Introduction
I always looked for a simple definition of the concepts of cryptography until I heard someone saying: "Cryptography is the art of keeping everything public except the keys". And it's incredibly succinct.
Generally, if person "A" wants to send secret data to person "B", it will be done through the network. None of A or B has control of the network or the internet. So they can't forbid a person "C" to see what they are exchanging on the net. So they should do it in a way that Person C (generally called men in the middle) doesn't understand anything while reading the content. Here comes cryptography.
It can be done in several ways.
In this article, we will focus on a simple model which is symmetric encryption.
Prerequisite
- Visual Studio 2022
- .Net Core 6.0
General principle of Symmetric Encryption
Before going to the code, let's understand the mechanism of symmetric encryption. Let's suppose that I want to send a letter to a friend and I don't want anyone to understand it except him.
So I agreed with my friend that for every word, I will replace the word's letter with the next letter in the alphabet (which is a silly method of encryption).
For example, instead of saying Hello it s Aymen, I'll write IFMMP JU T BZNFO (H+1=I, E+1=F, L+1=M,L+1=M, O+1=P etc ..).
Then when he will receive the message, he will do the reverse operation which means that he will take IFMMP and remove one position in the alphabet (I-1=H,F-1=E,M-1=L,M-1=L,P-1=O).
In this sample, the operation of replacing the letters is called the Method of Encryption.
The number of times that we increment the position to find the new letter (1) is called the Key.
So we can write the above sample ReplacingMethod("Hello it s Aymen",1) = IFMMP JU T BZNFO
And also we can perform the reverse operation to find the clear text ReplacingBackMethod("IFMMP JU T BZNFO",1) = Hello it s Aymen.
The operation ReplacingMethod, in reality, is the Encrypt operation and the operation ReplacingBackMethod is the decrypt.
So to summarize, for symmetric encryption we need mainly: An encryption method (to encrypt and decrypt), a key, and the data.
But in real life it's not about switching letters in the alphabet according to their position, it would be very simple to guess.
The encryption mechanism is in fact complex operations that aim to substitute a byte with another byte according to the key.
As you can notice, the same key is needed on both sides (the sender and the receiver), this is why it's called symmetric encryption.
We can consider AES: Advanced Encryption Standard as the most famous encryption method. others also are well known like DES and 3DES but they are deprecated in use.
Sample source code
There is a detail that I didn't mention during the previous sections which is that in AES, in addition to the key, it asks for another parameter which is the Initial Vector.
The initial vector is a byte array that is used during the encryption process and it should be shared between the sender and the receiver. It's there to ensure more derivation in the encrypted data and then the data will be harder to guess. So in best practices, it should be unique by operation.
There are also several modes in AES and the difference between them is the way of dealing with the blocks of the byte. In our sample, we will call the CBC mode
// See https://aka.ms/new-console-template for more information
using System.Security.Cryptography;
using System.Text;
Aes aesObject = Aes.Create();
//Create a 32 byte array if we want to perform an AES-256
aesObject.Key = new byte[32] { 0x9f,0xbd, 0xe6, 0x4f, 0xad, 0xe1, 0xf3, 0x9d, 0x5e, 0x53, 0x7f, 0xbb, 0x92, 0x96, 0x85, 0x10, 0x9f, 0xbd, 0xe6, 0x4f, 0xad, 0xe1, 0xf3, 0x9d, 0x5e, 0x53, 0x7f, 0xbb, 0x92, 0x96, 0x85, 0x10 };
//Create the initial Vector
aesObject.IV = new byte[] { 0xd7, 0xc9, 0xc5, 0xaf, 0x7f, 0xd1, 0xe8, 0x9e, 0x83, 0xbe, 0x8c, 0xa9, 0xac, 0x7e, 0xd0, 0x00 };
//Perform the encrypt operation that will use the Key and the IV in the instanciated aesObject
//There is several modes in Aes, here we are performing the Cbc
var encryptedData = aesObject.EncryptCbc( Encoding.Default.GetBytes("Hello it s Aymen"), aesObject.IV);
//Show the encrypted data in the screen, normally it should be junk data
Console.WriteLine("The encrypted data is :\n");
Console.WriteLine(Encoding.Default.GetString(encryptedData));
//Decrypt the data to get again the first string
var decryptedData = aesObject.DecryptCbc( encryptedData, aesObject.IV);
//show the clear text in the screen normally it should be the initial string
Console.WriteLine("The clear data is :\n");
Console.WriteLine(Encoding.Default.GetString(decryptedData));
Output
Conclusion
Here we saw a basic sample of symmetric encryption. In real life, it's not just about calling the method. There are a lot of other challenges to getting a secure data exchange.
The most important challenges in the practical cases are how to protect the keys themselves and how to have a strong key entropy.