crmf
 
         public CertificateRequestMessage Build()
         {
-            Asn1EncodableVector v = new Asn1EncodableVector();
-
-            v.Add(new DerInteger(this._certReqId));
+            Asn1EncodableVector v = new Asn1EncodableVector(new DerInteger(this._certReqId));
 
             if (!this._extGenerator.IsEmpty)
             {
-               this._templateBuilder.SetExtensions(_extGenerator.Generate());
+                this._templateBuilder.SetExtensions(_extGenerator.Generate());
             }
 
             v.Add(_templateBuilder.Build());
 
-            if (_controls.Count>0)
+            if (_controls.Count > 0)
             {
                 Asn1EncodableVector controlV = new Asn1EncodableVector();
 
-                foreach (Object item  in _controls)
+                foreach (object item in _controls)
                 {
-                    IControl control = (IControl) item;
+                    IControl control = (IControl)item;
                     controlV.Add(new AttributeTypeAndValue(control.Type, control.Value));
                 }
-                    
+
                 v.Add(new DerSequence(controlV));
             }
 
             CertRequest request = CertRequest.GetInstance(new DerSequence(v));
 
-            v = new Asn1EncodableVector();
-
-            v.Add(request);
+            v = new Asn1EncodableVector(request);
 
             if (_popSigner != null)
             {
@@ -225,27 +219,27 @@ namespace Org.BouncyCastle.Crmf
                 if (template.Subject == null || template.PublicKey == null)
                 {
                     SubjectPublicKeyInfo pubKeyInfo = request.CertTemplate.PublicKey;
-                  
+
                     ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(pubKeyInfo);
 
                     if (_sender != null)
                     {
-                        builder.setSender(_sender);
+                        builder.SetSender(_sender);
                     }
                     else
                     {
-                       // PkMa pkmacGenerator = new PKMACValueGenerator(_pkmacBuilder);
+                        //PKMACValueGenerator pkmacGenerator = new PKMACValueGenerator(_pkmacBuilder);
 
-                        builder.setPublicKeyMac(_pkMacBuilder, _password);
+                        builder.SetPublicKeyMac(_pkMacBuilder, _password);
                     }
 
-                    v.Add(new ProofOfPossession(builder.build(_popSigner)));
+                    v.Add(new ProofOfPossession(builder.Build(_popSigner)));
                 }
                 else
                 {
                     ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(request);
 
-                    v.Add(new ProofOfPossession(builder.build(_popSigner)));
+                    v.Add(new ProofOfPossession(builder.Build(_popSigner)));
                 }
             }
             else if (_popoPrivKey != null)
@@ -255,7 +249,7 @@ namespace Org.BouncyCastle.Crmf
             else if (_agreeMac != null)
             {
                 v.Add(new ProofOfPossession(ProofOfPossession.TYPE_KEY_AGREEMENT,
-                        PopoPrivKey.GetInstance(new DerTaggedObject(false, PopoPrivKey.agreeMAC, _agreeMac),true )));
+                        PopoPrivKey.GetInstance(new DerTaggedObject(false, PopoPrivKey.agreeMAC, _agreeMac), true)));
 
             }
             else if (_popRaVerified != null)
diff --git a/crypto/src/crmf/CrmfException.cs b/crypto/src/crmf/CrmfException.cs
index 59aef319a..5ae13a0eb 100644
--- a/crypto/src/crmf/CrmfException.cs
+++ b/crypto/src/crmf/CrmfException.cs
@@ -1,29 +1,22 @@
 using System;
-using System.Collections.Generic;
-#if !PORTABLE
-using System.Runtime.Serialization;
-#endif
-using System.Text;
 
 namespace Org.BouncyCastle.Crmf
 {
-    public class CrmfException : Exception
+    public class CrmfException
+        : Exception
     {
         public CrmfException()
         {
         }
 
-        public CrmfException(string message) : base(message)
+        public CrmfException(string message)
+            : base(message)
         {
         }
 
-        public CrmfException(string message, Exception innerException) : base(message, innerException)
+        public CrmfException(string message, Exception innerException)
+            : base(message, innerException)
         {
         }
-#if !PORTABLE
-        protected CrmfException(SerializationInfo info, StreamingContext context) : base(info, context)
-        {
-        }
-#endif
     }
 }
diff --git a/crypto/src/crmf/DefaultPKMacPrimitivesProvider.cs b/crypto/src/crmf/DefaultPKMacPrimitivesProvider.cs
index 1757d6a92..01e196ef4 100644
--- a/crypto/src/crmf/DefaultPKMacPrimitivesProvider.cs
+++ b/crypto/src/crmf/DefaultPKMacPrimitivesProvider.cs
@@ -1,14 +1,13 @@
 using System;
-using System.Collections.Generic;
-using System.Text;
+
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Crypto.Parameters;
 
 namespace Org.BouncyCastle.Crmf
 {
-    public class DefaultPKMacPrimitivesProvider : IPKMacPrimitivesProvider
+    public class DefaultPKMacPrimitivesProvider
+        : IPKMacPrimitivesProvider
     {
         public IDigest CreateDigest(AlgorithmIdentifier digestAlg)
         {
diff --git a/crypto/src/crmf/EncryptedValueBuilder.cs b/crypto/src/crmf/EncryptedValueBuilder.cs
index a7f581527..87ab0cd10 100644
--- a/crypto/src/crmf/EncryptedValueBuilder.cs
+++ b/crypto/src/crmf/EncryptedValueBuilder.cs
@@ -1,28 +1,28 @@
 using System;
 using System.Collections;
-using System.Collections.Generic;
+using System.IO;
 using System.Text;
+
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1.Nist;
+using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Engines;
 using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Asn1.Crmf;
-using System.IO;
 using Org.BouncyCastle.Pkcs;
-using Org.BouncyCastle.Asn1.Pkcs;
-using Org.BouncyCastle.X509;
+using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.IO;
+using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Crmf
 {
     public class EncryptedValueBuilder
     {
-        private IKeyWrapper wrapper;
-        private ICipherBuilderWithKey encryptor;
-        private EncryptedValuePadder padder;
+        private readonly IKeyWrapper wrapper;
+        private readonly ICipherBuilderWithKey encryptor;
+        private readonly IEncryptedValuePadder padder;
 
         ///
         /// Create a builder that makes EncryptedValue structures.
@@ -30,7 +30,8 @@ namespace Org.BouncyCastle.Crmf
         /// <param name="wrapper">wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue.</param>
         /// <param name="encryptor">encryptor  an output encryptor to encrypt the actual data contained in the EncryptedValue. </param>
         ///
-        public EncryptedValueBuilder(IKeyWrapper wrapper, ICipherBuilderWithKey encryptor) : this(wrapper, encryptor, null)
+        public EncryptedValueBuilder(IKeyWrapper wrapper, ICipherBuilderWithKey encryptor)
+            : this(wrapper, encryptor, null)
         {
         }
 
@@ -41,7 +42,7 @@ namespace Org.BouncyCastle.Crmf
         /// <param name="encryptor">encryptor  an output encryptor to encrypt the actual data contained in the EncryptedValue.</param>
         /// <param name="padder">padder a padder to ensure that the EncryptedValue created will always be a constant length.</param>
         ///
-        public EncryptedValueBuilder(IKeyWrapper wrapper, ICipherBuilderWithKey encryptor, EncryptedValuePadder padder)
+        public EncryptedValueBuilder(IKeyWrapper wrapper, ICipherBuilderWithKey encryptor, IEncryptedValuePadder padder)
         {
             this.wrapper = wrapper;
             this.encryptor = encryptor;
@@ -56,7 +57,7 @@ namespace Org.BouncyCastle.Crmf
         ///
         public EncryptedValue Build(char[] revocationPassphrase)
         {
-            return encryptData(padData(Strings.ToUtf8ByteArray(revocationPassphrase)));
+            return EncryptData(PadData(Strings.ToUtf8ByteArray(revocationPassphrase)));
         }
 
         ///<summary>
@@ -71,7 +72,7 @@ namespace Org.BouncyCastle.Crmf
         {
             try
             {
-                return encryptData(padData(holder.GetEncoded()));
+                return EncryptData(PadData(holder.GetEncoded()));
             }
             catch (IOException e)
             {
@@ -110,13 +111,11 @@ namespace Org.BouncyCastle.Crmf
             {
                 throw new CrmfException("cannot wrap key: " + e.Message, e);
             }
-
         }
 
-        private EncryptedValue encryptData(byte[] data)
+        private EncryptedValue EncryptData(byte[] data)
         {
             MemoryOutputStream bOut = new MemoryOutputStream();
-
             Stream eOut = encryptor.BuildCipher(bOut).Stream;
 
             try
@@ -135,8 +134,8 @@ namespace Org.BouncyCastle.Crmf
 
             AlgorithmIdentifier intendedAlg = null;
             AlgorithmIdentifier symmAlg = (AlgorithmIdentifier)encryptor.AlgorithmDetails;
-            DerBitString encSymmKey;
 
+            DerBitString encSymmKey;
             try
             {
                 encSymmKey = new DerBitString(wrapper.Wrap(((KeyParameter)encryptor.Key).GetKey()).Collect());
@@ -153,7 +152,7 @@ namespace Org.BouncyCastle.Crmf
             return new EncryptedValue(intendedAlg, symmAlg, encSymmKey, keyAlg, valueHint, encValue);
         }
 
-        private byte[] padData(byte[] data)
+        private byte[] PadData(byte[] data)
         {
             if (padder != null)
             {
diff --git a/crypto/src/crmf/IControl.cs b/crypto/src/crmf/IControl.cs
index 14fcc2cd3..9a29ac12a 100644
--- a/crypto/src/crmf/IControl.cs
+++ b/crypto/src/crmf/IControl.cs
@@ -1,8 +1,6 @@
 using System;
 
 using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Asn1.Crmf;
-using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Crmf
 {
diff --git a/crypto/src/crmf/IEncryptedValuePadder.cs b/crypto/src/crmf/IEncryptedValuePadder.cs
index b12993e1f..b8986144e 100644
--- a/crypto/src/crmf/IEncryptedValuePadder.cs
+++ b/crypto/src/crmf/IEncryptedValuePadder.cs
@@ -1,15 +1,12 @@
 using System;
-using System.Collections.Generic;
-using System.Text;
 
 namespace Org.BouncyCastle.Crmf
 {
-
      /// <summary>
      /// An encrypted value padder is used to make sure that prior to a value been
      /// encrypted the data is padded to a standard length.
      /// </summary>
-    public interface EncryptedValuePadder
+    public interface IEncryptedValuePadder
     {
         ///
         /// <summary>Return a byte array of padded data.</summary>
diff --git a/crypto/src/crmf/IPKMacPrimitivesProvider.cs b/crypto/src/crmf/IPKMacPrimitivesProvider.cs
index 8b90be515..08f6a624a 100644
--- a/crypto/src/crmf/IPKMacPrimitivesProvider.cs
+++ b/crypto/src/crmf/IPKMacPrimitivesProvider.cs
@@ -1,20 +1,6 @@
 using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Text;
-using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Asn1.Cmp;
-using Org.BouncyCastle.Asn1.Iana;
-using Org.BouncyCastle.Asn1.Nist;
-using Org.BouncyCastle.Asn1.Oiw;
-using Org.BouncyCastle.Asn1.Pkcs;
+
 using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Cms;
-using Org.BouncyCastle.Crypto.IO;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Crypto;
 
 namespace Org.BouncyCastle.Crmf
diff --git a/crypto/src/crmf/PKMacBuilder.cs b/crypto/src/crmf/PKMacBuilder.cs
index 00bec9f8b..6741177da 100644
--- a/crypto/src/crmf/PKMacBuilder.cs
+++ b/crypto/src/crmf/PKMacBuilder.cs
@@ -1,30 +1,24 @@
 using System;
-using System.Collections.Generic;
 using System.IO;
-using System.Text;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.Iana;
-using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Asn1.Oiw;
-using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Cms;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.IO;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
-
 
 namespace Org.BouncyCastle.Crmf
 {
-
-    class PKMacStreamCalculator : IStreamCalculator
+    internal class PKMacStreamCalculator
+        : IStreamCalculator
     {
         private readonly MacSink _stream;
-        
+
         public PKMacStreamCalculator(IMac mac)
         {
             _stream = new MacSink(mac);
@@ -41,17 +35,16 @@ namespace Org.BouncyCastle.Crmf
         }
     }
 
-    class PKMacFactory : IMacFactory
+    internal class PKMacFactory
+        : IMacFactory
     {
         protected readonly PbmParameter parameters;
-        private byte[] key;
-        
-   
+        private readonly byte[] key;
+
         public PKMacFactory(byte[] key, PbmParameter parameters)
         {
             this.key = Arrays.Clone(key);
-
-            this.parameters = parameters;  
+            this.parameters = parameters;
         }
 
         public virtual object AlgorithmDetails
@@ -62,14 +55,13 @@ namespace Org.BouncyCastle.Crmf
         public virtual IStreamCalculator CreateCalculator()
         {
             IMac mac = MacUtilities.GetMac(parameters.Mac.Algorithm);
-
             mac.Init(new KeyParameter(key));
-
             return new PKMacStreamCalculator(mac);
         }
     }
 
-    class DefaultPKMacResult: IBlockResult
+    internal class DefaultPKMacResult
+        : IBlockResult
     {
         private readonly IMac mac;
 
@@ -81,9 +73,7 @@ namespace Org.BouncyCastle.Crmf
         public byte[] Collect()
         {
             byte[] res = new byte[mac.GetMacSize()];
-
             mac.DoFinal(res, 0);
-
             return res;
         }
 
@@ -121,7 +111,7 @@ namespace Org.BouncyCastle.Crmf
         /// <param name="provider"></param>
         public PKMacBuilder(IPKMacPrimitivesProvider provider) :
             this(new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1), 1000, new AlgorithmIdentifier(IanaObjectIdentifiers.HmacSha1, DerNull.Instance), provider)
-        {       
+        {
         }
 
         /// <summary>
@@ -146,7 +136,6 @@ namespace Org.BouncyCastle.Crmf
             this.maxIterations = maxIterations;
         }
 
-
         private PKMacBuilder(AlgorithmIdentifier digestAlgorithmIdentifier, int iterationCount, AlgorithmIdentifier macAlgorithmIdentifier, IPKMacPrimitivesProvider provider)
         {
             this.iterationCount = iterationCount;
@@ -164,9 +153,7 @@ namespace Org.BouncyCastle.Crmf
         public PKMacBuilder SetSaltLength(int saltLength)
         {
             if (saltLength < 8)
-            {
                 throw new ArgumentException("salt length must be at least 8 bytes");
-            }
 
             this.saltLength = saltLength;
 
@@ -182,10 +169,9 @@ namespace Org.BouncyCastle.Crmf
         public PKMacBuilder SetIterationCount(int iterationCount)
         {
             if (iterationCount < 100)
-            {
                 throw new ArgumentException("iteration count must be at least 100");
-            }
-            checkIterationCountCeiling(iterationCount);
+
+            CheckIterationCountCeiling(iterationCount);
 
             this.iterationCount = iterationCount;
 
@@ -199,7 +185,7 @@ namespace Org.BouncyCastle.Crmf
         /// <returns>this</returns>
         public PKMacBuilder SetParameters(PbmParameter parameters)
         {
-            checkIterationCountCeiling(parameters.IterationCount.Value.IntValue);
+            CheckIterationCountCeiling(parameters.IterationCount.Value.IntValue);
 
             this.parameters = parameters;
 
@@ -215,7 +201,7 @@ namespace Org.BouncyCastle.Crmf
         {
             this.random = random;
 
-            return this;          
+            return this;
         }
 
         /// <summary>
@@ -226,33 +212,27 @@ namespace Org.BouncyCastle.Crmf
         public IMacFactory Build(char[] password)
         {
             if (parameters != null)
+                return GenCalculator(parameters, password);
+
+            byte[] salt = new byte[saltLength];
+
+            if (random == null)
             {
-                return genCalculator(parameters, password);
+                this.random = new SecureRandom();
             }
-            else
-            {
-                byte[] salt = new byte[saltLength];
-
-                if (random == null)
-                {
-                    this.random = new SecureRandom();
-                }
 
-                random.NextBytes(salt);
+            random.NextBytes(salt);
 
-                return genCalculator(new PbmParameter(salt, owf, iterationCount, mac), password);
-            }
+            return GenCalculator(new PbmParameter(salt, owf, iterationCount, mac), password);
         }
 
-        private void checkIterationCountCeiling(int iterationCount)
+        private void CheckIterationCountCeiling(int iterationCount)
         {
             if (maxIterations > 0 && iterationCount > maxIterations)
-            {
                 throw new ArgumentException("iteration count exceeds limit (" + iterationCount + " > " + maxIterations + ")");
-            }
         }
 
-        private IMacFactory genCalculator(PbmParameter parameters, char[] password)
+        private IMacFactory GenCalculator(PbmParameter parameters, char[] password)
         {
             // From RFC 4211
             //
@@ -273,8 +253,8 @@ namespace Org.BouncyCastle.Crmf
             byte[] salt = parameters.Salt.GetOctets();
             byte[] K = new byte[pw.Length + salt.Length];
 
-            System.Array.Copy(pw, 0, K, 0, pw.Length);
-            System.Array.Copy(salt, 0, K, pw.Length, salt.Length);
+            Array.Copy(pw, 0, K, 0, pw.Length);
+            Array.Copy(salt, 0, K, pw.Length, salt.Length);
 
             IDigest digest = provider.CreateDigest(parameters.Owf);
 
diff --git a/crypto/src/crmf/PkiArchiveControl.cs b/crypto/src/crmf/PkiArchiveControl.cs
index d533e6c52..251b8db96 100644
--- a/crypto/src/crmf/PkiArchiveControl.cs
+++ b/crypto/src/crmf/PkiArchiveControl.cs
@@ -1,6 +1,5 @@
 using System;
-using System.Collections.Generic;
-using System.Text;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cms;
 using Org.BouncyCastle.Asn1.Crmf;
@@ -8,7 +7,8 @@ using Org.BouncyCastle.Cms;
 
 namespace Org.BouncyCastle.Crmf
 {
-    public class PkiArchiveControl:IControl
+    public class PkiArchiveControl
+        : IControl
     {
         public static readonly int encryptedPrivKey = PkiArchiveOptions.encryptedPrivKey;
         public static readonly int keyGenParameters = PkiArchiveOptions.keyGenParameters;
@@ -33,7 +33,7 @@ namespace Org.BouncyCastle.Crmf
         /// <returns>CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions</returns>
         public DerObjectIdentifier Type
         {
-            
+
             get { return type; }
         }
 
@@ -87,9 +87,8 @@ namespace Org.BouncyCastle.Crmf
             }
             catch (Exception e)
             {
-                throw  new CrmfException("CRMF parsing error: "+e.Message, e);
+                throw new CrmfException("CRMF parsing error: " + e.Message, e);
             }
         }
-
     }
 }
diff --git a/crypto/src/crmf/PkiArchiveControlBuilder.cs b/crypto/src/crmf/PkiArchiveControlBuilder.cs
index 2677e4e0d..d79f3b5ed 100644
--- a/crypto/src/crmf/PkiArchiveControlBuilder.cs
+++ b/crypto/src/crmf/PkiArchiveControlBuilder.cs
@@ -1,5 +1,6 @@
 using System;
 using System.IO;
+
 using Org.BouncyCastle.Asn1.Cms;
 using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1.Pkcs;
@@ -30,7 +31,7 @@ namespace Org.BouncyCastle.Crmf
             }
             catch (IOException e)
             {
-                throw new InvalidOperationException("unable to encode key and general name info");
+                throw new InvalidOperationException("unable to encode key and general name info", e);
             }
 
             this.envGen = new CmsEnvelopedDataGenerator();
@@ -55,4 +56,4 @@ namespace Org.BouncyCastle.Crmf
             return new PkiArchiveControl(new PkiArchiveOptions(new EncryptedKey(envD)));
         }
     }
-}
\ No newline at end of file
+}
diff --git a/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs b/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs
index 48d85f0e3..154b606da 100644
--- a/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs
+++ b/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs
@@ -1,12 +1,10 @@
 using System;
-using System.Collections.Generic;
-using System.Text;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Crypto.Paddings;
 
 namespace Org.BouncyCastle.Crmf
 {
@@ -27,14 +25,14 @@ namespace Org.BouncyCastle.Crmf
             this._pubKeyInfo = pubKeyInfo;
         }
 
-        public ProofOfPossessionSigningKeyBuilder setSender(GeneralName name)
+        public ProofOfPossessionSigningKeyBuilder SetSender(GeneralName name)
         {
             this._name = name;
 
             return this;
         }
 
-        public ProofOfPossessionSigningKeyBuilder setPublicKeyMac(PKMacBuilder generator, char[] password)
+        public ProofOfPossessionSigningKeyBuilder SetPublicKeyMac(PKMacBuilder generator, char[] password)
         {
             IMacFactory fact = generator.Build(password);
 
@@ -55,7 +53,7 @@ namespace Org.BouncyCastle.Crmf
             return this;
         }
 
-        public PopoSigningKey build(ISignatureFactory signer)
+        public PopoSigningKey Build(ISignatureFactory signer)
         {
             if (_name != null && _publicKeyMAC != null)
             {
diff --git a/crypto/src/crmf/RegTokenControl.cs b/crypto/src/crmf/RegTokenControl.cs
index 90e956f67..43484097c 100644
--- a/crypto/src/crmf/RegTokenControl.cs
+++ b/crypto/src/crmf/RegTokenControl.cs
@@ -1,17 +1,15 @@
 using System;
-using System.Collections.Generic;
-using System.Text;
 
-using Org.BouncyCastle.Crmf;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Crmf;
 
 namespace Org.BouncyCastle.Crmf
 {
-    public class RegTokenControl:IControl
+    public class RegTokenControl
+        : IControl
     {
         private static readonly DerObjectIdentifier type = CrmfObjectIdentifiers.id_regCtrl_regToken;
-    
+
         private readonly DerUtf8String token;
 
         /// <summary>
@@ -22,11 +20,12 @@ namespace Org.BouncyCastle.Crmf
         {
             this.token = token;
         }
+
         /// <summary>
         /// Basic constructor - build from a string representing the token.
         /// </summary>
         /// <param name="token">string representing the token.</param>
-        public RegTokenControl(String token)
+        public RegTokenControl(string token)
         {
             this.token = new DerUtf8String(token);
         }
diff --git a/crypto/src/crypto/ICipher.cs b/crypto/src/crypto/ICipher.cs
index 9041e61ad..3768ee0e3 100644
--- a/crypto/src/crypto/ICipher.cs
+++ b/crypto/src/crypto/ICipher.cs
@@ -1,7 +1,5 @@
 using System;
-using System.Collections.Generic;
 using System.IO;
-using System.Text;
 
 namespace Org.BouncyCastle.Crypto
 {
diff --git a/crypto/src/crypto/ICipherBuilder.cs b/crypto/src/crypto/ICipherBuilder.cs
index 5d4d1279c..9b0e2b343 100644
--- a/crypto/src/crypto/ICipherBuilder.cs
+++ b/crypto/src/crypto/ICipherBuilder.cs
@@ -6,19 +6,19 @@ namespace Org.BouncyCastle.Crypto
     /// <summary>
     /// Base interface for cipher builders.
     /// </summary>
-	public interface ICipherBuilder
-	{
+    public interface ICipherBuilder
+    {
         /// <summary>
         /// Return the algorithm and parameter details associated with any cipher built.
         /// </summary>
-        Object AlgorithmDetails { get ; }
+        object AlgorithmDetails { get; }
 
         /// <summary>
         /// Return the maximum output size that a given input will produce.
         /// </summary>
         /// <param name="inputLen">the length of the expected input.</param>
         /// <returns>The maximum possible output size that can produced for the expected input length.</returns>
-        int GetMaxOutputSize (int inputLen);
+        int GetMaxOutputSize(int inputLen);
 
         /// <summary>
         /// Build a cipher that operates on the passed in stream.
@@ -26,6 +26,5 @@ namespace Org.BouncyCastle.Crypto
         /// <param name="stream">The stream to write/read any encrypted/decrypted data.</param>
         /// <returns>A cipher based around the given stream.</returns>
         ICipher BuildCipher(Stream stream);
-	}
+    }
 }
-
diff --git a/crypto/src/crypto/ICipherBuilderWithKey.cs b/crypto/src/crypto/ICipherBuilderWithKey.cs
index 01a7a2caf..8e79a5e0e 100644
--- a/crypto/src/crypto/ICipherBuilderWithKey.cs
+++ b/crypto/src/crypto/ICipherBuilderWithKey.cs
@@ -1,10 +1,12 @@
-
+using System;
+
 namespace Org.BouncyCastle.Crypto
 {
     /// <summary>
     /// A cipher builder that can also return the key it was initialized with.
     /// </summary>
-    public interface ICipherBuilderWithKey: ICipherBuilder
+    public interface ICipherBuilderWithKey
+        : ICipherBuilder
     {
         /// <summary>
         /// Return the key we were initialized with.
diff --git a/crypto/src/crypto/IDecryptorBuilderProvider.cs b/crypto/src/crypto/IDecryptorBuilderProvider.cs
index 7f151e3ae..42ef2be18 100644
--- a/crypto/src/crypto/IDecryptorBuilderProvider.cs
+++ b/crypto/src/crypto/IDecryptorBuilderProvider.cs
@@ -12,7 +12,6 @@ namespace Org.BouncyCastle.Crypto
         /// </summary>
         /// <param name="algorithmDetails">The algorithm details/parameters to use to create the final cipher.</param>
         /// <returns>A new cipher builder.</returns>
-        ICipherBuilder CreateDecryptorBuilder (Object algorithmDetails);
+        ICipherBuilder CreateDecryptorBuilder(object algorithmDetails);
     }
 }
-
diff --git a/crypto/src/crypto/IKeyUnwrapper.cs b/crypto/src/crypto/IKeyUnwrapper.cs
index 2e280d912..18d5a8d9f 100644
--- a/crypto/src/crypto/IKeyUnwrapper.cs
+++ b/crypto/src/crypto/IKeyUnwrapper.cs
@@ -6,11 +6,11 @@ namespace Org.BouncyCastle.Crypto
     /// Base interface for a key unwrapper.
     /// </summary>
     public interface IKeyUnwrapper
-	{
+    {
         /// <summary>
         /// The parameter set used to configure this key unwrapper.
         /// </summary>
-        Object AlgorithmDetails { get; }
+        object AlgorithmDetails { get; }
 
         /// <summary>
         /// Unwrap the passed in data.
@@ -20,6 +20,5 @@ namespace Org.BouncyCastle.Crypto
         /// <param name="length">The length of the data to be unwrapped.</param>
         /// <returns>an IBlockResult containing the unwrapped key data.</returns>
         IBlockResult Unwrap(byte[] cipherText, int offset, int length);
-	}
+    }
 }
-
diff --git a/crypto/src/crypto/IKeyWrapper.cs b/crypto/src/crypto/IKeyWrapper.cs
index d3ece2de2..27f338420 100644
--- a/crypto/src/crypto/IKeyWrapper.cs
+++ b/crypto/src/crypto/IKeyWrapper.cs
@@ -1,6 +1,4 @@
 using System;
-using System.Collections.Generic;
-using System.Text;
 
 namespace Org.BouncyCastle.Crypto
 {
@@ -12,7 +10,7 @@ namespace Org.BouncyCastle.Crypto
         /// <summary>
         /// The parameter set used to configure this key wrapper.
         /// </summary>
-        Object AlgorithmDetails { get; }
+        object AlgorithmDetails { get; }
 
         /// <summary>
         /// Wrap the passed in key data.
diff --git a/crypto/src/crypto/IMacFactory.cs b/crypto/src/crypto/IMacFactory.cs
index d6b7ddfa7..9180ef1ea 100644
--- a/crypto/src/crypto/IMacFactory.cs
+++ b/crypto/src/crypto/IMacFactory.cs
@@ -1,13 +1,11 @@
 using System;
-using System.Collections.Generic;
-using System.Text;
 
 namespace Org.BouncyCastle.Crypto
 {
     public interface IMacFactory
     {
         /// <summary>The algorithm details object for this calculator.</summary>
-        Object AlgorithmDetails { get; }
+        object AlgorithmDetails { get; }
 
         /// <summary>
         /// Create a stream calculator for this signature calculator. The stream
diff --git a/crypto/src/crypto/Security.cs b/crypto/src/crypto/Security.cs
index 716679044..f6f6924a0 100644
--- a/crypto/src/crypto/Security.cs
+++ b/crypto/src/crypto/Security.cs
@@ -1,4 +1,7 @@
-using Org.BouncyCastle.Crypto;
+using System;
+using System.Text;
+
+using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Digests;
 using Org.BouncyCastle.Crypto.Engines;
 using Org.BouncyCastle.Crypto.Generators;
@@ -6,23 +9,17 @@ using Org.BouncyCastle.Crypto.Modes;
 using Org.BouncyCastle.Crypto.Paddings;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Security;
-using System;
-using System.Text;
+using Org.BouncyCastle.Utilities.Encoders;
 
 namespace crypto
 {
     public class Security
     {
         // USAGE
-
         //var key = Security.GenerateText(32);
-
         //var iv = Security.GenerateText(16);
-
         //var encrypted = Security.Encrypt("MY SECRET", key, iv);
-
-        //var dencrypted = Security.Decrypt(encrypted, key, iv);
-
+        //var decrypted = Security.Decrypt(encrypted, key, iv);
 
         /// <summary>
         /// Return a salted hash based on PBKDF2 for the UTF-8 encoding of the argument text.
@@ -30,79 +27,50 @@ namespace crypto
         /// <param name="text">Provided key text</param>
         /// <param name="salt">Base64 encoded string representing the salt</param>
         /// <returns></returns>
-        public static String ComputeHash(string text, string salt)
+        public static string ComputeHash(string text, string salt)
         {
-            var data = Encoding.UTF8.GetBytes(text);
-            var sha = new Sha512Digest();
-            var gen = new Pkcs5S2ParametersGenerator(sha);
+            byte[] data = Encoding.UTF8.GetBytes(text);
+            Sha512Digest sha = new Sha512Digest();
+            Pkcs5S2ParametersGenerator gen = new Pkcs5S2ParametersGenerator(sha);
 
-            gen.Init(data, Convert.FromBase64String(salt), 2048);
+            gen.Init(data, Base64.Decode(salt), 2048);
 
-            return Convert.ToBase64String(((KeyParameter)gen.GenerateDerivedParameters(sha.GetDigestSize() * 8)).GetKey());
+            return Base64.ToBase64String(((KeyParameter)gen.GenerateDerivedParameters(sha.GetDigestSize() * 8)).GetKey());
         }
 
-        public static String Decrypt(String cipherText, String key, String iv)
-
+        public static string Decrypt(string cipherText, string key, string iv)
         {
-
-            var cipher = CreateCipher(false, key, iv);
-
-            var textAsBytes = cipher.DoFinal(Convert.FromBase64String(cipherText));
-
-
+            IBufferedCipher cipher = CreateCipher(false, key, iv);
+            byte[] textAsBytes = cipher.DoFinal(Base64.Decode(cipherText));
 
             return Encoding.UTF8.GetString(textAsBytes, 0, textAsBytes.Length);
-
         }
 
-
-
-        public static String Encrypt(String plainText, String key, String iv)
-
+        public static string Encrypt(string plainText, string key, string iv)
         {
+            IBufferedCipher cipher = CreateCipher(true, key, iv);
 
-            var cipher = CreateCipher(true, key, iv);
-
-
-
-            return Convert.ToBase64String(cipher.DoFinal(Encoding.UTF8.GetBytes(plainText)));
-
+            return Base64.ToBase64String(cipher.DoFinal(Encoding.UTF8.GetBytes(plainText)));
         }
 
-
-
-        public static String GenerateText(int size)
-
+        public static string GenerateText(int size)
         {
-
-            var textAsBytes = new Byte[size];
-
-            var secureRandom = SecureRandom.GetInstance("SHA256PRNG", true);
-
-
+            byte[] textAsBytes = new byte[size];
+            SecureRandom secureRandom = SecureRandom.GetInstance("SHA256PRNG", true);
 
             secureRandom.NextBytes(textAsBytes);
-
-            return Convert.ToBase64String(textAsBytes);
-
+            return Base64.ToBase64String(textAsBytes);
         }
 
-
-
-        private static PaddedBufferedBlockCipher CreateCipher(Boolean isEncryption, String key, String iv)
-
+        private static IBufferedCipher CreateCipher(bool isEncryption, string key, string iv)
         {
-
-            var cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new RijndaelEngine()), new ISO10126d2Padding());
-
-            var keyParam = new KeyParameter(Convert.FromBase64String(key));
-
-            ICipherParameters cipherParams = String.IsNullOrEmpty(iv) ? (ICipherParameters)keyParam : new ParametersWithIV(keyParam, Convert.FromBase64String(iv));
-
+            IBufferedCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new RijndaelEngine()), new ISO10126d2Padding());
+            KeyParameter keyParam = new KeyParameter(Base64.Decode(key));
+            ICipherParameters cipherParams = (null == iv || iv.Length < 1)
+                ? (ICipherParameters)keyParam
+                : new ParametersWithIV(keyParam, Base64.Decode(iv));
             cipher.Init(isEncryption, cipherParams);
-
             return cipher;
-
         }
     }
 }
diff --git a/crypto/src/crypto/SimpleBlockResult.cs b/crypto/src/crypto/SimpleBlockResult.cs
index 01a6c4e01..6cacda63f 100644
--- a/crypto/src/crypto/SimpleBlockResult.cs
+++ b/crypto/src/crypto/SimpleBlockResult.cs
@@ -2,50 +2,52 @@
 
 namespace Org.BouncyCastle.Crypto
 {
-	/// <summary>
-	/// A simple block result object which just carries a byte array.
-	/// </summary>
-	public class SimpleBlockResult: IBlockResult
-	{
-        private readonly bool approvedOnlyMode;
-		private readonly byte[] result;
+    /// <summary>
+    /// A simple block result object which just carries a byte array.
+    /// </summary>
+    public class SimpleBlockResult
+        : IBlockResult
+    {
+        private readonly byte[] result;
 
         /// <summary>
         /// Base constructor - a wrapper for the passed in byte array.
         /// </summary>
         /// <param name="result">The byte array to be wrapped.</param>
-		public SimpleBlockResult (byte[] result)
-		{
-			this.result = result;
-		}
+        public SimpleBlockResult(byte[] result)
+        {
+            this.result = result;
+        }
 
-		/// <summary>
-		/// Return the number of bytes in the result
-		/// </summary>
-		/// <value>The length of the result in bytes.</value>
-		public int Length { get { return result.Length; } }
+        /// <summary>
+        /// Return the number of bytes in the result
+        /// </summary>
+        /// <value>The length of the result in bytes.</value>
+        public int Length
+        {
+            get { return result.Length; }
+        }
 
-		/// <summary>
-		/// Return the final result of the operation.
-		/// </summary>
-		/// <returns>A block of bytes, representing the result of an operation.</returns>
-		public byte[] Collect()
-		{
+        /// <summary>
+        /// Return the final result of the operation.
+        /// </summary>
+        /// <returns>A block of bytes, representing the result of an operation.</returns>
+        public byte[] Collect()
+        {
             return result;
-		}
+        }
 
-		/// <summary>
-		/// Store the final result of the operation by copying it into the destination array.
-		/// </summary>
-		/// <returns>The number of bytes copied into destination.</returns>
-		/// <param name="destination">The byte array to copy the result into.</param>
-		/// <param name="offset">The offset into destination to start copying the result at.</param>
-		public int Collect(byte[] destination, int offset)
-		{
-            Array.Copy (result, 0, destination, offset, result.Length);
+        /// <summary>
+        /// Store the final result of the operation by copying it into the destination array.
+        /// </summary>
+        /// <returns>The number of bytes copied into destination.</returns>
+        /// <param name="destination">The byte array to copy the result into.</param>
+        /// <param name="offset">The offset into destination to start copying the result at.</param>
+        public int Collect(byte[] destination, int offset)
+        {
+            Array.Copy(result, 0, destination, offset, result.Length);
 
-			return result.Length;
-		}
-	}
+            return result.Length;
+        }
+    }
 }
-
diff --git a/crypto/src/crypto/operators/Asn1CipherBuilder.cs b/crypto/src/crypto/operators/Asn1CipherBuilder.cs
index adb4507a3..d5840746f 100644
--- a/crypto/src/crypto/operators/Asn1CipherBuilder.cs
+++ b/crypto/src/crypto/operators/Asn1CipherBuilder.cs
@@ -1,5 +1,7 @@
-using System.Collections;
+using System;
+using System.Collections;
 using System.IO;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Asn1.Ntt;
@@ -7,44 +9,42 @@ using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Cms;
 using Org.BouncyCastle.Crypto.IO;
 using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Utilities;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Crypto.Utilities;
 
 namespace Org.BouncyCastle.Crypto.Operators
 {
-    public class Asn1CipherBuilderWithKey:ICipherBuilderWithKey
+    public class Asn1CipherBuilderWithKey : ICipherBuilderWithKey
     {
-
         private readonly KeyParameter encKey;
         private AlgorithmIdentifier algorithmIdentifier;
-       
-      
+
         public Asn1CipherBuilderWithKey(DerObjectIdentifier encryptionOID, int keySize, SecureRandom random)
         {
             if (random == null)
             {
-                random= new SecureRandom();
+                random = new SecureRandom();
             }
+
             CipherKeyGenerator keyGen = CipherKeyGeneratorFactory.CreateKeyGenerator(encryptionOID, random);
-    
+
             encKey = new KeyParameter(keyGen.GenerateKey());
             algorithmIdentifier = AlgorithmIdentifierFactory.GenerateEncryptionAlgID(encryptionOID, encKey.GetKey().Length * 8, random);
         }
 
-
         public object AlgorithmDetails
         {
             get { return algorithmIdentifier; }
         }
+
         public int GetMaxOutputSize(int inputLen)
         {
-            throw new System.NotImplementedException();
+            throw new NotImplementedException();
         }
 
         public ICipher BuildCipher(Stream stream)
         {
-
             object cipher = EnvelopedDataHelper.CreateContentCipher(true, encKey, algorithmIdentifier);
 
             //
@@ -54,7 +54,7 @@ namespace Org.BouncyCastle.Crypto.Operators
 
             if (cipher is IStreamCipher)
             {
-                   cipher = new BufferedStreamCipher((IStreamCipher)cipher);                
+                cipher = new BufferedStreamCipher((IStreamCipher)cipher);
             }
 
             if (stream == null)
@@ -62,7 +62,7 @@ namespace Org.BouncyCastle.Crypto.Operators
                 stream = new MemoryStream();
             }
 
-            return new BufferedCipherWrapper((IBufferedCipher)cipher,stream);
+            return new BufferedCipherWrapper((IBufferedCipher)cipher, stream);
         }
 
         public ICipherParameters Key
diff --git a/crypto/src/crypto/operators/Asn1KeyWrapper.cs b/crypto/src/crypto/operators/Asn1KeyWrapper.cs
index ffce7f63a..e2b2f8a37 100644
--- a/crypto/src/crypto/operators/Asn1KeyWrapper.cs
+++ b/crypto/src/crypto/operators/Asn1KeyWrapper.cs
@@ -1,22 +1,21 @@
 using System;
 using System.Collections;
-using System.Collections.Generic;
-using System.Text;
-using Org.BouncyCastle.X509;
+
 using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Nist;
+using Org.BouncyCastle.Asn1.Oiw;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Crypto.Digests;
 using Org.BouncyCastle.Crypto.Encodings;
 using Org.BouncyCastle.Crypto.Engines;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Asn1.Oiw;
-using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Crypto.Operators
 {
-    public class Asn1KeyWrapper : IKeyWrapper
+    public class Asn1KeyWrapper
+        : IKeyWrapper
     {
         private string algorithm;
         private IKeyWrapper wrapper;
@@ -47,11 +46,11 @@ namespace Org.BouncyCastle.Crypto.Operators
 
         static KeyWrapperUtil()
         {
-            providerMap["RSA/NONE/OAEPWITHSHA1ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha1_Oaep);
-            providerMap["RSA/NONE/OAEPWITHSHA224ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha224_Oaep);
-            providerMap["RSA/NONE/OAEPWITHSHA256ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha256_Oaep);
-            providerMap["RSA/NONE/OAEPWITHSHA384ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha384_Oaep);
-            providerMap["RSA/NONE/OAEPWITHSHA512ANDMGF1PADDING"] = new WrapperCreator(RsaOaepWrapper.Rsa_Sha512_Oaep);
+            providerMap.Add("RSA/NONE/OAEPWITHSHA1ANDMGF1PADDING", new RsaOaepWrapperProvider(OiwObjectIdentifiers.IdSha1));
+            providerMap.Add("RSA/NONE/OAEPWITHSHA224ANDMGF1PADDING", new RsaOaepWrapperProvider(NistObjectIdentifiers.IdSha224));
+            providerMap.Add("RSA/NONE/OAEPWITHSHA256ANDMGF1PADDING", new RsaOaepWrapperProvider(NistObjectIdentifiers.IdSha256));
+            providerMap.Add("RSA/NONE/OAEPWITHSHA384ANDMGF1PADDING", new RsaOaepWrapperProvider(NistObjectIdentifiers.IdSha384));
+            providerMap.Add("RSA/NONE/OAEPWITHSHA512ANDMGF1PADDING", new RsaOaepWrapperProvider(NistObjectIdentifiers.IdSha512));
         }
 
         public static IKeyWrapper WrapperForName(string algorithm, ICipherParameters parameters)
@@ -59,77 +58,28 @@ namespace Org.BouncyCastle.Crypto.Operators
             WrapperProvider provider = (WrapperProvider)providerMap[Strings.ToUpperCase(algorithm)];
 
             if (provider == null)
-            {
                 throw new ArgumentException("could not resolve " + algorithm + " to a KeyWrapper");
-            }
 
-            return (IKeyWrapper)provider.createWrapper(true, parameters);
+            return (IKeyWrapper)provider.CreateWrapper(true, parameters);
         }
 
         public static IKeyUnwrapper UnwrapperForName(string algorithm, ICipherParameters parameters)
         {
             WrapperProvider provider = (WrapperProvider)providerMap[Strings.ToUpperCase(algorithm)];
             if (provider == null)
-            {
                 throw new ArgumentException("could not resolve " + algorithm + " to a KeyUnwrapper");
-            }
-
-            return (IKeyUnwrapper)provider.createWrapper(false, parameters);
-        }
-    }
-
-    internal delegate object WrapperCreatorDelegate(bool forWrapping, ICipherParameters parameters);
-
-    /// <summary>
-    /// Wraps delegate and implements the WrapperProvider Interface.
-    /// </summary>
-    internal class WrapperCreator : WrapperProvider
-    {
-        private readonly WrapperCreatorDelegate creator;
 
-        public WrapperCreator(WrapperCreatorDelegate creator)
-        {
-            this.creator = creator;
-        }
-
-        public object createWrapper(bool forWrapping, ICipherParameters parameters)
-        {
-            return this.creator.Invoke(forWrapping, parameters);
+            return (IKeyUnwrapper)provider.CreateWrapper(false, parameters);
         }
     }
 
     internal interface WrapperProvider
     {
-        object createWrapper(bool forWrapping, ICipherParameters parameters);
+        object CreateWrapper(bool forWrapping, ICipherParameters parameters);
     }
 
     internal class RsaOaepWrapper : IKeyWrapper, IKeyUnwrapper
     {
-        internal static object Rsa_Sha1_Oaep(bool forWrapping, ICipherParameters parameters)
-        {
-            return new RsaOaepWrapper(forWrapping, parameters, OiwObjectIdentifiers.IdSha1);
-        }
-
-        internal static object Rsa_Sha224_Oaep(bool forWrapping, ICipherParameters parameters)
-        {
-            return new RsaOaepWrapper(forWrapping, parameters, NistObjectIdentifiers.IdSha224);
-        }
-
-        internal static object Rsa_Sha256_Oaep(bool forWrapping, ICipherParameters parameters)
-        {
-            return new RsaOaepWrapper(forWrapping, parameters, NistObjectIdentifiers.IdSha256);
-        }
-
-        internal static object Rsa_Sha384_Oaep(bool forWrapping, ICipherParameters parameters)
-        {
-            return new RsaOaepWrapper(forWrapping, parameters, NistObjectIdentifiers.IdSha384);
-        }
-
-        internal static object Rsa_Sha512_Oaep(bool forWrapping, ICipherParameters parameters)
-        {
-            return new RsaOaepWrapper(forWrapping, parameters, NistObjectIdentifiers.IdSha512);
-        }
-
         private readonly AlgorithmIdentifier algId;
         private readonly IAsymmetricBlockCipher engine;
 
@@ -149,10 +99,7 @@ namespace Org.BouncyCastle.Crypto.Operators
 
         public object AlgorithmDetails
         {
-            get
-            {
-                return algId;
-            }
+            get { return algId; }
         }
 
         public IBlockResult Unwrap(byte[] cipherText, int offset, int length)
@@ -165,4 +112,20 @@ namespace Org.BouncyCastle.Crypto.Operators
             return new SimpleBlockResult(engine.ProcessBlock(keyData, 0, keyData.Length));
         }
     }
+
+    internal class RsaOaepWrapperProvider
+        : WrapperProvider
+    {
+        private readonly DerObjectIdentifier digestOid;
+
+        internal RsaOaepWrapperProvider(DerObjectIdentifier digestOid)
+        {
+            this.digestOid = digestOid;
+        }
+
+        object WrapperProvider.CreateWrapper(bool forWrapping, ICipherParameters parameters)
+        {
+            return new RsaOaepWrapper(forWrapping, parameters, digestOid);
+        }
+    }
 }
diff --git a/crypto/src/crypto/operators/CmsContentEncryptorBuilder.cs b/crypto/src/crypto/operators/CmsContentEncryptorBuilder.cs
index da9e32f9e..690e970cb 100644
--- a/crypto/src/crypto/operators/CmsContentEncryptorBuilder.cs
+++ b/crypto/src/crypto/operators/CmsContentEncryptorBuilder.cs
@@ -1,5 +1,7 @@
-using System.Collections;
+using System;
+using System.Collections;
 using System.IO;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Nist;
 using Org.BouncyCastle.Asn1.Ntt;
@@ -16,25 +18,24 @@ namespace Org.BouncyCastle.Operators
 {
     public class CmsContentEncryptorBuilder
     {
-        private static readonly IDictionary keySizes = Platform.CreateHashtable();
+        private static readonly IDictionary KeySizes = Platform.CreateHashtable();
 
         static CmsContentEncryptorBuilder()
         {
-            keySizes[NistObjectIdentifiers.IdAes128Cbc] = 128;
-            keySizes[NistObjectIdentifiers.IdAes192Cbc] =192;
-            keySizes[NistObjectIdentifiers.IdAes256Cbc] =256;
+            KeySizes[NistObjectIdentifiers.IdAes128Cbc] = 128;
+            KeySizes[NistObjectIdentifiers.IdAes192Cbc] = 192;
+            KeySizes[NistObjectIdentifiers.IdAes256Cbc] = 256;
 
-           
-            keySizes[NttObjectIdentifiers.IdCamellia128Cbc] =128;
-            keySizes[NttObjectIdentifiers.IdCamellia192Cbc] =192;
-            keySizes[NttObjectIdentifiers.IdCamellia256Cbc] =256;
+            KeySizes[NttObjectIdentifiers.IdCamellia128Cbc] = 128;
+            KeySizes[NttObjectIdentifiers.IdCamellia192Cbc] = 192;
+            KeySizes[NttObjectIdentifiers.IdCamellia256Cbc] = 256;
         }
 
-        private static int getKeySize(DerObjectIdentifier oid)
+        private static int GetKeySize(DerObjectIdentifier oid)
         {
-            if (keySizes.Contains(oid))
+            if (KeySizes.Contains(oid))
             {
-                return (int)keySizes[oid];
+                return (int)KeySizes[oid];
             }
 
             return -1;
@@ -43,11 +44,12 @@ namespace Org.BouncyCastle.Operators
         private readonly DerObjectIdentifier encryptionOID;
         private readonly int keySize;
 
-      
-        private EnvelopedDataHelper helper = new EnvelopedDataHelper();
-        private SecureRandom random;
+        private readonly EnvelopedDataHelper helper = new EnvelopedDataHelper();
+        //private SecureRandom random;
 
-        public CmsContentEncryptorBuilder(DerObjectIdentifier encryptionOID):this(encryptionOID, getKeySize(encryptionOID)) { 
+        public CmsContentEncryptorBuilder(DerObjectIdentifier encryptionOID)
+            : this(encryptionOID, GetKeySize(encryptionOID))
+        {
         }
 
         public CmsContentEncryptorBuilder(DerObjectIdentifier encryptionOID, int keySize)
@@ -58,7 +60,8 @@ namespace Org.BouncyCastle.Operators
 
         public ICipherBuilderWithKey Build()
         {
-            return new Asn1CipherBuilderWithKey(encryptionOID,keySize,random);
+            //return new Asn1CipherBuilderWithKey(encryptionOID, keySize, random);
+            return new Asn1CipherBuilderWithKey(encryptionOID, keySize, null);
         }
     }
 }
diff --git a/crypto/src/crypto/operators/CmsKeyTransRecipientInfoGenerator.cs b/crypto/src/crypto/operators/CmsKeyTransRecipientInfoGenerator.cs
index 997231b6e..b73c41dbd 100644
--- a/crypto/src/crypto/operators/CmsKeyTransRecipientInfoGenerator.cs
+++ b/crypto/src/crypto/operators/CmsKeyTransRecipientInfoGenerator.cs
@@ -1,16 +1,20 @@
-using Org.BouncyCastle.Asn1.X509;
+using System;
+
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Cms;
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.X509;
 
 namespace Org.BouncyCastle.Operators
 {
-    public class CmsKeyTransRecipientInfoGenerator: KeyTransRecipientInfoGenerator
+    public class CmsKeyTransRecipientInfoGenerator
+        : KeyTransRecipientInfoGenerator
     {
-        private IKeyWrapper keyWrapper;
+        private readonly IKeyWrapper keyWrapper;
 
-        public CmsKeyTransRecipientInfoGenerator(X509Certificate recipCert, IKeyWrapper keyWrapper): base(new Asn1.Cms.IssuerAndSerialNumber(recipCert.IssuerDN, new DerInteger(recipCert.SerialNumber)))
+        public CmsKeyTransRecipientInfoGenerator(X509Certificate recipCert, IKeyWrapper keyWrapper)
+            : base(new Asn1.Cms.IssuerAndSerialNumber(recipCert.IssuerDN, new DerInteger(recipCert.SerialNumber)))
         {
             this.keyWrapper = keyWrapper;
             this.RecipientCert = recipCert;
@@ -24,10 +28,7 @@ namespace Org.BouncyCastle.Operators
 
         protected override AlgorithmIdentifier AlgorithmDetails
         {
-            get
-            {
-                return (AlgorithmIdentifier)keyWrapper.AlgorithmDetails;
-            }
+            get { return (AlgorithmIdentifier)keyWrapper.AlgorithmDetails; }
         }
 
         protected override byte[] GenerateWrappedKey(Crypto.Parameters.KeyParameter contentKey)
diff --git a/crypto/src/crypto/operators/GenericKey.cs b/crypto/src/crypto/operators/GenericKey.cs
index b2df74661..89512c7b0 100644
--- a/crypto/src/crypto/operators/GenericKey.cs
+++ b/crypto/src/crypto/operators/GenericKey.cs
@@ -1,18 +1,17 @@
 using System;
-using System.Collections.Generic;
-using System.Text;
+
 using Org.BouncyCastle.Asn1.X509;
 
 namespace Org.BouncyCastle.Crypto.Operators
 {
     public class GenericKey
     {
-        private AlgorithmIdentifier algorithmIdentifier;
-        private object representation;
+        private readonly AlgorithmIdentifier algorithmIdentifier;
+        private readonly object representation;
 
         public GenericKey(object representation)
         {
-            algorithmIdentifier = null;
+            this.algorithmIdentifier = null;
             this.representation = representation;
         }
 
diff --git a/crypto/src/crypto/parameters/ECGOST3410Parameters.cs b/crypto/src/crypto/parameters/ECGOST3410Parameters.cs
index a3aa1953c..6abcb1647 100644
--- a/crypto/src/crypto/parameters/ECGOST3410Parameters.cs
+++ b/crypto/src/crypto/parameters/ECGOST3410Parameters.cs
@@ -1,12 +1,14 @@
-using Org.BouncyCastle.Asn1;
+using System;
+
+using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Math.EC;
 
 namespace Org.BouncyCastle.Crypto.Parameters
 {
-    public class ECGost3410Parameters : ECNamedDomainParameters
+    public class ECGost3410Parameters
+        : ECNamedDomainParameters
     {
-
         private readonly DerObjectIdentifier _publicKeyParamSet;
         private readonly DerObjectIdentifier _digestParamSet;
         private readonly DerObjectIdentifier _encryptionParamSet;
@@ -30,22 +32,22 @@ namespace Org.BouncyCastle.Crypto.Parameters
             ECNamedDomainParameters dp,
             DerObjectIdentifier publicKeyParamSet,
             DerObjectIdentifier digestParamSet,
-            DerObjectIdentifier encryptionParamSet) : base(dp.Name, dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed())
+            DerObjectIdentifier encryptionParamSet)
+            : base(dp.Name, dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed())
         {
             this._publicKeyParamSet = publicKeyParamSet;
             this._digestParamSet = digestParamSet;
             this._encryptionParamSet = encryptionParamSet;
         }
 
-
         public ECGost3410Parameters(ECDomainParameters dp, DerObjectIdentifier publicKeyParamSet,
             DerObjectIdentifier digestParamSet,
-            DerObjectIdentifier encryptionParamSet) : base(publicKeyParamSet, dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed())
+            DerObjectIdentifier encryptionParamSet)
+            : base(publicKeyParamSet, dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed())
         {
             this._publicKeyParamSet = publicKeyParamSet;
             this._digestParamSet = digestParamSet;
             this._encryptionParamSet = encryptionParamSet;
         }
-
     }
-}
\ No newline at end of file
+}
diff --git a/crypto/src/crypto/parameters/ECNamedDomainParameters.cs b/crypto/src/crypto/parameters/ECNamedDomainParameters.cs
index 34e390a8f..4b8e2558f 100644
--- a/crypto/src/crypto/parameters/ECNamedDomainParameters.cs
+++ b/crypto/src/crypto/parameters/ECNamedDomainParameters.cs
@@ -1,35 +1,42 @@
-using Org.BouncyCastle.Asn1;
+using System;
+
+using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Math.EC;
 
 namespace Org.BouncyCastle.Crypto.Parameters
 {
-    public class ECNamedDomainParameters : ECDomainParameters
+    public class ECNamedDomainParameters
+        : ECDomainParameters
     {
-        private DerObjectIdentifier name;
+        private readonly DerObjectIdentifier name;
 
         public DerObjectIdentifier Name
         {
             get { return name; }
         }
 
-        public ECNamedDomainParameters(DerObjectIdentifier name, ECDomainParameters dp) : this(name, dp.curve, dp.g, dp.n, dp.h, dp.seed)
-        { }
-
+        public ECNamedDomainParameters(DerObjectIdentifier name, ECDomainParameters dp)
+            : this(name, dp.curve, dp.g, dp.n, dp.h, dp.seed)
+        {
+        }
 
-        public ECNamedDomainParameters(DerObjectIdentifier name, ECCurve curve, ECPoint g, BigInteger n) : base(curve, g, n)
+        public ECNamedDomainParameters(DerObjectIdentifier name, ECCurve curve, ECPoint g, BigInteger n)
+            : base(curve, g, n)
         {
             this.name = name;
         }
 
-        public ECNamedDomainParameters(DerObjectIdentifier name, ECCurve curve, ECPoint g, BigInteger n, BigInteger h) : base(curve, g, n, h)
+        public ECNamedDomainParameters(DerObjectIdentifier name, ECCurve curve, ECPoint g, BigInteger n, BigInteger h)
+            : base(curve, g, n, h)
         {
             this.name = name;
         }
 
-        public ECNamedDomainParameters(DerObjectIdentifier name, ECCurve curve, ECPoint g, BigInteger n, BigInteger h, byte[] seed) : base(curve, g, n, h, seed)
+        public ECNamedDomainParameters(DerObjectIdentifier name, ECCurve curve, ECPoint g, BigInteger n, BigInteger h, byte[] seed)
+            : base(curve, g, n, h, seed)
         {
             this.name = name;
         }
     }
-}
\ No newline at end of file
+}
diff --git a/crypto/src/crypto/signers/DsaDigestSigner.cs b/crypto/src/crypto/signers/DsaDigestSigner.cs
index 7fd8f535f..15444a0f7 100644
--- a/crypto/src/crypto/signers/DsaDigestSigner.cs
+++ b/crypto/src/crypto/signers/DsaDigestSigner.cs
@@ -126,7 +126,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 
                 return dsa.VerifySignature(hash, sig[0], sig[1]);
             }
-            catch (Exception e)
+            catch (Exception)
             {
                 return false;
             }
diff --git a/crypto/src/crypto/tls/AbstractTlsClient.cs b/crypto/src/crypto/tls/AbstractTlsClient.cs
index bddbab87f..356aab8d2 100644
--- a/crypto/src/crypto/tls/AbstractTlsClient.cs
+++ b/crypto/src/crypto/tls/AbstractTlsClient.cs
@@ -34,7 +34,7 @@ namespace Org.BouncyCastle.Crypto.Tls
         {
             switch (extensionType)
             {
-            case ExtensionType.elliptic_curves:
+            case ExtensionType.supported_groups:
                 /*
                  * Exception added based on field reports that some servers do send this, although the
                  * Supported Elliptic Curves Extension is clearly intended to be client-only. If
@@ -198,7 +198,7 @@ namespace Org.BouncyCastle.Crypto.Tls
                  */
                 CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.signature_algorithms);
 
-                CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.elliptic_curves);
+                CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.supported_groups);
 
                 if (TlsEccUtilities.IsEccCipherSuite(this.mSelectedCipherSuite))
                 {
diff --git a/crypto/src/crypto/tls/DtlsReliableHandshake.cs b/crypto/src/crypto/tls/DtlsReliableHandshake.cs
index 396ea7483..8715cd799 100644
--- a/crypto/src/crypto/tls/DtlsReliableHandshake.cs
+++ b/crypto/src/crypto/tls/DtlsReliableHandshake.cs
@@ -114,7 +114,7 @@ namespace Org.BouncyCastle.Crypto.Tls
                         }
                     }
                 }
-                catch (IOException e)
+                catch (IOException)
                 {
                     // NOTE: Assume this is a timeout for the moment
                 }
diff --git a/crypto/src/crypto/tls/TlsEccUtilities.cs b/crypto/src/crypto/tls/TlsEccUtilities.cs
index fb31e1b07..7b7e89f84 100644
--- a/crypto/src/crypto/tls/TlsEccUtilities.cs
+++ b/crypto/src/crypto/tls/TlsEccUtilities.cs
@@ -26,7 +26,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         public static void AddSupportedEllipticCurvesExtension(IDictionary extensions, int[] namedCurves)
         {
-            extensions[ExtensionType.elliptic_curves] = CreateSupportedEllipticCurvesExtension(namedCurves);
+            extensions[ExtensionType.supported_groups] = CreateSupportedEllipticCurvesExtension(namedCurves);
         }
 
         public static void AddSupportedPointFormatsExtension(IDictionary extensions, byte[] ecPointFormats)
@@ -36,7 +36,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         public static int[] GetSupportedEllipticCurvesExtension(IDictionary extensions)
         {
-            byte[] extensionData = TlsUtilities.GetExtensionData(extensions, ExtensionType.elliptic_curves);
+            byte[] extensionData = TlsUtilities.GetExtensionData(extensions, ExtensionType.supported_groups);
             return extensionData == null ? null : ReadSupportedEllipticCurvesExtension(extensionData);
         }
 
diff --git a/crypto/src/crypto/tls/TlsUtilities.cs b/crypto/src/crypto/tls/TlsUtilities.cs
index e6bd253aa..9f4aac651 100644
--- a/crypto/src/crypto/tls/TlsUtilities.cs
+++ b/crypto/src/crypto/tls/TlsUtilities.cs
@@ -2341,7 +2341,7 @@ namespace Org.BouncyCastle.Crypto.Tls
             {
                 keyExchangeAlgorithm = GetKeyExchangeAlgorithm(cipherSuite);
             }
-            catch (IOException e)
+            catch (IOException)
             {
                 return true;
             }
diff --git a/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs b/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs
index 20eac84ce..ad4d31ede 100644
--- a/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs
+++ b/crypto/src/crypto/util/AlgorithmIdentifierFactory.cs
@@ -1,4 +1,5 @@
 using System;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Kisa;
 using Org.BouncyCastle.Asn1.Misc;
diff --git a/crypto/src/crypto/util/CipherFactory.cs b/crypto/src/crypto/util/CipherFactory.cs
index 0a4010b42..f5998267d 100644
--- a/crypto/src/crypto/util/CipherFactory.cs
+++ b/crypto/src/crypto/util/CipherFactory.cs
@@ -1,4 +1,5 @@
 using System;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Kisa;
 using Org.BouncyCastle.Asn1.Misc;
@@ -11,15 +12,13 @@ using Org.BouncyCastle.Crypto.Engines;
 using Org.BouncyCastle.Crypto.Modes;
 using Org.BouncyCastle.Crypto.Paddings;
 using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Utilities;
 
-namespace Org.BouncyCastle.Crypto.Utilites
+namespace Org.BouncyCastle.Crypto.Utilities
 {
     public class CipherFactory
     {
         private CipherFactory()
         {
-
         }
 
         private static readonly short[] rc2Ekb =
@@ -50,15 +49,12 @@ namespace Org.BouncyCastle.Crypto.Utilites
             if (encAlg.Equals(PkcsObjectIdentifiers.rc4))
             {
                 IStreamCipher cipher = new RC4Engine();
-
                 cipher.Init(forEncryption, encKey);
-
                 return cipher;
             }
             else
             {
                 BufferedBlockCipher cipher = CreateCipher(encryptionAlgID.Algorithm);
-
                 Asn1Object sParams = encryptionAlgID.Parameters.ToAsn1Object();
 
                 if (sParams != null && !(sParams is DerNull))
@@ -110,7 +106,6 @@ namespace Org.BouncyCastle.Crypto.Utilites
 
                 return cipher;
             }
-
         }
 
         private static BufferedBlockCipher CreateCipher(DerObjectIdentifier algorithm)
@@ -118,8 +113,8 @@ namespace Org.BouncyCastle.Crypto.Utilites
             IBlockCipher cipher;
 
             if (NistObjectIdentifiers.IdAes128Cbc.Equals(algorithm)
-        || NistObjectIdentifiers.IdAes192Cbc.Equals(algorithm)
-        || NistObjectIdentifiers.IdAes256Cbc.Equals(algorithm))
+                || NistObjectIdentifiers.IdAes192Cbc.Equals(algorithm)
+                || NistObjectIdentifiers.IdAes256Cbc.Equals(algorithm))
             {
                 cipher = new CbcBlockCipher(new AesEngine());
             }
@@ -146,6 +141,5 @@ namespace Org.BouncyCastle.Crypto.Utilites
 
             return new PaddedBufferedBlockCipher(cipher, new Pkcs7Padding());
         }
-
     }
 }
diff --git a/crypto/src/crypto/util/CipherKeyGeneratorFactory.cs b/crypto/src/crypto/util/CipherKeyGeneratorFactory.cs
index f714c40fd..efaad138c 100644
--- a/crypto/src/crypto/util/CipherKeyGeneratorFactory.cs
+++ b/crypto/src/crypto/util/CipherKeyGeneratorFactory.cs
@@ -1,4 +1,5 @@
 using System;
+
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Kisa;
 using Org.BouncyCastle.Asn1.Nist;
@@ -14,74 +15,69 @@ namespace Org.BouncyCastle.Crypto.Utilities
     {
         private CipherKeyGeneratorFactory()
         {
-
         }
 
         /**
-   * Create a key generator for the passed in Object Identifier.
-   *
-   * @param algorithm the Object Identifier indicating the algorithn the generator is for.
-   * @param random a source of random to initialise the generator with.
-   * @return an initialised CipherKeyGenerator.
-   * @throws IllegalArgumentException if the algorithm cannot be identified.
-   */
+         * Create a key generator for the passed in Object Identifier.
+         *
+         * @param algorithm the Object Identifier indicating the algorithn the generator is for.
+         * @param random a source of random to initialise the generator with.
+         * @return an initialised CipherKeyGenerator.
+         * @throws IllegalArgumentException if the algorithm cannot be identified.
+         */
         public static CipherKeyGenerator CreateKeyGenerator(DerObjectIdentifier algorithm, SecureRandom random)
         {
             if (NistObjectIdentifiers.IdAes128Cbc.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 128);
+                return CreateCipherKeyGenerator(random, 128);
             }
             else if (NistObjectIdentifiers.IdAes192Cbc.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 192);
+                return CreateCipherKeyGenerator(random, 192);
             }
             else if (NistObjectIdentifiers.IdAes256Cbc.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 256);
+                return CreateCipherKeyGenerator(random, 256);
             }
             else if (PkcsObjectIdentifiers.DesEde3Cbc.Equals(algorithm))
             {
                 DesEdeKeyGenerator keyGen = new DesEdeKeyGenerator();
-
                 keyGen.Init(new KeyGenerationParameters(random, 192));
-
                 return keyGen;
             }
             else if (NttObjectIdentifiers.IdCamellia128Cbc.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 128);
+                return CreateCipherKeyGenerator(random, 128);
             }
             else if (NttObjectIdentifiers.IdCamellia192Cbc.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 192);
+                return CreateCipherKeyGenerator(random, 192);
             }
             else if (NttObjectIdentifiers.IdCamellia256Cbc.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 256);
+                return CreateCipherKeyGenerator(random, 256);
             }
             else if (KisaObjectIdentifiers.IdSeedCbc.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 128);
+                return CreateCipherKeyGenerator(random, 128);
             }
             else if (AlgorithmIdentifierFactory.CAST5_CBC.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 128);
+                return CreateCipherKeyGenerator(random, 128);
             }
             else if (OiwObjectIdentifiers.DesCbc.Equals(algorithm))
             {
                 DesKeyGenerator keyGen = new DesKeyGenerator();
-
                 keyGen.Init(new KeyGenerationParameters(random, 64));
-
                 return keyGen;
             }
             else if (PkcsObjectIdentifiers.rc4.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 128);
+                return CreateCipherKeyGenerator(random, 128);
             }
             else if (PkcsObjectIdentifiers.RC2Cbc.Equals(algorithm))
             {
-                return createCipherKeyGenerator(random, 128);
+                return CreateCipherKeyGenerator(random, 128);
             }
             else
             {
@@ -89,12 +85,10 @@ namespace Org.BouncyCastle.Crypto.Utilities
             }
         }
 
-        private static CipherKeyGenerator createCipherKeyGenerator(SecureRandom random, int keySize)
+        private static CipherKeyGenerator CreateCipherKeyGenerator(SecureRandom random, int keySize)
         {
             CipherKeyGenerator keyGen = new CipherKeyGenerator();
-
             keyGen.Init(new KeyGenerationParameters(random, keySize));
-
             return keyGen;
         }
     }
diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs
index 6dc52a865..702c48dd3 100644
--- a/crypto/src/math/ec/rfc8032/Ed25519.cs
+++ b/crypto/src/math/ec/rfc8032/Ed25519.cs
@@ -959,7 +959,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
             PointSetNeutral(r);
 
             int bit = 255;
-            while (bit > 0 && (ws_b[bit] | ws_p[bit]) == 0)
+            while (bit > 0 && ((byte)ws_b[bit] | (byte)ws_p[bit]) == 0)
             {
                 --bit;
             }
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs
index 774052082..597062269 100644
--- a/crypto/src/math/ec/rfc8032/Ed448.cs
+++ b/crypto/src/math/ec/rfc8032/Ed448.cs
@@ -1046,7 +1046,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
             PointSetNeutral(r);
 
             int bit = 447;
-            while (bit > 0 && (ws_b[bit] | ws_p[bit]) == 0)
+            while (bit > 0 && ((byte)ws_b[bit] | (byte)ws_p[bit]) == 0)
             {
                 --bit;
             }
diff --git a/crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfo.cs b/crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfo.cs
index 4c4ae83eb..5882dee38 100644
--- a/crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfo.cs
+++ b/crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfo.cs
@@ -1,10 +1,11 @@
-
+using System;
+using System.IO;
+
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.IO;
-using System;
-using System.IO;
 
 namespace Org.BouncyCastle.Pkcs
 {
@@ -90,12 +91,11 @@ namespace Org.BouncyCastle.Pkcs
 
                 ICipher encIn = decryptorBuilder.BuildCipher(new MemoryInputStream(encryptedPrivateKeyInfo.GetEncryptedData()));
 
-                using (Stream strm = encIn.Stream)
-                {
-                    byte[] data = Streams.ReadAll(encIn.Stream);
-           
-                    return PrivateKeyInfo.GetInstance(data);
-                }
+                Stream strm = encIn.Stream;
+                byte[] data = Streams.ReadAll(encIn.Stream);
+                Platform.Dispose(strm);
+
+                return PrivateKeyInfo.GetInstance(data);
             }
             catch (Exception e)
             {
diff --git a/crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfoBuilder.cs b/crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfoBuilder.cs
index 3b05deea7..8f751492f 100644
--- a/crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfoBuilder.cs
+++ b/crypto/src/pkcs/Pkcs8EncryptedPrivateKeyInfoBuilder.cs
@@ -1,11 +1,11 @@
-using Org.BouncyCastle.Asn1.Pkcs;
+using System;
+using System.IO;
+
+using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.IO;
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Text;
 
 namespace Org.BouncyCastle.Pkcs
 {
@@ -36,10 +36,9 @@ namespace Org.BouncyCastle.Pkcs
                 ICipher cOut = encryptor.BuildCipher(bOut);
                 byte[] keyData = privateKeyInfo.GetEncoded();
 
-                using (var str = cOut.Stream)
-                {
-                    str.Write(keyData, 0, keyData.Length);
-                }
+                Stream str = cOut.Stream;
+                str.Write(keyData, 0, keyData.Length);
+                Platform.Dispose(str);
 
                 return new Pkcs8EncryptedPrivateKeyInfo(new EncryptedPrivateKeyInfo((AlgorithmIdentifier)encryptor.AlgorithmDetails, bOut.ToArray()));
             }
diff --git a/crypto/src/pkcs/PkcsException.cs b/crypto/src/pkcs/PkcsException.cs
index f82d36724..7a69ff736 100644
--- a/crypto/src/pkcs/PkcsException.cs
+++ b/crypto/src/pkcs/PkcsException.cs
@@ -5,13 +5,16 @@ namespace Org.BouncyCastle.Pkcs
     /// <summary>
     /// Base exception for PKCS related issues.
     /// </summary>
-    public class PkcsException : Exception
+    public class PkcsException
+        : Exception
     {
-        public PkcsException(String message) : base(message)
+        public PkcsException(string message)
+            : base(message)
         {
         }
 
-        public PkcsException(String message, Exception underlying) : base(message, underlying)
+        public PkcsException(string message, Exception underlying)
+            : base(message, underlying)
         {
         }
     }
diff --git a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
index 2ccaa32ce..55f4afb19 100644
--- a/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
+++ b/crypto/src/pkix/PkixCertPathValidatorUtilities.cs
@@ -151,7 +151,7 @@ namespace Org.BouncyCastle.Pkix
             {
                 return FindTrustAnchor(cert, trustAnchors) != null;
             }
-            catch (Exception e)
+            catch (Exception)
             {
                 return false;
             }
diff --git a/crypto/src/security/DigestUtilities.cs b/crypto/src/security/DigestUtilities.cs
index 7685e3384..a17a9abee 100644
--- a/crypto/src/security/DigestUtilities.cs
+++ b/crypto/src/security/DigestUtilities.cs
@@ -259,6 +259,11 @@ namespace Org.BouncyCastle.Security
             return (string) algorithms[oid.Id];
         }
 
+        public static byte[] CalculateDigest(DerObjectIdentifier id, byte[] input)
+        {
+            return CalculateDigest(id.Id, input);
+        }
+
         public static byte[] CalculateDigest(string algorithm, byte[] input)
         {
             IDigest digest = GetDigest(algorithm);
diff --git a/crypto/src/util/io/MemoryInputStream.cs b/crypto/src/util/io/MemoryInputStream.cs
index d353314ee..cdc5aafb3 100644
--- a/crypto/src/util/io/MemoryInputStream.cs
+++ b/crypto/src/util/io/MemoryInputStream.cs
@@ -1,13 +1,19 @@
-using System.IO;
+using System;
+using System.IO;
 
 namespace Org.BouncyCastle.Utilities.IO
 {
-    public class MemoryInputStream : MemoryStream
+    public class MemoryInputStream
+        : MemoryStream
     {
-        public MemoryInputStream(byte[] buffer) : base(buffer, false)
+        public MemoryInputStream(byte[] buffer)
+            : base(buffer, false)
         {
         }
 
-        public sealed override bool CanWrite { get { return false; } }
+        public sealed override bool CanWrite
+        {
+            get { return false; }
+        }
     }
 }
diff --git a/crypto/src/util/io/MemoryOutputStream.cs b/crypto/src/util/io/MemoryOutputStream.cs
index a6de64680..828f23b4a 100644
--- a/crypto/src/util/io/MemoryOutputStream.cs
+++ b/crypto/src/util/io/MemoryOutputStream.cs
@@ -1,10 +1,14 @@
-
+using System;
 using System.IO;
 
 namespace Org.BouncyCastle.Utilities.IO
 {
-    public class MemoryOutputStream: MemoryStream
+    public class MemoryOutputStream
+        : MemoryStream
     {
-        public sealed override bool CanRead { get { return false; } }
+        public sealed override bool CanRead
+        {
+            get { return false; }
+        }
     }
 }
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index 6d7bd7a61..6f2f40411 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -8,13 +8,13 @@ using Org.BouncyCastle.Asn1.Misc;
 using Org.BouncyCastle.Asn1.Utilities;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Security.Certificates;
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.X509.Extension;
-using Org.BouncyCastle.Crypto.Operators;
 
 namespace Org.BouncyCastle.X509
 {
@@ -27,8 +27,8 @@ namespace Org.BouncyCastle.X509
 //		, PKCS12BagAttributeCarrier
     {
         private readonly X509CertificateStructure c;
-//        private Hashtable pkcs12Attributes = new Hashtable();
-//        private ArrayList pkcs12Ordering = new ArrayList();
+        //private Hashtable pkcs12Attributes = Platform.CreateHashtable();
+        //private ArrayList pkcs12Ordering = Platform.CreateArrayList();
 		private readonly BasicConstraints basicConstraints;
 		private readonly bool[] keyUsage;