New cryptography in .NET Core 3.0

Bertrand Bonnefoy-Claudet
August 1, 2019

What's the difference between cryptography in .NET Framework and .NET Core?

A large part of the .NET APIs are common to both .NET Core and .NET Framework.  Microsoft even released the .NET Standard, a subset of .NET APIs provided by all .NET implementations, to simplify things for cross-implementation developers.  However, there are still significant differences between Core and Framework, and cryptography is one of them.

While the cryptography provided by .NET Core 2.0 is close to that of the latest .NET Framework, .NET Core 3.0, to be released in September 2019, will provide two major improvements: authenticated encryption and interoperable key formats. Below we'll look at why these are important and what support Microsoft will give us.

Authenticated Encryption

Authenticating a ciphertext before decrypting it is now seen as fundamental for security.  It could traditionally be achieved with the Encrypt-then-MAC scheme (for example, with AES-CBC and HMAC-SHA256).  Unfortunately, it is also easy to get wrong.

Authenticated modes of encryption like CCM and GCM aim to fix that by encrypting and authenticating data in one step.  For instance, a developer can't forget to authenticate the ciphertext since the Decrypt method will only return the plaintext if authentication succeeded.

CCM and GCM modes for AES will both be supported in .NET Core 3.0 thanks to the AesCcm and AesGcm classes.

Interoperable Key Formats

You can import and export keys in all versions of .NET, but .NET Core 3.0 will make it easier to interoperate with other systems, including OpenSSL, by supporting standardized formats.

PKCS#1 for RSA Keys

PKCS#1 is the most common format for RSA keys.  It is an ASN.1 DER structure notably used in TLS certificates, PKCS#8 and .pem files (in which case it is also Base64-encoded).

PKCS#8 for Asymmetric Keys

PKCS#8 is used to store and protect asymmetric keys for various algorithms including RSA and elliptic curve. Private keys can be encrypted.

PKCS#12 for Keystores

PKCS#12 can bundle several keys or certificates in a single structure that can be encrypted and signed.  It replaces Microsoft's PFX format.  In Java, PKCS#12 recently replaced JKS as the default key store format. There is also support in OpenSSL.

Finally, note that all these standards are rather old and contain both good and bad cryptography. They need to be used with care - more on that in another post.


These additions to .NET Core 3.0 make important updates to cryptography: authenticated modes are needed for best practice encryption, and interoperable key formats are much more useful for modern hybrid environments. Both are good reasons to upgrade from Core 2.1, or to make the move from .NET Framework.

You can find out more in Microsoft's blog post announcing .NET Core 3.0 Preview 1.

Annex: New classes and methods in .NET Core 3.0

Interesting classes and methods added in .NET Core 3.0:

  • AesCcm
  • AesGcm
  • RSA.ExportRSAPublicKey
  • RSA.ExportRSAPrivateKey
  • RSA.ImportRSAPrivateKey
  • AsymmetricAlgorithm.ExportPkcs8PrivateKey
  • AsymmetricAlgorithm.ImportPkcs8PrivateKey
  • AsymmetricAlgorithm.ExportEncryptedPkcs8PrivateKey
  • AsymmetricAlgorithm.ExportEncryptedPkcs8PrivateKey
  • AsymmetricAlgorithm.ExportPkcs8PrivateKey
  • Pkcs12Builder
  • Pkcs12Info

A complete list is available in dotnet/core on GitHub.