Cryptography in .NET

This article has been excerpted from book "The Complete Visual C# Programmer's Guide" from the Authors of C# Corner.

Cryptography, an area of discrete mathematics, gives you additional means of protecting your data from security threats. Cryptographic techniques provide the following security measures:

  • Confidentiality-information remains hidden from anyone for whom it is not intended. To prevent "eavesdropping," data is encrypted before it is transmitted over an insecure channel.
  • Integrity-data has not been altered during transmission.
  • Nonrepudiation-the sender of a message cannot deny sending the message.
  • Antireplay prevention-a message is not a replay of some part of a previous communication session.
  • Authentication-an entity proves its identity to other entities. Authentication prevents an entity from successfully disguising itself.

Cryptography implements these security measures through the use of mathematical techniques that encrypt and decrypt data. The process consists of two parts: the creation of codes to secure communications and data, and the deciphering of those codes. 

Cryptographic algorithms associate your original data, called plaintext or cleartext, with a key to generate encrypted data, called ciphertext. The algorithms also associate ciphertext with a decryption key to convert the data to its original form again. The encryption and decryption keys can be the same key or two different keys, depending on the cryptography algorithms. 

Let's start with a simple example to illustrate the concept. The following algorithm encrypts data with key k1 to create CipheredDATA. 

CipheredDATA = Encryptk1(DATA) 

To get the original DATA, you decrypt the CipheredDATA with key k1. 

DATA = Decryptk1(CipheredDATA) 

It is difficult but not impossible for hackers to understand the original DATA without key k1. The hackers must find what k1 is to start the decryption. This simple example illustrates symmetric (secret-key) cryptography, in which a single key is used to encrypt and decrypt data. In asymmetric (or public-key) cryptography, a public key encrypts the data, and the recipient uses his or her private key to decrypt the data. 

Real cryptography algorithms are much more complex than the one in the example because the mathematicians who develop algorithms have considered almost all of the known approaches to deducing those algorithms. If you want an even greater degree of sophistication, you can use steganography to hide one set of data within another in a way that allows it to be extracted later. Steganography is best used with cryptography, although cryptography need not be used with steganography unless you want to conceal the fact that you are hiding data through encryption. 

The .NET Framework provides a set of cryptographic classes that offer encryption, digital signatures, hashing, and random-number generation, which implement well-known algorithms such as RSA, DSA, Rijndael/AES, Triple DES, DES, and RC2, as well as the MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hash algorithms. Let's briefly look at some of these cryptography algorithms:

  • RSA (Rivest-Shamir-Adleman), a public-key cryptosystem for encryption and authentication, was invented in 1977 by the founders of RSA Data Security, Inc. RSA accepts a variable key length.
  • Digital Signature Algorithm (DSA) is used to generate and verify signatures.
  • Data Encryption Standard (DES) is an encryption block cipher defined and endorsed by the National Institute of Standards and Technology (NIST) in 1977 as a U.S. government standard. It has become the best-known and most widely used symmetric cryptosystem in the world. DES uses a 64-bit block size and a 56-bit key.
  • Triple DES (3DES) consists of running DES three times using three distinct keys.
  • RC2 and the more recent RC4 and RC5 are developed by RSA Data Security for use in place of DES.
  • MD2 and the more recent MD4 and MD5, developed by one of the founders of RSA Data Security, are useful for digital signature applications in which a large message must be compressed in a secure manner before being signed with a private key.
  • The secure hash algorithms SHA and SHA-1 were developed by NIST and published as federal information-processing standards.

The .NET Framework also supports the XML Digital Signature specification, under development by the Internet Engineering Task Force and the World Wide Web Consortium. The framework provided cryptographic classes support .NET's internal services, too. The classes are available as managed code to developers who require cryptographic support. 

For more information about implementing cryptography algorithms, we recommend Bruce Schneier's Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edition (John Wiley & Sons, 1996). Though the examples are coded in ANSI C, this is one of the best cryptography books available. 

Conclusion

Hope this article would have helped you in understanding Cryptography in .NET. See other articles on the website on .NET and C#.

visual C-sharp.jpg
The Complete Visual C# Programmer's Guide covers most of the major components that make up C# and the .net environment. The book is geared toward the intermediate programmer, but contains enough material to satisfy the advanced developer.


Similar Articles