-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Guideline about cryptography with RMS #326
Comments
You may use ToArray safely in both cases but the main idea for RMS usage is to not allocate arrays again and again. The all project is about reusing buffers. If called/returning APIs support only arrays then you may find RMS useless. In the second example I suggest to use byte[] EncryptCbc(readonlyspan) overload so you save one array allocation. |
I appreciate your reply @sungam3r .
Would you mind paste some codes as a demo here? I don't know how to convert foreach(var m in ms.GetReadOnlySequence())
{
byte[] block = aes.EncryptCbc(m.Span, iv, PaddingMode.PKCS7); // Then combine several blocks into a full byte array? Seems not correct.
} (updated) private async Task<byte[]> EncryptCore(IFormFile file, byte[] key, byte[] iv)
{
using var ms = RMS.GetStream(Guid.NewGuid(), "myTag", file.Length);
await file.CopyToAsync(ms);
using var aes = Aes.Create();
aes.Key = key;
var buffer = ms.GetBuffer();
var data = aes.EncryptCbc(buffer.AsSpan(0, (int)ms.Length), iv, PaddingMode.PKCS7);
return data;
} |
Yes - just use span projection over buffer returned from RMS. |
In that way RMS ecosystem does not allocate arrays. But you as the caller of .EncryptCbc still allocate since that API was designed to return array. You may try to find other overload or combination of calls to save another array allocation if clients of EncryptCore method can work with shared buffers as well. |
Got it. It's another issue but still thanks a lot! |
I've read a related issue #131. But about 3 years passed, something changes and it doesn't solve my confusion.
I'm going to use RMS in a list of ASP.NET Core 8 web APIs. Some of them need to encrypt the user-committed content (such as a form-file) with AES (CBC mode for example).
With the help of Issue#131, I write the following codes,
But the README says,
Also, .NET 6+ adds new simplified cryptography APIs such as
AES.EncryptCbc
.The README says
GetReadOnlySequence()
should be used for reading, butEncryptCbc
only acceptsbyte[]
andReadOnlySpan<byte>
. I'm not sure whether it's possible to use RMS here.Overall, I hope you can give the guideline. Thanks in advance!
The text was updated successfully, but these errors were encountered: