Description
Starting in .NET 11 Preview 3, the Encrypt and Decrypt methods on RSACryptoServiceProvider that accept a bool fOAEP parameter have been marked as obsolete. These methods were used to perform RSA encryption and decryption with an option to specify whether to use Optimal Asymmetric Encryption Padding (OAEP), but did not allow for specifying the hash algorithm used with OAEP.
Version
.NET 11 Preview 3
Previous behavior
The Encrypt and Decrypt methods on RSACryptoServiceProvider could be used without a compilation warning.
New behavior
The Encrypt and Decrypt methods with the fOAEP parameter are now marked as obsolete. Using these methods will generate a compiler warning, SYSLIB0064.
Type of breaking change
Reason for change
While the Encrypt and Decrypt methods allowed for using OAEP or PKCS#1, in the case of OAEP it always used the SHA-1 digest algorithm as part of the padding scheme. Developers are encouraged to use the methods that accept an explicit RSAEncryptionPadding. This makes the hash algorithm that is used apparent instead of implicit, and allows greater flexibility of the hash algorithm used. This also helps prevent the accidental use of OAEP-SHA-1 when a more suitable digest algorithm could be used.
Recommended action
To migrate existing logic to non-obsolete APIs:
Decrypt(data, fOAEP: true) => Decrypt(data, RSAEncryptionPadding.OaepSHA1)Decrypt(data, fOAEP: false) => Decrypt(data, RSAEncryptionPadding.Pkcs1)Encrypt(data, fOAEP: true) => Encrypt(data, RSAEncryptionPadding.OaepSHA1)Encrypt(data, fOAEP: false) => Encrypt(data, RSAEncryptionPadding.Pkcs1)
Feature area
Cryptography
Affected APIs
M:System.Security.Cryptography.RSACryptoServiceProvider.Encrypt(System.Byte[],System.Boolean)M:System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(System.Byte[],System.Boolean)
Associated WorkItem - 560059
Description
Starting in .NET 11 Preview 3, the
EncryptandDecryptmethods onRSACryptoServiceProviderthat accept abool fOAEPparameter have been marked as obsolete. These methods were used to perform RSA encryption and decryption with an option to specify whether to use Optimal Asymmetric Encryption Padding (OAEP), but did not allow for specifying the hash algorithm used with OAEP.Version
.NET 11 Preview 3
Previous behavior
The
EncryptandDecryptmethods onRSACryptoServiceProvidercould be used without a compilation warning.New behavior
The
EncryptandDecryptmethods with thefOAEPparameter are now marked as obsolete. Using these methods will generate a compiler warning,SYSLIB0064.Type of breaking change
Reason for change
While the
EncryptandDecryptmethods allowed for using OAEP or PKCS#1, in the case of OAEP it always used the SHA-1 digest algorithm as part of the padding scheme. Developers are encouraged to use the methods that accept an explicitRSAEncryptionPadding. This makes the hash algorithm that is used apparent instead of implicit, and allows greater flexibility of the hash algorithm used. This also helps prevent the accidental use of OAEP-SHA-1 when a more suitable digest algorithm could be used.Recommended action
To migrate existing logic to non-obsolete APIs:
Decrypt(data, fOAEP: true)=>Decrypt(data, RSAEncryptionPadding.OaepSHA1)Decrypt(data, fOAEP: false)=>Decrypt(data, RSAEncryptionPadding.Pkcs1)Encrypt(data, fOAEP: true)=>Encrypt(data, RSAEncryptionPadding.OaepSHA1)Encrypt(data, fOAEP: false)=>Encrypt(data, RSAEncryptionPadding.Pkcs1)Feature area
Cryptography
Affected APIs
M:System.Security.Cryptography.RSACryptoServiceProvider.Encrypt(System.Byte[],System.Boolean)M:System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(System.Byte[],System.Boolean)Associated WorkItem - 560059