12

The MSDN link provides references to concrete AES classes:

  • System.Security.Cryptography.AesCng
  • System.Security.Cryptography.AesCryptoServiceProvider
  • System.Security.Cryptography.AesManaged

However AesCryptoServiceProvider is for older machines and AesManaged is not certified for FIPS. So the only option is AesCng. The AesCng has a property called Mode, which will only take: CBC, ECB, OFB, CFB, CTS but no GCM.

  1. Is AES GCM supported on this framework?
  2. If yes, is there an example?
  3. If no, then what are my options?
Raghu
  • 2,859
  • 4
  • 33
  • 65
  • 3
    No, no and [use BouncyCastle](http://www.bouncycastle.org/csharp/) – Luke Joshua Park Sep 06 '17 at 06:01
  • Is this my only option? – Raghu Sep 06 '17 at 06:05
  • 1
    Obviously BouncyCastle isn't the only AES implementation that supports GCM mode, so no. But it is the most common. – Luke Joshua Park Sep 06 '17 at 06:06
  • 1
    The other option is to P/Invoke into [BCryptEncrypt](https://msdn.microsoft.com/en-us/library/windows/desktop/aa375421(v=vs.85).aspx) manually. – bartonjs Sep 06 '17 at 15:49
  • 1
    Note that it _is_ in .NET Core (since 2.1.3): https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesGcm.cs – Timo Sep 17 '18 at 14:51
  • 2
    @Timo Not for release it seems, it says that it will be in 3.0 [here](https://github.com/dotnet/corefx/pull/31389) (github feature request for GCM / CCM) – Maarten Bodewes Jan 08 '19 at 14:38

1 Answers1

6

This answer reflects the comments from Luke Park, bartonjs, Timo, aand Maarten Bodewes above.

One option is to use the Bouncycastle C# library, which has its own self-contained implementation of AES as well as the GCM mode. Look at the source code for the classes GCMBlockCipher, AesEngine, and AEADParameters.

Another option is to use P/Invoke to manually call BCryptEncrypt.

Finally, note that .NET Core will have support starting in 3.0. The source is already available in github.

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
  • 2
    As an update in Jan 2021, the documentation for the [AesGcm class](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm?view=net-5.0) is now live on MSDN and it's supported in .Net 5.0 and .Net Core 3.0. It's part of .Net Standard 2.1. – reirab Jan 19 '21 at 22:35
  • @reirab do you know how can I use AesGcm in PowerShell? In my powershell ise, by type in [System.Security.Cryptography. , I cannot find AesGcm. – Mark Aug 11 '21 at 08:24
  • @Mark I don't, sorry. I'd suggest [asking a new question](https://stackoverflow.com/questions/ask) for that, as other people here probably do know the answer. That will also make it much easier for others with the same question to find the answer in the future. – reirab Aug 11 '21 at 18:03
  • 1
    @reirab Thanks for that. I asked a new question https://stackoverflow.com/questions/68750953/how-to-call-security-cryptography-aesgcm-and-its-method-in-powershell – Mark Aug 12 '21 at 02:38