Hello Support,
we just upgraded to the latest version to get AES256-GCM support. Now one of our customers wants to use an idp that uses http://www.w3.org/2009/xmlenc11#aes128-gcm exclusively. Is there any way to add support for this algorithm?
AES-GCM support is available through an extension to our product. It requires the use of BouncyCastle as AES-GCM support currently isn’t included in the .NET framework.
Please take a look at the project under the Extensions\AesGcmEncryption folder. I’ve included the readme.txt contents below for your convenience.
Overview
========
Adds support for the following data encryption algorithms:
http://www.w3.org/2009/xmlenc11#aes128-gcm
http://www.w3.org/2009/xmlenc11#aes192-gcm
http://www.w3.org/2009/xmlenc11#aes256-gcm
The Bouncy Castle (https://www.bouncycastle.org/csharp/index.html) AES-GCM implementation is used as this support
currently isn’t available in the .NET framework (https://github.com/dotnet/runtime/issues/34784).
Building
======
Build the AesGcmExtension project.
Registering
=========
Add the ComponentSpace.AesGcmExtension.dll and BouncyCastle.Crypto.dll to the application.
Alternatively, copy the AesGcmXmlEncryptionExtension.cs directly into the application’s project.
Register the algorithms at application start-up as follows:
using ComponentSpace.AesGcmExtension;
using ComponentSpace.SAML2.Utility;
XmlEncryptionExtensions.DataEncryptionExtensions[“http://www.w3.org/2009/xmlenc11#aes128-gcm”] = new AesGcmXmlEncryptionExtension();
XmlEncryptionExtensions.DataEncryptionExtensions[“http://www.w3.org/2009/xmlenc11#aes192-gcm”] = new AesGcmXmlEncryptionExtension();
XmlEncryptionExtensions.DataEncryptionExtensions[“http://www.w3.org/2009/xmlenc11#aes256-gcm”] = new AesGcmXmlEncryptionExtension();
Hello,
thank you for pointing me in the right direction. The solution seems to work as expected.
FYI, the API for the latest libraries seems to be XmlEncryptionExtensions.DataEncryptionExtensions instead of XmlEncryptionExtensions.DataDecryptionMethods
Thanks for pointing that out. I’ll see that our documentation is updated accordingly.
[quote][/quote]
AES-GCM support is available through an extension to our product. It requires the use of BouncyCastle as AES-GCM support currently isn't included in the .NET framework.
Please take a look at the project under the Extensions\AesGcmEncryption folder. I've included the readme.txt contents below for your convenience.
Overview
========
Adds support for the following data encryption algorithms:
http://www.w3.org/2009/xmlenc11#aes128-gcm
http://www.w3.org/2009/xmlenc11#aes192-gcm
http://www.w3.org/2009/xmlenc11#aes256-gcm
The Bouncy Castle (https://www.bouncycastle.org/csharp/index.html) AES-GCM implementation is used as this support
currently isn't available in the .NET framework (https://github.com/dotnet/runtime/issues/34784).
Building
======
Build the AesGcmExtension project.
Registering
=========
Add the ComponentSpace.AesGcmExtension.dll and BouncyCastle.Crypto.dll to the application.
Alternatively, copy the AesGcmXmlEncryptionExtension.cs directly into the application's project.
Register the algorithms at application start-up as follows:
using ComponentSpace.AesGcmExtension;
using ComponentSpace.SAML2.Utility;
XmlEncryptionExtensions.DataEncryptionExtensions["http://www.w3.org/2009/xmlenc11#aes128-gcm"] = new AesGcmXmlEncryptionExtension();
XmlEncryptionExtensions.DataEncryptionExtensions["http://www.w3.org/2009/xmlenc11#aes192-gcm"] = new AesGcmXmlEncryptionExtension();
XmlEncryptionExtensions.DataEncryptionExtensions["http://www.w3.org/2009/xmlenc11#aes256-gcm"] = new AesGcmXmlEncryptionExtension();
Please take a look at the project under the Extensions\AesGcmEncryption folder. I've included the readme.txt contents below for your convenience.
Overview
========
Adds support for the following data encryption algorithms:
http://www.w3.org/2009/xmlenc11#aes128-gcm
http://www.w3.org/2009/xmlenc11#aes192-gcm
http://www.w3.org/2009/xmlenc11#aes256-gcm
The Bouncy Castle (https://www.bouncycastle.org/csharp/index.html) AES-GCM implementation is used as this support
currently isn't available in the .NET framework (https://github.com/dotnet/runtime/issues/34784).
Building
======
Build the AesGcmExtension project.
Registering
=========
Add the ComponentSpace.AesGcmExtension.dll and BouncyCastle.Crypto.dll to the application.
Alternatively, copy the AesGcmXmlEncryptionExtension.cs directly into the application's project.
Register the algorithms at application start-up as follows:
using ComponentSpace.AesGcmExtension;
using ComponentSpace.SAML2.Utility;
XmlEncryptionExtensions.DataEncryptionExtensions["http://www.w3.org/2009/xmlenc11#aes128-gcm"] = new AesGcmXmlEncryptionExtension();
XmlEncryptionExtensions.DataEncryptionExtensions["http://www.w3.org/2009/xmlenc11#aes192-gcm"] = new AesGcmXmlEncryptionExtension();
XmlEncryptionExtensions.DataEncryptionExtensions["http://www.w3.org/2009/xmlenc11#aes256-gcm"] = new AesGcmXmlEncryptionExtension();
Hi There. Where do we find the AesGcmExtension.dll? or the cs file?
Thanks.
We don’t ship it as a DLL or CS. Instead, it’s shipped as a NuGet package.
You’ll find a ComponentSpace.Saml2.Net.Extension.AesGcm.*.nupkg in the bin folder along with the other NuGet packages.
The “AES-GCM Extension” section in the Developer Guide has information on using this extension.