0 votes
by (270 points)

I always had problems with .NET (Core)'s built-in AesGcm class on macOS because of an annoying dependency on OpenSSL:

https://github.com/dotnet/runtime/issues/29811

Does the new AesGcm class in the Rebex.Security.Cryptography namespace always use a completely own implementation of Rebex - which would be great - or does it fall back to .NET's AesGcm class or some OpenSSL or Apple library if available on the system?

1 Answer

0 votes
by (147k points)
selected by
 
Best answer

Currently, our AesGcm class always uses our own GCM implementation on macOS and never falls back to .NET's AesGcm or any third-party library. Our GCM implementation uses .NET's AesCryptoServiceProvider as the underlying AES implementation.

Originally, we did intend to make AesGcm fall back to .NET's AesGcm on macOS (if it was available and worked), but there seems to have been some kind of serious issue in .NET Core 3.1 and .NET 5.0 that made it impossible to detect .NET AesGcm's usability - any attempt to use it caused the whole application to crash (instead of just raising an exception).

We might change this in the future, but if we do, we would most likely add a way to specify which implementation to use.

(As a side note, AesGcm uses MS CNG API on Windows.)

by (270 points)
Perfect, I'm very glad to hear that! Thank you for the detailled response.
...