Runtime: .NET5 Browser Cryptography Support
A list of types which would be useful to get working with browser-wasm before we land #40074
- IncrementalHash
MD5- SHA1
- SHA256
- SHA384
- SHA512
marek-safar
All 30 comments
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq
See info in area-owners.md if you want to be subscribed.
![msftbot[bot] picture](https://avatars2.githubusercontent.com/in/26612?v=4&s=40)
msftbot[bot]
on 29 Jul 2020
IncrementalHash
This might be interesting, since the webcrypto hashing functions are one shot, that is they do not support incremental hashing.
I suppose IncrementalHash could be supported by allowing one call to AppendData, and throw PNSE if multiple calls are made, to at least support using IncrementalHash non-incrementally..
If this "works" before webcrypto is used, it will not be able to move to webcrypto without accepting that limitation.
vcsjones
on 29 Jul 2020
I suppose IncrementalHash could be supported by allowing one call to AppendData, and throw PNSE if multiple calls are made, to at least support using IncrementalHash non-incrementally..
Alternatively we could buffer the data and only call into the browser when the hash value is retrieved.
akoeplinger
on 29 Jul 2020
I'm not sure that IncrementalHash actually helps us as is, the problem is still that all the browser apis return a Promise and there is (by design) no way to synchronously wait on that Promise.
lewing
on 29 Jul 2020
I'm not sure that IncrementalHash actually helps us as is
It's not about helping but supporting that API in browser. This API looks to be used by for example Roslyn.
marek-safar
on 29 Jul 2020
@marek-safar Should this still be in the 5.0.0 milestone or can this move to 6.0.0 since #40074 is in 6.0.0?
jeffhandley
on 26 Aug 2020
move to 6.0.0
Does that mean that Cryptography in blazor wasm will not be fixed until November 2021 (if one can trust https://github.com/dotnet/runtime/milestone/69)?
That would be a showstopper for some people. I can perhaps hook up browser Cryptography in my own code manually, but no way I can convince Roslyn not to require Cryptography.SHA256. I still use 5.0.0-preview.6.20312.15 for prototyping because cryptography used to work there.
sergey-su
on 26 Aug 2020
@jeffhandley this is 5.0 task please keep it that way
marek-safar
on 26 Aug 2020
Hi guys great work so far on Blazor. Unfortunately I really need this implemented as I need to be able to dynamically compile using Roslyn. The error I'm getting is error CS8113: Invalid hash algorithm name: SHA256. This did not occur in 3.2.0.
Like the user above me said, I also have errors with zip libraries with encryption, e.g. dotnetzip, sharpziplib. These I guess I can live with but the roslyn error is a blocker for me.
Thanks
andersson09
on 26 Aug 2020
I'm stuck with a webpage in production which I'm not able to upgrade due to this bug. I would be really appreciated if it would be fixed for 5.0, or at least some 5.x release in the near future.
Thanks for your work!
secana
on 26 Aug 2020
/cc @GrabYourPitchforks
marek-safar
on 26 Aug 2020
What is the official recommendation regarding blazor-wasm projects that rely on assemblies / packages affected by this issue, just stick to .NET Core 3.1 until this is (hopefully) addressed in .NET 6?
volaru77
on 26 Aug 2020
I believe this is still scheduled for 5.0. As mentioned in the PR - still trying to work through some compliance work on our side. Should have more to share publicly in the next week or two.
GrabYourPitchforks
on 26 Aug 2020
I think this is related. Upgraded Microsoft.CodeAnalysis.CSharp to 3.7.0 and now blazor wasm fails to load:
Failed to find a valid digest in the 'integrity' attribute for resource 'https://localhost:5051/_framework/Microsoft.CodeAnalysis.dll' with computed SHA-256 integrity 'ag/ufmivbbVB76I8dSst/a+kH1PflRSKGbMY90kh9pc='. The resource has been blocked.
andersson09
on 29 Aug 2020
The PR to bring back SHA* algorithms landed in master and a backport for the .NET 5 RC2 release is in progress here: https://github.com/dotnet/runtime/pull/41761
akoeplinger
on 2 Sep 2020
@akoeplinger Will this also fix the platform not supported issue with Aes encryption used by the zip libraries?
andersson09
on 3 Sep 2020
@akoeplinger please backport also to release/5.0
marek-safar
on 3 Sep 2020
@marek-safar release/5.0-rc2 will be merged back into release/5.0 so this shouldn't be necessary (unless you want to have it for RC1 which as I understand is pretty much done).
akoeplinger
on 3 Sep 2020
I don't want to have this in RC1 but would like to have it in release/5.0 as soon as possible to increase the testing time
marek-safar
on 3 Sep 2020
Will MD5 be included, too? Unfortunately it is heavily used in the industry branch I'm working in and as such needed.
secana
on 3 Sep 2020
@secana no unfortunately MD5 isn't and won't be included. You'd need to compile your own version of the MD5 algorithm into your app.
akoeplinger
on 3 Sep 2020
@akoeplinger thx for the fast reply. I guess that will work, too.
secana
on 3 Sep 2020
Is SHA256 will be included ? im stuck since preview 6 with this exception (im currently in RC1)
````
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation.↵ ---> System.PlatformNotSupportedException: System.Security.Cryptography.Algorithms is not supported on this platform.↵ at System.Security.Cryptography.SHA256..ctor()↵ at System.Security.Cryptography.SHA256Managed..ctor()↵
````
guys please tell me is not reported to .NET 6...
julienGrd
on 15 Sep 2020
@julienGrd yes, it's supported but you wait for RC2
marek-safar
on 15 Sep 2020
@marek-safar Any idea if the zip libraries will be supported? Currently unzipping a password protected zip gives the following exception. Looks like Rfc2898DeriveBytes is the issue:
Unhandled exception rendering component: System.Security.Cryptography is not supported on Browser.
System.PlatformNotSupportedException: System.Security.Cryptography is not supported on Browser.
at System.Security.Cryptography.DeriveBytes..ctor()
at System.Security.Cryptography.Rfc2898DeriveBytes..ctor(String password, Byte[] salt, Int32 iterations)
at Ionic.Zip.WinZipAesCrypto._GenerateCryptoBytes()
at Ionic.Zip.WinZipAesCrypto.get_GeneratedPV()
at Ionic.Zip.WinZipAesCrypto.ReadFromStream(String password, Int32 KeyStrengthInBits, Stream s)
at Ionic.Zip.ZipEntry.SetupCryptoForExtract(String password)
at Ionic.Zip.ZipEntry.EnsurePassword(String password)
at Ionic.Zip.ZipEntry.InternalExtractToStream(Stream outStream, String password, ZipContainer zipContainer, ZipEntrySource zipEntrySource, String fileName)
at Ionic.Zip.ZipEntry.Extract(Stream stream)
andersson09
on 15 Sep 2020
@andersson09 Rfc2898DeriveBytes won't be supported on the browser in .NET 5
marek-safar
on 15 Sep 2020
@marek-safar Thanks. Is there a plan for a fix for this? Does this mean it will be released end of 2021 for .net6 release or earlier within a .net 6 preview?
andersson09
on 15 Sep 2020
@andersson09 it won't be fixed in net5.0 we are hoping to have a solution for net6.0
lewing
on 15 Sep 2020
Will there be any browser encryption support in .NET 5 at all (AES, RSA, etc)? Or at least a commitment to address crypto related regressions from .NET Core 3.1 to .NET 5 in .NET 6? Right now it's very difficult to decide what to do with browser projects that cannot be transitioned from .NET Core 3.1 to .NET 5 because of this situation; if they are a dead end that should be abandoned, or it is just a temporary setback.
volaru77
on 15 Sep 2020
@volaru77 no encryption support in .NET 5. For future version please follow up on #40074
marek-safar
on 15 Sep 2020
Related issues
jzabroski
·
3Comments
Timovzl
·
3Comments
EgorBo
·
3Comments
chunseoklee
·
3Comments
iCodeWebApps
·
3Comments
Most helpful comment
@jeffhandley this is 5.0 task please keep it that way