learnerX
Reputation: 1082
How to explicitly delete an AES key generated in .NET using AESManaged?
I am experimenting with generating and deleting AES keys in .NET. This is just a self learning exercise and not going to be deployed anywhere. The following code generates an AES key using AESManaged
using System;
using System.Security.Cryptography;
using System.Text;
namespace genkeys
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("generating keys with .NET");
AesManaged aes = new AesManaged();
aes.GenerateKey();
aes.GenerateIV();
ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
Console.ReadLine();
// how to delete the generated key here?
}
}
}
Theoretically, I understand that proper key hygiene dictates that we remove the keys immediately from RAM after we are done. In C++, the explicit call to CryptDestroyKey (https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdestroykey) allows us to wipe the keys. Is there an equivalent call in .NET. In other words, how do I delete the generated key in the code above? (I tried cngkey.Delete() but it did not work in this context).
Upvotes: 4
Views: 349
Answers (1)
Related Questions
- How to erase encryption keys from memory in C#?
- "Padding is invalid and cannot be removed" using AesManaged
- How to use 'System.Security.Cryptography.AesManaged' to encrypt a byte[]?
- AES decrypt fails with "Padding is invalid and cannot be removed"
- AES Key Management advice
- Cryptography setup and secret management for AesManaged
- Using AES encryption in .NET - CryptographicException saying the padding is invalid and cannot be removed
- Unable to decrypt file encrypted using AesManaged
- C# using already created AES key
- AESManaged Encryption/Decryption - Padding is invalid and cannot be removed