17

How do we use Rijndael encryption in a .Net Core class library? (Not a .Net Framework Class Library) We need to create a shared .Net Core library for use in multiple projects and need to implement Encrypt and Decrypt methods that use the same Rijndael encryption across the projects.

We are currently using:

  • VS Enterprise 2015
  • c#
  • .Net Core Class Library
  • .NETStandard, Version=v1.6 reference

It appears that the implementation of Rijndael and AES is missing from the .Net Core 1.0 release...it seems to only include the base classes. How do we get a .Net Core implementation of Rijndael or AES encryption added as a reference to a new .Net Core Class Library project?

Here is the Encrypt method that works in .Net Framework 4.5.2:

public static string Encrypt(string valueToEncrypt, string symmetricKey, string initializationVector)
{
    string returnValue = valueToEncrypt;

    var aes = new System.Security.Cryptography.RijndaelManaged();
    try
    {
        aes.Key = ASCIIEncoding.ASCII.GetBytes(symmetricKey);
        aes.IV = ASCIIEncoding.ASCII.GetBytes(initializationVector);
        aes.Mode = CipherMode.CBC;
        aes.Padding = PaddingMode.ISO10126;

        var desEncrypter = aes.CreateEncryptor();
        var buffer = ASCIIEncoding.ASCII.GetBytes(valueToEncrypt);

        returnValue = Convert.ToBase64String(desEncrypter.TransformFinalBlock(buffer, 0, buffer.Length));
    }
    catch (Exception)
    {
        returnValue = string.Empty;
    }

    return returnValue;
}
spottedmahn
  • 11,379
  • 7
  • 75
  • 144
Ensunder
  • 283
  • 1
  • 3
  • 8
  • 1
    What's the issue in .NET Core? Is a library missing? – Nate Barbettini Jul 12 '16 at 16:00
  • 2
    Seems like it's on the roadmap for the 1.1 release: https://github.com/dotnet/corefx/issues/9984 – Eli Arbel Jul 12 '16 at 16:01
  • Correct Nate, the primary issue seems to be that the Rijndael implementation is missing from the Cryptography reference in the current release of .Net Core...just Base class abstract implementations. – Ensunder Jul 12 '16 at 17:52
  • 1. ISO10126 has been withdrawn, PKCS#7 is probably a better choice and actually seems to meet the ISO10126 spec. 2. It is best to use a random iv else identical messages have the same encrypted bytes. Generally the iv is created from a CPRNG and prepended to the encrypted data for use during decryption. 3. Using a string as the encryption is not particularly secure and may cause key length issues. It is better to use a key derivation function such as PBKFD1. There is also the blind hope the password will be ACIII and not another encoding such as unicode. – zaph Aug 01 '16 at 15:40

2 Answers2

28

The difference (in .NET) between Rijndael and AES is that Rijndael allows the block size to change, but AES does not. Since RijndaelManaged's default block size is the same as the AES block size (128 bit / 16 byte) you are, in fact, using AES.

Instead of instantiating the implementation type by name, just use the factory (Aes.Create()). That works in both .NET Core and .NET Framework.

Other things worth mentioning:

  • All SymmetricAlgorithm instances are IDisposable, you should use them in a using statement.
  • All ICryptoTransform instances (such as your incorrectly named desEncryptor) are IDisposable, you should use them in a using statement.
  • ISO10126 padding is not available in .NET Core 1.0. If you need to be compatible with existing streams you can apply the padding yourself and specify PaddingMode.None. Otherwise, PKCS7 is more standard.
  • Your AES key isn't very random, since it comes from an ASCII string (lots of values won't be valid).
    • Base64 at least has full value range
    • PBKDF2 (Password-Based Key Derivation Function 2) via the Rfc2898DeriveBytes class allows for shared-string-secret in, predictable noise out.
    • KeyAgreement is in general better, but neither ECDH nor classic DH are available in .NET Core 1.0.
  • Usually the encryptor should let a random IV be calculated (call aes.GenerateIV() if using the same object for multiple operations) and present it with the ciphertext. So encrypt takes a key and plaintext and produces a ciphertext and IV. Decrypt takes (key, IV, ciphertext) and produces plaintext.
bartonjs
  • 23,118
  • 2
  • 51
  • 90
  • bartonjs: sorry if this is a stupid question, but I've tried to search for how to do it...how would I manually apply the ISO10126 padding? We do need to be compatible with existing streams. – Ensunder Jul 25 '16 at 14:41
  • Extend the array to be block aligned (adding another block if it already is) and fill it per https://en.wikipedia.org/wiki/Padding_(cryptography)#ISO_10126. If you are using streams you can either drain it to an array or make a custom ICryptoTramsform to wrap the current one and apply/remove the padding in TransformFinalBlock. (The custom transform would also work for direct bytes, of course). – bartonjs Jul 25 '16 at 15:15
  • When use CFB with NoPadding. CreateEncryptor created from Aes cannot has InputBlockSize == 1. RijndaelManaged does not have this problem. – Diryboy Aug 29 '17 at 09:17
  • I have stuff encrypted with blocksize=256. How would I accomplish decrypting this? – Joe Phillips Jan 18 '19 at 16:47
2

If you just want to encrypt/decrypt stuff, avoid using Rijndael directly as asp.net core has some much nicer wrappers that are much easier to use and more likely to be properly secure by default. It is known as DataProtection.

using Microsoft.AspNetCore.DataProtection;

// During startup add DP
serviceCollection.AddDataProtection();

...

// the 'provider' parameter is provided by DI
public MyClass(IDataProtectionProvider provider)
{
    _protector = provider.CreateProtector("Contoso.MyClass.v1");
}

...

// protect the payload
string protectedPayload = _protector.Protect(input);
Console.WriteLine($"Protect returned: {protectedPayload}");

...

// unprotect the payload
string unprotectedPayload = _protector.Unprotect(protectedPayload);
Console.WriteLine($"Unprotect returned: {unprotectedPayload}");

See the data protection docs for more information

alastairtree
  • 3,114
  • 24
  • 39