From my reading I am not sure if AES is a single, standardized algorithm that can work with different length keys, or a family of similar algorithms? What I mean is if I find any 2 AES implementations taking a 128-bit key, should I be confident they will work identically (barring bugs)?
Specifically in .Net/C#, I was confused why there are two implementations of abstract base class System.Security.Cryptography.Aes
: System.Security.Cryptography.AesCryptoServiceProvider
& System.Security.Cryptography.AesManaged
.
Then there seems to be distinction/overlap between AES and Rijndael, .NET has Rijndael
and RijndaelManaged
classes, as well as RijndaelManagedTransform
What's the differences between all of these? I notice AES classes seem to only exist since .NET 3.5 whereas Rijndael has been around since 1.0
Sorry if these are dumb questions, I'm new to crypto other than secure hashing functions.
AES, the Advanced Encryption Standard, defines in FIPS PUB 197 three symmetric block-ciphers: AES-128, AES-192 and AES-256. All three algorithms are defined by specific parameter-choices for the Rijndael algorithm.
AES-128-encryption is a function (key, data) -> (encryption).
Rijndael-encryption is a function (key, data, block-size, key-size) -> (encryption).
AesCryptoServiceProvider
uses the underlying Windows CryptoAPI to perform the encryption.
AesManaged
performs the encryption in pure managed code. RijndaelManaged
supports the full range of parameter-choices (also in pure managed code).
Advantages to using AesCryptoServiceProvider
include potential for higher speed and the fact that CryptoAPI is FIPS certified (on certain versions of Windows).
Advantages to AesManaged
include portability (AesCryptoServiceProvider
is not supported on all versions of Windows).
The only advantage to RijndaelManaged
is that it is supported in early versions of the .NET framework - I haven't ever seen anyone use the non-AES parameter-choices.
The following is from the AesCryptoServiceProvider MSDN page.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role not supported), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
The thing is though, I don't really see a reason as to why it wouldn't be supported. .NET 3.5 is commonly installed on Windows XP now, but there may be something about the CLR before XP SP3 that may be different and prevent this from working properly. There's really not enough information on the MSDN page to speculate even; though.
As for your question, the differences (again from MSDN) between the classes are as follows:
AesManaged
Provides a managed implementation of the Advanced Encryption Standard (AES) symmetric algorithm.
The AES algorithm is essentially the Rijndael symmetric algorithm with a fixed block size and iteration count. This class functions the same way as the RijndaelManaged class but limits blocks to 128 bits and does not allow feedback modes.
AesCryptoServiceProvider
Performs symmetric encryption and decryption using the Cryptographic Application Programming Interfaces (CAPI) implementation of the Advanced Encryption Standard (AES) algorithm.
Aes
Represents the abstract base class from which all implementations of the Advanced Encryption Standard (AES) must inherit.
I have always stuck with the *CryptoServiceProvider implementations as they have always provided me with what I desire. The only thing I suggest is if you want to see if the different classes perform differently is to write some test cases and unit tests, and actually see it in action.
Please note that these functions are not supported on XP (not even XP SP3), so if XP support is important, you should not use them