The Differences Between Rijndael and AES

When you need to write managed code that encrypts or decrypts data according to the AES standard, most people just plug the RijndaelManaged class in and go on their way.  After all, Rijndael was the winner of the NIST competition to select the algorithm that would become AES.  However, there are some differences between Rijndael and the official FIPS-197 specification for AES.

Namely, Rijndael allows for both key and block sizes to be chosen independently from the set of { 128, 160, 192, 224,  256 } bits.  (And the key size does not in fact have to match the block size).  However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key size may be either 128, 192, or 256 bits.  Therefore AES-128, AES-192, and AES-256 are actually:

Key Size (bits) Block Size (bits)
AES-128 128 128
AES-192 192 128
AES-256 256 128

Since RijndaelManaged is an implementation of Rijndael, it will allow you to select different block sizes (although both block and key sizes must be either 128, 192, or 256 bits.  160 and 224 bit are not supported).  By selecting a block size which is not 128 bits however, RijndaelManaged will not be able to interoperate with an AES implementation ... since the block sizes will not match on either end of the communication.

One other interesting quirk of the RijndaelManaged implementation is that it will adjust block size to match the feedback size in CFB mode.  This means that if you use CFB and a block size of 128 bits, but a feedback size which is not 128 bits you again will not be compatible with AES.  Generally this does not affect many people, since the most common cipher mode to use is CBC.

Essentially, if you want to use RijndaelManaged as AES you need to make sure that:

  1. The block size is set to 128 bits
  2. You are not using CFB mode, or if you are the feedback size is also 128 bits