Introduction
The classes in the
.Net Framework cryptography namespace manage many details of cryptography for
you. Some are wrappers for the unmanaged Microsoft CryptoAPI, while others are
purely managed implementations. Cryptography protects data from being viewed or
modified and provides secure channels of communication over otherwise insecure
channels. For example, data can be encrypted using a cryptographic algorithm,
transmitted in an encrypted state, and later decrypted by the intended party. If
a third party intercepts the encrypted data, it will be difficult to decipher
the data. We use a combination of algorithms and practices known as
cryptographic primitives to create a cryptographic scheme. Those primitives are:
private-key encryption, public-key encryption, cryptographic signing and
cryptographic hashes.
Private-key encryption (symmetric
cryptography)
In this article and
code example I've used private-key encryption to encrypt files. Private-key
encryption algorithms use a single private key to encrypt and decrypt data so it
also referred to as symmetric encryption because the same key is used for
encryption and decryption. Thus, we need a key and an initialization vector (IV)
to encrypt and decrypt data. Without an IV the same input block of plaintext
will encrypt to same output block of ciphertext, but with IV the output of two
identical plaintext blocks are different and it is hard for unauthorized user to
recover the key. The disadvantage of private-key encryption is that it presumes
two parties have agreed on a key and IV and communicated their values. Also, the
key must be kept secret from unauthorized users. Because of these problems,
private-key encryption is often used in conjunction with public-key encryption
to privately communicate the values of the key and IV.
The .NET Framework
provides the following classes that implement private-key encryption algorithms:
-
DESCryptoServiceProvider (DES algorithm)
-
RC2CryptoServiceProvider
(RC2 algorithm)
-
RijndaelManaged (Rijndael
algorithm)
-
TrippleDESCryptoServiceProvider (TrippleDES algorithm)
Code explanation
In this simple example
I use a Rijndael algorithm to encrypt files. First, to encrypt file, we have to
make a key and IV (16 bytes each). Below is shown how to compose a key and an IV
(key and IV have the same value) from password entered by user
(Form1.EncryptFile() function):
If password.Length
> 8 Then
password =
password.Substring(0, 8)
Else
If password.Length
< 8 Then
Dim add As Integer =
8 - password.Length
Dim i As Integer
For i
= 0 To add
- 1
password = password + i
Next i
End If
End If
Dim UE As New UnicodeEncoding
Dim key As Byte()
= UE.GetBytes(password)
A key and an IV have
to be byte[] type. Because the key and IV have to be exactly 16 bytes long by
default, we have to add some characters if the password is less then 8
characters (1 character = 2 bytes) or we have to truncate password string if
it'is have more then 8 characters.
Next, we have to
create a FileStream instance for crypted data (cryptFile is file where crypted
data should be written):
Dim fsCrypt As New FileStream(cryptFile,
FileMode.Create)
Next, we create a instance of
RijndaelManaged class and an instance of special stream class called a
CryptoStream that encrypts data read into the stream. The CryptoStream class is
initialized with managed stream class (FileStream), a class that implements the
ICryptoTransform interface (created from a class that implements a cryptographic
algorithm - RijndaelManaged) and a CryptoStreamMode enumeration that describes
the type of access permitted to theCryptoStream:
Dim RMCrypto As New RijndaelManaged
Dim cs As New CryptoStream(fsCrypt,
RMCrypto.CreateEncryptor(key, key), CryptoStreamMode.Write)
After the previous code is
executed, any data written to the CryptoStream object
is encrypted using the Rijndael algorithm:
Dim fsIn As New FileStream(textBox1.Text,
FileMode.Open)
Dim data As Integer
While(data <<=
fsIn.ReadByte()) <> - 1 'ToDo:
Unsupported feature: assignment within expression. "=" changed to "<="
cs.WriteByte(CByte(data))
End While
Decryption is very similar to
encryption.