Microsoft .NET Code Analysis: The Rijndael and Rijndaelmanaged Types Are Superseded

Posted on by David (dotNetDave) McCarter

Since September 2021, the Rijndael and RijndaelManaged types have been superseded by the AesManaged type in .NET. While Rijndael is still supported, it is generally not recommended to use the RijndaelManaged class due to its lack of support for certain block and key sizes required for AES compatibility. Instead, it is advised to use the AesManaged class, which provides a more secure and efficient implementation of AES. Here is a code example showcasing the usage of both encryption algorithms:

using System;
using System.Security.Cryptography;
using System.Text;
public class Program
{
    public static void Main()
    {
        // Encryption using RijndaelManaged (not recommended)
        string plainText = "Hello, World!";
        byte[] key = Encoding.UTF8.GetBytes("0123456789ABCDEF");
        byte[] iv = Encoding.UTF8.GetBytes("1234567890ABCDEF");

        using (var rijndael = new RijndaelManaged())
        {
            rijndael.Key = key;
            rijndael.IV = iv;

            byte[] encryptedData = Encrypt(plainText, rijndael);
            string decryptedText = Decrypt(encryptedData, rijndael);

            Console.WriteLine("RijndaelManaged - Encrypted Data: " +
                Convert.ToBase64String(encryptedData));
            Console.WriteLine("RijndaelManaged - Decrypted Text: " + 
                                           decryptedText);
        }

        Console.WriteLine();

        // Encryption using AesManaged (recommended)
        using (var aes = new AesManaged())
        {
            aes.Key = key;
            aes.IV = iv;

            byte[] encryptedData = Encrypt(plainText, aes);
            string decryptedText = Decrypt(encryptedData, aes);

            Console.WriteLine("AesManaged - Encrypted Data: " + 
                Convert.ToBase64String(encryptedData));
            Console.WriteLine("AesManaged - Decrypted Text: " + 
                decryptedText);
        }
    }

    public static byte[] Encrypt(string plainText,
                                                SymmetricAlgorithm algorithm)
    {
        byte[] encryptedData;

        using (var encryptor = algorithm.CreateEncryptor())
        {
            byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);

            encryptedData = encryptor.TransformFinalBlock(plainBytes, 
                                             0, plainBytes.Length);
        }

        return encryptedData;
    }

    public static string Decrypt(byte[] encryptedData,
                                                SymmetricAlgorithm algorithm)
    {
        string decryptedText;

        using (var decryptor = algorithm.CreateDecryptor())
        {
            byte[] decryptedBytes = decryptor.TransformFinalBlock(
                                                        encryptedData, 
                                                        0, encryptedData.Length);

            decryptedText = Encoding.UTF8.GetString(decryptedBytes);
        }

        return decryptedText;
    }
}

Failing to stay updated on the most secure algorithms can have serious consequences, including potential fines during a security audit, as I personally witnessed during my time at a previous company. To observe how I implemented this in Spargine, please refer to the EncryptionHelper class in DotNetTips.Spargine.6.Core.

When I setup the SYSLIB0022 code analysis in my .editorConfig it looks like this: dotnet_diagnostic.SYSLIB0022.severity = error

Summary

During my review of the codebase for this article, I identified 4 instances where this issue occurs.

For further guidance and insights, I highly recommend obtaining a copy of my book, “Rock Your Code: Coding Standards for Microsoft .NET” available on Amazon.com. Additionally, to explore more performance tips for .NET, I encourage you to acquire the 3rd edition of “Rock Your Code: Code & App Performance for Microsoft .NET” also available on Amazon.com.

To analyze your code using the same settings I used in these articles, I encourage you to incorporate my EditorConfig file. It can be found at the following link: https://bit.ly/dotNetDaveEditorConfig. I update this file quarterly, so remember to keep yours up to date as well. I hope you will check out my OSS project Spargine by using this link: https://bit.ly/Spargine.

Please feel free to leave a comment below. I would appreciate hearing your thoughts and feedback.

Pick up any books by David McCarter by going to Amazon.com: http://bit.ly/RockYourCodeBooks

One-Time
Monthly
Yearly

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00
$15.00
$100.00
$5.00
$15.00
$100.00
$5.00
$15.00
$100.00

Or enter a custom amount

$

Your contribution is appreciated.

Your contribution is appreciated.

Your contribution is appreciated.

DonateDonate monthlyDonate yearly

If you liked this article, please buy David a cup of Coffee by going here: https://www.buymeacoffee.com/dotnetdave

© The information in this article is copywritten and cannot be reproduced in any way without express permission from David McCarter.

Discover more from dotNetTips.com

Subscribe to get the latest posts sent to your email.

Unknown's avatar

Published by David (dotNetDave) McCarter

I live in Austin, TX USA

One thought on “Microsoft .NET Code Analysis: The Rijndael and Rijndaelmanaged Types Are Superseded

  1. Pingback: .NET related news 06/06/2023 – The Daily .NET feed

Leave a Reply