30

I needed to encrypt data using AES. While researching I discovered the AesCryptoServiceProvider class.

I know very little about encryption and I did not know what the initialization vector (IV) was, so I tried searching for an AES example in stack overflow and that lead me to this question.

Why does the stack overflow link uses the RijndaelManaged class? Are the RijndaelManaged and AesCryptoServiceProvider classes doing the same thing?

Community
  • 1
  • 1
Tono Nam
  • 34,064
  • 78
  • 298
  • 470
  • 1
    No they aren't doing the same thing. See http://stackoverflow.com/a/4863924/328397 – makerofthings7 Mar 18 '14 at 23:33
  • 1
    possible duplicate of [Why are RijndaelManaged and AesCryptoServiceProvider returning different results?](http://stackoverflow.com/questions/957388/why-are-rijndaelmanaged-and-aescryptoserviceprovider-returning-different-results) – Carl Onager May 12 '15 at 14:16

1 Answers1

47

AES is based on Rijndael but with the block size restricted to 128-bits. Rijndael supports a wider range of block sizes and many cryptographic libraries supply a separate Rijndael implementation to complement AES.

Block sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128-bit block size is specified in the AES standard. [Wikipedia]

You linked to the RijndaelManaged class. The equivalent class for AES is AesManaged.

Regarding the difference between the classes: AesManaged simply uses RijndaelManaged with the block size set to 128. AesManaged and RijndaelManaged are not FIPS compliant and when used will throw an exception if the FIPS Group Policy flag is set. .NET Framework 4.6.2 (August 2016) added the AesCng class, an implementation of the CNG version of the AES algorithm.

An IV is a piece of random data, equal in length to the block size, which is required by certain symmetric modes of operation (e.g. CBC-mode). Typically the IV is combined (XOR-ed) with the first block of plaintext or the first block of ciphertext. The idea is to ensure that encrypting the same message twice with the same key will not result in the same output.

EricBDev
  • 1,279
  • 13
  • 21
Duncan Jones
  • 67,400
  • 29
  • 193
  • 254
  • Thanks so much Duncan. How do I specify the block size though? For example you mentioned that Rijndael supports a wider range of block sizes such as 255 bits. That is determined by the length of the IV key? If I pass a key of 16 bytes I will using 128 bit encryption if I pass a IV key of 32 bytes I will be using 256 bit encryption ? – Tono Nam Nov 21 '12 at 14:12
  • I'm not sure - I've not used the classes myself. If I had to guess, you may need to set the `BlockSize` property manually if it's not inferred from the IV length. – Duncan Jones Nov 21 '12 at 15:06
  • 3
    Your last statement about the differences is very wrong in regards to `AesManaged`. `AesManaged` simply uses `RijndaelManaged` with the block size set to 128. `AesManaged` also is not FIPS compliant and will throw an exception if the FIPS Group Policy flag is set. At present in .NET there is no support for the CNG version of the AES algorithm. –  Nov 21 '12 at 15:30
  • @MatthewFerreira Thank you for the corrections - I've edited my answer and welcome any further comments. (Feel free to edit yourself, if I still have errors). – Duncan Jones Nov 21 '12 at 16:11
  • 1
    `XOR'd` *. Typically the IV is `xored` with the first block; not OR'd. – Ian Boyd Nov 21 '12 at 16:20
  • 5
    @TonoNam AES uses 128-bit **block** size. With that 128-bit block size you can use 256-bit **keys**. – Ian Boyd Nov 21 '12 at 16:22
  • @IanBoyd Thanks. Clearly I didn't have enough coffee before starting this answer :-) – Duncan Jones Nov 21 '12 at 16:29
  • RijndaelManaged is not FIPS compliant – xmen Dec 28 '14 at 08:31