Browsed by
Tag: FIPS 140-2

RijndaelManaged, AesManaged, and AesCryptoServiceProvider – SimpleAccountLocker App

RijndaelManaged, AesManaged, and AesCryptoServiceProvider – SimpleAccountLocker App

I recently wanted to write a small app to become more familiar with .NET encryption/decryption libraries. As a result, I created a quick little account locker app which stores manually entered account data locally. Sure, there are great services available which do this already and automate the process, i.e. last pass, for saving passwords securely across multiple devices – however, SimpleAccountLocker is an extremely minimal app which provides the basis to store data locally if you do not wish to save off-site; likewise, it was a fun little way to play with some security libraries.

You can view the app on my GitHub: https://github.com/MrChrisHammond/SimpleAccountLocker

To begin, .NET offers many different encryption classes, however, for this app’s purpose, the main AES classes I tested out include:

– RijndaelManaged
– AesManaged
– AesCryptoServiceProvider

All three of these are based on AES – a specification for encryption created by the US National Institute of Standards and Technology (NIST) in 2001. This method of encryption is symmetric and allows data to be encrypted and later decrypted with a key and initialization vector. This is helpful when you have data you wish to store securely but have a later need to decrypt and read it – for example, an instant message. Nonetheless, within the aforementioned classes are a few differences. For instance, RijndaelManaged allows you to set a different block size whereas AesManaged maintains the same fixed blocksize of 128 so-as not to compromise security. However, AesManaged is actually based on RijndaelManaged.

In terms of compliance, AesCryptoServiceProvider uses a library which is FIPS compliant1 whereas RijndaelManaged and AesManaged do not.  If you are not familiar with FIPS, you might be wondering – what is it? The Federal Information Processing Standard is a set of rules which sets the requirements on approving cryptographic modules. Although this is a US government standard, here in Canada the Communications Security Establishment (CSE) uses FIPS 140-1 and 2 as part of its certification2.

In code, all three of these can be used to encrypt data with an ICryptoTransform transformation, CryptoStream decorator, and using a key and Initialization Vector (IV). Below is a  comparison of AesCryptoServiceProvider vs RijndaelManaged within SimpleAccountLocker.