This repository contains the migration of legacy PCLCrypto cryptographic implementations to modern .NET 8 cryptography APIs. The migration ensures compatibility while leveraging the improved security and performance features of .NET 8's cryptographic stack.
The migration covers the following cryptographic operations:
- Checksum calculation (SHA-256)
- Key derivation (PBKDF2-SHA1)
- AES encryption (CBC mode with PKCS7 padding)
- AES decryption
- Migrated from
WinRTCrypto.HashAlgorithmProvidertoSystem.Security.Cryptography.SHA256 - Maintains identical hash output
- Improved performance with modern implementations
- Migrated from
NetFxCrypto.DeriveBytestoSystem.Security.Cryptography.Rfc2898DeriveBytes - Maintains compatibility with PBKDF2-SHA1
- Proper resource disposal with
usingstatements
- Migrated from
WinRTCrypto.SymmetricKeyAlgorithmProvidertoSystem.Security.Cryptography.Aes - Maintains CBC mode and PKCS7 padding for compatibility
- Explicit IV handling for better security control
While maintaining compatibility with legacy implementations, consider these security enhancements for production use:
- Use unique random IVs for each encryption operation
- Implement message authentication (HMAC)
- Increase PBKDF2 iteration count (recommend 100,000+)
- Consider upgrading to stronger algorithms where possible:
- PBKDF2-SHA256 instead of PBKDF2-SHA1
- AES-GCM instead of AES-CBC
Replace the old PCLCrypto implementations with their .NET 8 counterparts:
// Old PCLCrypto implementation
var hasher = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Sha256);
byte[] hash = hasher.HashData(inputBytes);
// New .NET 8 implementation
byte[] hash = SHA256.HashData(inputBytes);- .NET 8 SDK
- Original PCLCrypto package (for testing only)
Run the included test programs to verify the migration:
dotnet run --project PCLCryptoSample
Feel free to submit issues and enhancement requests.
This project is licensed under the MIT License - see the LICENSE file for details.