 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / January 2007AES with SslStream
Hi, I'm trying to determine if all of the cipher suite CipherAlgorithmType types are available when using SslStream. By defaults only RC4 is showing up in my SslStream.CipherSuite property, but I need some of the AES cipher suites. As of a year ago, my understanding is that the AES types are still not realized because the underlying Microsoft AES Cryptographic Provider was not yet visible to .NET or SslStream. Here is that newsgroup inquiry from somebody - November 2005: Question: "I am having major problems connecting to a specific SSL-enabled server. This server only supports AES 128 and AES 256, but the .NET 2.0 SslStream class doesn't seem to support it (although the CipherAlgorithmType enum has the values Aes128 and Aes256)." Answer: The underlying security package that System.Net uses (SSPI - a part of Windows) currently does not support those cipher suites. Mike Flasko - PM, System.Net & Winsock, MSFT Is it still the case that AES is not useable from .NET and only useable via the CryptoAPI using C++ or C? Here is the list from the CipherAlgorithmType page, where only the last 4 are useable. Aes The Advanced Encryption Standard (AES) algorithm. Aes128 The Advanced Encryption Standard (AES) algorithm with a 128 bit key. Aes192 The Advanced Encryption Standard (AES) algorithm with a 192 bit key. Aes256 The Advanced Encryption Standard (AES) algorithm with a 256 bit key. Des The Data Encryption Standard (DES) algorithm. None No encryption algorithm is used. Rc2 Rivest's Code 2 (RC2) algorithm. Rc4 Rivest's Code 4 (RC4) algorithm. TripleDes The Triple Data Encryption Standard (3DES) algorithm. Is there a way to make the Microsoft AES Cryptographic Provider visable to .NET by performing the tasks indicated in the knowledge base article 245030? Thanks My understanding is that this is still the case. You would need to wait for that to show up in the OS as a standard supported SSL algorithm for SslStream to be able to use it, as it is doing pinvoke to the SSPI schannel provider. I can't remember which version of Windows is supposed to get that support, but you might be waiting for Vista/Longhorn server. I think someone from MS may have disclosed this on one of the non-.NET security newsgroups. Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > Hi, > I'm trying to determine if all of the cipher suite CipherAlgorithmType [quoted text clipped - 40 lines] > > Thanks Okay, thanks. Therefore it seems that the Microsoft AES Cryptographic Provider present for Win2K or greater is currently only useable via the CryptoAPI which makes it a C++ project. It seems I'll need to find some C++ sample code for a Winsock with TLS implementation so I can use the AES cipher suites. > My understanding is that this is still the case. You would need to wait > for that to show up in the OS as a standard supported SSL algorithm for [quoted text clipped - 51 lines] >> >> Thanks .Net has had managed Rijndael (i.e. AES) since 1.0. AES for SSL, TMK, is available in Vista. http://blogs.msdn.com/windowsvistasecurity/archive/2006/08/25/724271.aspx SignatureWilliam Stacey [C# MVP] | Hi, | I'm trying to determine if all of the cipher suite CipherAlgorithmType types [quoted text clipped - 36 lines] | | Thanks That's a great article. It seems to imply that AES is not available until Vista in spite of the Microsoft AES Cryptographic Provider that is a part of XP etc or Win2KX. I'm guessing that they mean that only with the advent of Vista is it useable from .NET, presumably by using SslStream. > .Net has had managed Rijndael (i.e. AES) since 1.0. > AES for SSL, TMK, is available in Vista. [quoted text clipped - 53 lines] > | > | Thanks I cannot believe it. AES has been around since 2002 and is quickly becoming the standard SSL symmetric protocol due to its security and speed, but it will never really be supported in Windows XP or Windows Server 2003? Who cares if it can be used from the CryptoAPI... What we need is for it to be available with SChannel. I have been banging my head against the wall for a week trying to figure out why I couldn't get the AES CSP to work with our application. We are building a product that will be exported outside the United States, so the only strong encryption we can legally use is AES. To hear that this is not possible on our Windows Server 2003 cluster is unacceptable. We will not be running our application on Vista, since we are deploying on a machine cluster. I suppose this means we need to wait for Longhorn to deploy an application that uses technology from 2002. Like I said in the beginning, I can't believe it. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.