[Breaking change]: CryptographicException thrown by CreateEncryptor and CreateDecryptor

[bartonjs]

Description

The CreateEncryptor and CreateDecryptor methods for AesCng and TripleDesCng now throw a CryptographicException when the object instance is being used with a CNG persisted (named) key for Cipher Feedback (CFB) mode with a feedback size other than 8 (CFB8).

Version

.NET 6 Preview 7

Previous behavior

Previously, these classes would allow CFB128 (AesCng) or CFB64 (TripleDesCng) to be selected, but if the key was a persisted key then the computation was always done as if CFB8 was selected.

New behavior

Now an exception is thrown when selecting CFB128 or CFB64 modes with these classes, when backed by a persisted key.

Type of breaking change

• Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
• Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.

Reason for change

To indicate that the requested work was not correctly being performed.

Recommended action

If you encounter this exception, consider switching from CFB128/CFB64 to CFB8, as that will produce results compatible with the behavior in previous releases.

Feature area

Cryptography

Affected APIs

• System.Security.Cryptography.AesCng.CreateEncryptor() (only the zero-argument overload)
• System.Security.Cryptography.AesCng.CreateDecryptor() (only the zero-argument overload)
• System.Security.Cryptography.TripleDesCng.CreateEncryptor() (only the zero-argument overload)
• System.Security.Cryptography.TripleDesCng.CreateDecryptor() (only the zero-argument overload)