AesGcm authentication tag size on macOS
AesGcm on macOS only supports 16-byte (128-bit) authentication tags when using Encrypt or Decrypt in .NET 8 and later versions.
Previous behavior
On macOS, Encrypt and Decrypt supported authentication tag sizes ranging from 12 to 16 bytes, provided OpenSSL was available.
In addition, the AesGcm.TagByteSizes property reported that it supported sizes ranging from 12 to 16 bytes, inclusive.
New behavior
On macOS, Encrypt and Decrypt support 16-byte authentication tags only. If you use a smaller tag size on macOS, an ArgumentException is thrown at run time.
The AesGcm.TagByteSizes property returns a value of 16 as the supported tag size.
Version introduced
.NET 8 Preview 1
Type of breaking change
This change is a behavioral change.
Reason for change
The AesGcm class on macOS previously relied on OpenSSL for underlying support. OpenSSL is an external dependency that needed to be installed and configured separately from .NET. AesGcm now uses Apple's CryptoKit to provide an implementation of Advanced Encryption Standard with Galois/Counter Mode (AES-GCM) so that OpenSSL is no longer a dependency for using AesGcm.
The CryptoKit implementation of AES-GCM does not support authentication tag sizes other than 128-bits (16-bytes).
Recommended action
Use 128-bit authentication tags with AesGcm for macOS support.
Affected APIs
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for