You can explicit configure your cryptographic algorithms in the following way in .NET 6.
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
...
var builder = WebApplication.CreateBuilder(args);
...
builder.Services.AddDataProtection().UseCryptographicAlgorithms(
new AuthenticatedEncryptorConfiguration
{
EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
ValidationAlgorithm = ValidationAlgorithm.HMACSHA256
});
Configure ASP.NET Core Data Protection
The default EncryptionAlgorithm is AES-256-CBC, and the default
ValidationAlgorithm is HMACSHA256. The default policy can be set by a
system administrator via a machine-wide policy, but an explicit call
to UseCryptographicAlgorithms overrides the default policy.Calling UseCryptographicAlgorithms allows you to specify the desired
algorithm from a predefined built-in list. You don’t need to worry
about the implementation of the algorithm. In the scenario above, the
Data Protection system attempts to use the CNG implementation of AES
if running on Windows. Otherwise, it falls back to the managed
System.Security.Cryptography.Aes class.You can manually specify an implementation via a call to
UseCustomCryptographicAlgorithms.
This solution will resolve the warning as well on the linux machine which on docker based.