Information on DES/AES Privacy Providers#

By Lex Li

This page shows you information regarding DES/AES privacy providers.

Background#

SNMP v3 standard defines DES/AES algorithms to be used in user security model. #SNMP Library 10.0 and above supports DES and AES 128/192/256.

However, some platforms do not have native DES/AES algorithms support, where BouncyCastle can be used.

Built-in Providers on .NET Core#

Microsoft does have some DES/AES support in .NET Core. However,

  • DES is not part of .NET Standard 1.3.

  • SNMP AES relies on CFB mode, which is not supported by certain .NET Core releases.

Therefore, the built-in DES/AES privacy providers (derived from AESPrivacyProviderBase) do not work well on certain .NET Core releases.

You can check DESPrivacyProvider.IsSupported to see if DES is natively supported on a platform.

You can check AESPrivacyProviderBase.IsSupported to see if AES is natively supported on a platform.

Important

DES is natively supported on .NET Core 3.1 and above, but you need to upgrade to at least #SNMP Library 12.4.0 release.

Important

AES is natively supported on .NET 5 and above, but you need to upgrade to at least #SNMP Library 12.4.0 release.

Providers on Bouncy Castle#

Bouncy Castle is an open source library that implements many algorithms, including DES and AES(CFB).

The sample projects show how to use Samples.BouncyCastle (12.1 and above) or SharpSnmpLib.BouncyCastle (10.0-12.0) to enable DES/AES privacy providers based on Bouncy Castle. They can be used on platforms such as .NET Core.

Note

Compared to built-in providers, these are slower due to Bouncy Castle implementation. So such should only be used when necessary.

Note

AES privacy providers are available in 10.0.9 release.

Note

DES privacy provider is available for 10.0.10 release.

Note

Starting from 11.0.0 release, such extra providers are shipped in source code only, and as part of the samples repository.

The following code shows how to test native AES support, and choose the right provider.

IPrivacyProvider aes;
if (AESPrivacyProviderBase.IsSupported)
{
    aes = new AESPrivacyProvider(...
}
else
{
    aes = new BouncyCastleAESPrivacyProvider(...
}

Similar code snippet can be used for DES,

IPrivacyProvider des;
if (DESPrivacyProvider.IsSupported)
{
    des = new DESPrivacyProvider(...
}
else
{
    des = new BouncyCastleDESPrivacyProvider(...
}