[Mono-dev] Key derivation and encryption in cross platform environments

Sebastien Pouliot sebastien.pouliot at gmail.com
Fri Sep 23 13:32:15 EDT 2005

Hello Martin,

On Fri, 2005-23-09 at 18:08 +0100, Martin Hinks wrote:
> Hi all,
> Can someone help me out with these two things please:
> Which .NET Encryption classes does Mono support that will work cross
> platform? eg. I encrypt on Windows using .NET and the Linux class can
> decrypt the same file and visa versa.

This should always works - or it's a bug ;-)

You may have problems with other toolkits (e.g. Java) or (strangely)
even CryptoAPI interop as the endianess of some numbers may be reversed
- *but* that doesn't affect .NET between Mono and MS.

> In the same vein, how can I derive a key from a password that will
> yield the same result on Windows and Linux?

There are no problem as PasswordDeriveBytes implements pkcs#5 v1 *with*
some additions if you ask "too much" bytes (supported by Mono). 

There are known problems *if*

(a)  you're using a PasswordDeriveBytes ctor with a CspParameter (which
calls into a specific CryptoAPI provider). Each provider can derive as
it likes the key... very bad for interop (even on Windows).

> I have tried using DeriveBytes but it seemed to give different results
> on Win/Mono last time I tried...

(b) you hit a bug. Seriously MS has some *bad* bugs depending on how you
call GetBytes... AFAIK this is fixed only in 2.0 (but it's easy to
workaround in 1.x) but if you're using 2.0 you should use
Rfc2898DeriveBytes (pkcs#5 v2).

Don't hesitate to open a bugzilla issue if you find any difference in
crypto (I'll close it if it's a known MS bug).
Sebastien Pouliot
email: sebastien at ximian.com
blog: http://pages.infinit.net/ctech/

More information about the Mono-devel-list mailing list