Is it possible to encrypt data with AES (256 bit) GCM mode in .net framework 4.7?

Question

The MSDN link provides references to concrete AES classes:

• System.Security.Cryptography.AesCng
• System.Security.Cryptography.AesCryptoServiceProvider
• System.Security.Cryptography.AesManaged

However AesCryptoServiceProvider is for older machines and AesManaged is not certified for FIPS. So the only option is AesCng. The AesCng has a property called Mode, which will only take: CBC, ECB, OFB, CFB, CTS but no GCM.

1. Is AES GCM supported on this framework?
2. If yes, is there an example?
3. If no, then what are my options?

Answer 1

This answer reflects the comments from Luke Park, bartonjs, Timo, aand Maarten Bodewes above.

One option is to use the Bouncycastle C# library, which has its own self-contained implementation of AES as well as the GCM mode. Look at the source code for the classes GCMBlockCipher, AesEngine, and AEADParameters.

Another option is to use P/Invoke to manually call BCryptEncrypt.

Finally, note that .NET Core will have support starting in 3.0. The source is already available in github.