SYSLIB0007: Default implementations of cryptography algorithms not supported

The cryptographic configuration system in .NET Framework doesn't allow for proper cryptographic agility and isn't present in .NET Core and .NET 5+. .NET's backward-compatibility requirements also prohibit the framework from updating certain cryptographic APIs to keep up with advances in cryptography. As a result, the following APIs are marked obsolete, starting in .NET 5. Use of these APIs generates warning SYSLIB0007 at compile time and a PlatformNotSupportedException at run time.

• System.Security.Cryptography.AsymmetricAlgorithm.Create()
• System.Security.Cryptography.HashAlgorithm.Create()
• System.Security.Cryptography.HMAC.Create()
• System.Security.Cryptography.KeyedHashAlgorithm.Create()
• System.Security.Cryptography.SymmetricAlgorithm.Create()

Workarounds

• The recommended course of action is to replace calls to the now-obsolete APIs with calls to factory methods for specific algorithms, for example, Aes.Create(). This gives you full control over which algorithms are instantiated.

• If you need to maintain compatibility with existing payloads generated by .NET Framework apps that use the now-obsolete APIs, use the replacements suggested in the following table. The table provides a mapping from .NET Framework default algorithms to their .NET 5+ equivalents.

  .NET Framework	.NET Core / .NET 5+ compatible replacement	Remarks
  AsymmetricAlgorithm.Create()	RSA.Create()
  HashAlgorithm.Create()	SHA1.Create()	The SHA-1 algorithm is considered broken. Consider using a stronger algorithm if possible. Consult your security advisor for further guidance.
  HMAC.Create()	HMACSHA1()	The HMACSHA1 algorithm is discouraged for most modern applications. Consider using a stronger algorithm if possible. Consult your security advisor for further guidance.
  KeyedHashAlgorithm.Create()	HMACSHA1()	The HMACSHA1 algorithm is discouraged for most modern applications. Consider using a stronger algorithm if possible. Consult your security advisor for further guidance.
  SymmetricAlgorithm.Create()	Aes.Create()

Suppress a warning

If you must use the obsolete APIs, you can suppress the warning in code or in your project file.

To suppress only a single violation, add preprocessor directives to your source file to disable and then re-enable the warning.

// Disable the warning.
#pragma warning disable SYSLIB0007

// Code that uses obsolete API.
// ...

// Re-enable the warning.
#pragma warning restore SYSLIB0007

To suppress all the SYSLIB0007 warnings in your project, add a <NoWarn> property to your project file.

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
   ...
   <NoWarn>$(NoWarn);SYSLIB0007</NoWarn>
  </PropertyGroup>
</Project>

For more information, see Suppress warnings.

See also

• Instantiating default implementations of cryptographic abstractions is not supported