How to use Rijndael encryption with a .Net Core class library? (Not .Net Framework)

c# .net cryptography .net-core rijndaelmanaged
Ensunder picture Ensunder · Jul 12, 2016 · Viewed 25.1k times · Source

How do we use Rijndael encryption in a .Net Core class library? (Not a .Net Framework Class Library) We need to create a shared .Net Core library for use in multiple projects and need to implement Encrypt and Decrypt methods that use the same Rijndael encryption across the projects.

We are currently using:

  • VS Enterprise 2015
  • c#
  • .Net Core Class Library
  • .NETStandard, Version=v1.6 reference

It appears that the implementation of Rijndael and AES is missing from the .Net Core 1.0 release...it seems to only include the base classes. How do we get a .Net Core implementation of Rijndael or AES encryption added as a reference to a new .Net Core Class Library project?

Here is the Encrypt method that works in .Net Framework 4.5.2:

public static string Encrypt(string valueToEncrypt, string symmetricKey, string initializationVector)
{
    string returnValue = valueToEncrypt;

    var aes = new System.Security.Cryptography.RijndaelManaged();
    try
    {
        aes.Key = ASCIIEncoding.ASCII.GetBytes(symmetricKey);
        aes.IV = ASCIIEncoding.ASCII.GetBytes(initializationVector);
        aes.Mode = CipherMode.CBC;
        aes.Padding = PaddingMode.ISO10126;

        var desEncrypter = aes.CreateEncryptor();
        var buffer = ASCIIEncoding.ASCII.GetBytes(valueToEncrypt);

        returnValue = Convert.ToBase64String(desEncrypter.TransformFinalBlock(buffer, 0, buffer.Length));
    }
    catch (Exception)
    {
        returnValue = string.Empty;
    }

    return returnValue;
}

Answer

bartonjs picture bartonjs · Jul 15, 2016

The difference (in .NET) between Rijndael and AES is that Rijndael allows the block size to change, but AES does not. Since RijndaelManaged's default block size is the same as the AES block size (128 bit / 16 byte) you are, in fact, using AES.

Instead of instantiating the implementation type by name, just use the factory (Aes.Create()). That works in both .NET Core and .NET Framework.

Other things worth mentioning:

  • All SymmetricAlgorithm instances are IDisposable, you should use them in a using statement.
  • All ICryptoTransform instances (such as your incorrectly named desEncryptor) are IDisposable, you should use them in a using statement.
  • ISO10126 padding is not available in .NET Core 1.0. If you need to be compatible with existing streams you can apply the padding yourself and specify PaddingMode.None. Otherwise, PKCS7 is more standard.
  • Your AES key isn't very random, since it comes from an ASCII string (lots of values won't be valid).
    • Base64 at least has full value range
    • PBKDF2 (Password-Based Key Derivation Function 2) via the Rfc2898DeriveBytes class allows for shared-string-secret in, predictable noise out.
    • KeyAgreement is in general better, but neither ECDH nor classic DH are available in .NET Core 1.0.
  • Usually the encryptor should let a random IV be calculated (call aes.GenerateIV() if using the same object for multiple operations) and present it with the ciphertext. So encrypt takes a key and plaintext and produces a ciphertext and IV. Decrypt takes (key, IV, ciphertext) and produces plaintext.

Related questions

Encrypt and decrypt a string in C#?

How can I encrypt and decrypt a string in C#?

Read More
How to read a PEM RSA private key from .NET

I've got an RSA private key in PEM format, is there a straight forward way to read that from .NET and instantiate an RSACryptoServiceProvider to decrypt data encrypted with the corresponding public key?

Read More
How can I sign a file using RSA and SHA256 with .NET?

My application will take a set of files and sign them. (I'm not trying to sign an assembly.) There is a .p12 file that I get the private key from. This is the code I was trying to use, but …

Read More