Secure .NET Apps With Cryptography
Use the .NET Framework's System.Security.Cryptography namespace to protect your sensitive application settings and communications.
by Travis Vandersypen
March 2003 Issue
Technology Toolbox: VB.NET, C#, ASP.NET, XML
Businesses' concerns about computer-system security are increasing in today's interconnected world. Management wants to ensure that employees can perform only the tasks for which they have rights, and to prevent third parties from reading and modifying sensitive information. Cryptography—the science of encryption—offers a solution. Microsoft created a simple set of classes within the .NET Framework to handle all the cryptographic services you need to have within an application. The System.Security.Cryptography namespace provides classes built around two main branches of encryption algorithms: SymmetricAlgorithm and AsymmetricAlgorithm. (The same namespace also provides a set of hashing algorithms stemming from HashAlgorithm; these are beyond this article's scope.) I'll explain the difference between symmetric and asymmetric algorithms and show you how to encrypt and decrypt data with either one in your applications (download the sample code here).
The classes that stem from SymmetricAlgorithm are private-key encryption algorithms; the ones that stem from AsymmetricAlgorithm are public-key encryption routines (see the sidebar, "All Encryption Algorithms Aren't Created Equal"). Symmetric encryption algorithms use a single, private key to encrypt and decrypt information. Encryption and decryption happen faster with only one key than they do for asymmetric algorithms, which use a combination of a public key and a private key. The .NET Framework's symmetric encryption algorithms include the Data Encryption Standard (DES), Ron's Code 2 (RC2), Rijndael, and Triple DES (which goes through three iterations of the DES algorithm) algorithms. Each of them serves as the super class for a .NET managed class (see Table 1).
Each class implements the same interface (not a language interface, but an interface from a conceptual standpoint), which is based on an encryption key and an initialization vector (IV). You must define both properties for the encryption routines to work. The encryption algorithms employ a cipher block chaining method, which uses the previously encrypted cipher block to encrypt the current one; an IV serves as a "seed" that's used to encrypt and decrypt the first block of bytes (see Figure 1). This approach ensures that no two blocks of information, whether or not they're identical, produce the same block of encrypted text. This increases the encryption and decryption routines' complexity. A malicious hacker (or a computer) must guess the value of the IV as well as of the encryption key, which increases dramatically the amount of time it takes to break the encrypted information.
Back to top
|