Does the new AesGcm class fall back to .NET 5's version?

0 votes
asked Jan 28 by stefancgn (260 points)

I always had problems with .NET (Core)'s built-in AesGcm class on macOS because of an annoying dependency on OpenSSL:

Does the new AesGcm class in the Rebex.Security.Cryptography namespace always use a completely own implementation of Rebex - which would be great - or does it fall back to .NET's AesGcm class or some OpenSSL or Apple library if available on the system?

1 Answer

0 votes
answered Jan 28 by Lukas Pokorny (121,790 points)
selected Jan 28 by stefancgn
Best answer

Currently, our AesGcm class always uses our own GCM implementation on macOS and never falls back to .NET's AesGcm or any third-party library. Our GCM implementation uses .NET's AesCryptoServiceProvider as the underlying AES implementation.

Originally, we did intend to make AesGcm fall back to .NET's AesGcm on macOS (if it was available and worked), but there seems to have been some kind of serious issue in .NET Core 3.1 and .NET 5.0 that made it impossible to detect .NET AesGcm's usability - any attempt to use it caused the whole application to crash (instead of just raising an exception).

We might change this in the future, but if we do, we would most likely add a way to specify which implementation to use.

(As a side note, AesGcm uses MS CNG API on Windows.)

commented Jan 28 by stefancgn (260 points)
Perfect, I'm very glad to hear that! Thank you for the detailled response.