[Breaking change]: AesGcm on macOS restricts the authentication tag to 128-bits #32346
Description
Description
The implementation of AesGcm on macOS will only support 16-byte (128-bit) authentication tags when using Encrypt or Decrypt in .NET 8.
Version
.NET 8 Preview 1
Previous behavior
AesGcm's Encrypt or Decrypt supported authentication tag sizes ranging from 12 to 16 bytes, provided OpenSSL was available, on macOS.
The TagByteSizes property reported supported sizes ranging from 12 to 16, inclusive.
New behavior
AesGcm's Encrypt or Decrypt supports authentication tag sizes limited to 16 bytes on macOS.
The TagByteSizes property now reports 16 as the supported tag size.
Type of breaking change
- Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
- Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.
Reason for change
The AesGcm class on macOS previously achieved support through OpenSSL, which is an external dependency that needed to be installed and configured separately from .NET. AesGcm now uses Apple's CryptoKit to provide an implementation of AES-GCM so that OpenSSL is no longer a dependency for using AesGcm.
The CryptoKit implementation of AES-GCM does not support authentication tag sizes other than 128-bits, or 16 bytes.
Recommended action
Developers should use AES-GCM with 128-bit authentication tags with AesGcm for macOS support.
Feature area
Cryptography
Affected APIs
- P:System.Security.Cryptography.AesGcm.TagByteSizes
- M:System.Security.Cryptography.AesGcm.Encrypt (all overloads)
- M:System.Security.Cryptography.AesGcm.Decrypt (all overloads)