How to do encrypt and decrypt data using Cryptography API Next Generation (CNG) in C#?

Question

How to do encrypt and decrypt data using Cryptography API Next Generation (CNG) in C#?

Prabs 1

Hi Team,
How to implement encrypt and decrypt mechanism using CNG ( Cryptography API Next Generation) in C#.Net?

below link about CNG:
https://learn.microsoft.com/en-us/windows/win32/seccng/about-cng

Please help me on this.

Regards,
Prabhakaran

0 comments

4 answers

Your answer

Answer 1

Hi @Prabs ,
I made some simplifications and modifications on the previous example, and it can now run correctly.
You can refer to the following code.

        public string Encrypt(string PlainText, String Salt = "Kosher", String InitialVector = "OFRna73m*aze01xY")  
        {  
            if (string.IsNullOrEmpty(PlainText))  
            {  
                return string.Empty;  
            }  
            SHA256Managed sHA256Managed = new SHA256Managed();  
            byte[] key = sHA256Managed.ComputeHash(Encoding.ASCII.GetBytes(Salt));  
            byte[] iv = Encoding.ASCII.GetBytes(InitialVector);  
  
            using (var SymmetricKey = new AesCng()  
            {  
                Key = key,  
                IV = iv,  
                KeySize = 256,  
                BlockSize = 128,  
                Mode = CipherMode.CBC,  
            })  
            {  
                using (var transform = SymmetricKey.CreateEncryptor(key, iv))  
                {  
                    var inputBytes = Encoding.UTF8.GetBytes(PlainText);  
                    var encryptedBytes = transform.TransformFinalBlock(inputBytes, 0, inputBytes.Length);  
                    return Convert.ToBase64String(encryptedBytes);  
                }  
            }  
        }  
  
        public string Decrypt(string CipherText, String Salt = "Kosher", String InitialVector = "OFRna73m*aze01xY")  
        {  
            if (string.IsNullOrEmpty(CipherText))  
            {  
                return string.Empty;  
            }  
            SHA256Managed sHA256Managed = new SHA256Managed();  
            byte[] key = sHA256Managed.ComputeHash(Encoding.ASCII.GetBytes(Salt));  
            byte[] iv = Encoding.ASCII.GetBytes(InitialVector);  
  
            using (var SymmetricKey = new AesCng()  
            {  
                Key = key,  
                IV = iv,  
                KeySize = 256,  
                BlockSize = 128,  
                Mode = CipherMode.CBC,  
            })  
            {  
                using (var transform = SymmetricKey.CreateDecryptor(key, iv))  
                {  
                    var inputBytes = Convert.FromBase64String(CipherText);  
                    var PlainTextBytes = transform.TransformFinalBlock(inputBytes, 0, inputBytes.Length);  
                    return Encoding.UTF8.GetString(PlainTextBytes);  
                }  
            }  
        }

Hope the code above colud be helpful.
Best Regards.
Jiachen Li

----------

If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Prabs 1 Reputation point

2021-11-25T04:37:47.583+00:00

Thanks for your help..it is working now..
I have one more doubt, In below algorithms, Which is the best AES more secure encryption algorithms?

RijndaelManaged
AesCng
AesManaged

Regards,
Prabhakaran
Jiachen Li-MSFT 34,241 Reputation points Microsoft External Staff

2021-11-25T05:50:39.69+00:00

Hi @Prabs ,
According to AesManaged Class, the AES algorithm is essentially the Rijndael symmetric algorithm with a fixed block size and iteration count.
This class functions the same way as the RijndaelManaged class but limits blocks to 128 bits and does not allow feedback modes.

And since derived cryptographic types are obsolete. Please use the Create method on the base type instead.

AesCng should be used if, and only if, opening a CNG persisted AES key. Otherwise Aes.Create() should be used.
Jiachen Li-MSFT 34,241 Reputation points Microsoft External Staff

2021-12-08T08:10:40.143+00:00

Hi @Prabs ,
May I know whether your issue has been solved or not?
If it is solved, please accept the answer so that other users can easily find the solution to similar problems.
Thank you for your cooperation.

Answer 2

Hi @Prabs ,
Here is a test example of AesCng https://github.com/er0dr1guez/corefx/blob/master/src/System.Security.Cryptography.Cng/tests/InvasiveCngTests.cs.
And here is an implementation case of AesCng encryption and decryption which you can refer to.

        private String Encrypt_String_By_AesCng_Engine02(String PlainText,  
                             String Password,  
                              String Salt = "Kosher",  
                             String HashAlgorithm = "SHA1",  
                             int PasswordIterations = 2,  
                             String InitialVector = "OFRna73m*aze01xY",  
                             int KeySize = 256)  
        {  
        if (String.IsNullOrEmpty(PlainText)) return "";  
            byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector);  
            byte[] SaltValueBytes = Encoding.ASCII.GetBytes(Salt);  
            byte[] PlainTextBytes = Encoding.UTF8.GetBytes(PlainText);  
            PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations);  
            SHA256Managed sHA256Managed = new SHA256Managed();  
            byte[] KeyBytes = sHA256Managed.ComputeHash(Encoding.Unicode.GetBytes(Password));  
  
        AesCng SymmetricKey = new AesCng();  
            SymmetricKey.Mode = CipherMode.CBC;  
            byte[] CipherTextBytes;  
            using (ICryptoTransform Encryptor = SymmetricKey.CreateEncryptor(KeyBytes, InitialVectorBytes))  
            {  
                using (MemoryStream MemStream = new MemoryStream())  
                {  
                    using (CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write))  
                    {  
                        CryptoStream.Write(PlainTextBytes, 0, PlainTextBytes.Length);  
                        CryptoStream.FlushFinalBlock();  
                        CipherTextBytes = MemStream.ToArray();  
                        MemStream.Close();  
                        CryptoStream.Close();  
                    }  
                }  
            }  
            SymmetricKey.Clear();  
        return Convert.ToBase64String(CipherTextBytes);  
        }  
  
        private String Decrypt_String_By_AesCng_Engine02(String CipherText,  
                     String Password,  
                      String Salt = "Kosher",  
                     String HashAlgorithm = "SHA1",  
                     int PasswordIterations = 2,  
                     String InitialVector = "OFRna73m*aze01xY",  
                     int KeySize = 256)  
        {  
            if (String.IsNullOrEmpty(CipherText))return "";  
            byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector);  
            byte[] SaltValueBytes = Encoding.ASCII.GetBytes(Salt);  
            byte[] CipherTextBytes = Convert.FromBase64String(CipherText);  
            PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations);  
            SHA256Managed sHA256Managed = new SHA256Managed();  
            byte[] KeyBytes = sHA256Managed.ComputeHash(Encoding.Unicode.GetBytes(Password));  
  
            AesCng SymmetricKey = new AesCng();  
            SymmetricKey.Mode = CipherMode.CBC;  
            byte[] PlainTextBytes = new byte[CipherTextBytes.Length - 1];  
            int ByteCount = 0;  
  
            using (ICryptoTransform Decryptor = SymmetricKey.CreateEncryptor(KeyBytes, InitialVectorBytes))  
            {  
                using (MemoryStream MemStream = new MemoryStream(CipherTextBytes))  
                {  
                    using (CryptoStream CryptoStream = new CryptoStream(MemStream, Decryptor, CryptoStreamMode.Read))  
                    {  
                        ByteCount = CryptoStream.Read(PlainTextBytes, 0, PlainTextBytes.Length);  
                        MemStream.Close();  
                        CryptoStream.Close();  
                    }  
                }  
            }  
            SymmetricKey.Clear();  
            return Encoding.UTF8.GetString(PlainTextBytes, 0, ByteCount);  
        }

Hope the code above colud be helpful.
Best Regards.
Jiachen Li

----------

If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Prabs 1 Reputation point

2021-11-22T08:15:45.183+00:00

Hi,
Thanks for your help.
What is the password parameter value need to pass in these methods?
I need to pass cipher text only but it is mentioned password parameter also.
Can you help me on this?
Jiachen Li-MSFT 34,241 Reputation points Microsoft External Staff

2021-11-22T09:07:28.197+00:00

Hi @Prabs ,
In the example code, it derives a key from the Password, SaltValueBytes, HashAlgorithm, PasswordIterations but finally create KeyBytes from Password only.
You can create your own key and remove unnecessary parts of the example code.
Prabs 1 Reputation point

2021-11-22T09:36:22.817+00:00

I tried as per your suggestion.
But i don't get decrypted message properly.
Please find the snapshots below,

Answer 3

Jiachen Li-MSFT 34,241 Microsoft External Staff

Hi @Prabs ,

How to implement encrypt and decrypt mechanism using CNG ( Cryptography API Next Generation) in C#.Net?

You can refer to the following two documents.
https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.aescng provides a CNG implementation of the Aes algorithm(SymmetricAlgorithm).
https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacng provides a CNG implementation of the RSA algorithm(AsymmetricAlgorithm).
Hope the documents could be helpful.
Best Regards.
Jiachen Li

----------

If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Prabs 1 Reputation point

2021-11-18T11:49:27.863+00:00

Hi,
Thanks for your help.
There is no complete code available for encryption and decryption in that links.

https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.aescng.createencryptor?view=net-6.0
https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.aescng.createdecryptor?view=net-6.0

Please send me the complete C# code for AesCng

Regards,
Prabs

Answer 4

Zhiliang Xu 1 Microsoft Employee

You can refer to https://learn.microsoft.com/en-us/windows/win32/seccng/encrypting-data-with-cng

Prabs 1 Reputation point

2021-11-12T03:26:13.793+00:00

Hi Zhiliaxu,
Can CNG supports C#? As per your link, the code is handled by C++ code.
I want to use CNG in C#.Net application.
Is it possible?

Share via

How to do encrypt and decrypt data using Cryptography API Next Generation (CNG) in C#?

4 answers

Your answer