AesGcmStrict 1.0.2
dotnet add package AesGcmStrict --version 1.0.2
NuGet\Install-Package AesGcmStrict -Version 1.0.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="AesGcmStrict" Version="1.0.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add AesGcmStrict --version 1.0.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: AesGcmStrict, 1.0.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install AesGcmStrict as a Cake Addin
#addin nuget:?package=AesGcmStrict&version=1.0.2
// Install AesGcmStrict as a Cake Tool
#tool nuget:?package=AesGcmStrict&version=1.0.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
AesGcmStrict (.NET)
by Stan Drapkin
AesGcmStrict
class:
- Wraps AesGcm and enforces AesGcm Tag to be exactly
16
bytes. UseAesGcmStrict
instead of AesGcm. - AesGcm allows truncated Tags: any AesGcm-provided Tag truncated to ex. 12 bytes will successfully decrypt.
Example of the problem:
Span<byte> plaintext = Encoding.UTF8.GetBytes("Hello World!");
Span<byte> key = new byte[32];
Span<byte> nonce = new byte[12];
Span<byte> ciphertext = new byte[plaintext.Length];
Span<byte> tag = new byte[16]; // generating a 16-byte Tag!
using var gcm = new AesGcm(key);
Console.WriteLine(Encoding.UTF8.GetString(plaintext));
gcm.Encrypt(nonce, plaintext, ciphertext, tag);
plaintext.Clear();
tag = tag.Slice(0, 12); // truncating the Tag to ex. 12 bytes
gcm.Decrypt(nonce, ciphertext, tag, plaintext); // decrypts successfully (PROBLEM)
Console.WriteLine(Encoding.UTF8.GetString(plaintext));
Most users of AesGcm might expect ~128 bits of Tag-security, but effectively get only ~96 bits at best.
How to fix with AesGcmStrict
:
- Add the namespace:
using SecurityDriven;
- Replace
AesGcm
withAesGcmStrict
Same example with AesGcmStrict
:
// using SecurityDriven;
Span<byte> plaintext = Encoding.UTF8.GetBytes("Hello World!");
Span<byte> key = new byte[32];
Span<byte> nonce = new byte[12];
Span<byte> ciphertext = new byte[plaintext.Length];
Span<byte> tag = new byte[16]; // generating a 16-byte Tag!
using var gcm = new AesGcmStrict(key); // switching to AesGcmStrict
Console.WriteLine(Encoding.UTF8.GetString(plaintext));
gcm.Encrypt(nonce, plaintext, ciphertext, tag);
plaintext.Clear();
tag = tag.Slice(0, 12); // truncating the Tag to ex. 12 bytes
gcm.Decrypt(nonce, ciphertext, tag, plaintext); // throws ArgumentException (tag must be 16 bytes)
Console.WriteLine(Encoding.UTF8.GetString(plaintext));
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.1 is compatible. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
.NETStandard 2.1
- No dependencies.
-
net6.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.0.2 | 488 | 6/30/2022 |
Replacement for System.Security.Cryptography.AesGcm.