Cryptographic Techniques Objective

Cryptographic Techniques C

hapt

er 1

2

Organizations need to send and receive sensitive data across networks. Such data could be stolen, modified, or misused with malicious intent. To protect sensitive data from being misused, you can use cryptographic techniques, such as encryption and decryption, and hashing.

This chapter discusses how to encrypt and decrypt data for providing data confidentiality. In addition, it discusses how to ensure data integrity using hashing.

In this chapter, you will learn to: Encrypt and decrypt data Implement hashing techniques

Objective

NIIT Cryptographic Techniques 12.3

All organizations need to handle sensitive data. This data can be either present in storage or being exchanged between different entities within and outside the organization over a network. Such data is often prone to misuse either intentionally with malicious intent or unintentionally. To avoid such misuse, organizations need some security mechanism that can ensure confidentiality and integrity of data.

Confidentiality of data ensures that data cannot be read by an unintended entity, which might be a person or an application. Similarly, integrity of data ensures that data is not modified during transmission by any entity. You can ensure the confidentiality and integrity of data by using cryptography.

Cryptography is one of the most popularly used security mechanism to ensure data confidentiality and integrity. One of the cryptography techniques that you can use to protect data is encryption.

Encryption is the process of transforming data into a secured unreadable format. The data that is transformed into a secured unreadable format is known as encrypted data. This data, being in the encrypted form, cannot be read and understood by any user or application without being converted into the original format. Transformation of this encrypted data into a readable format is known as decryption.

Encryption can be of the following types: Symmetric Asymmetric

Symmetric encryption, also known as the secret-key encryption, uses a single key both to encrypt and decrypt data. A key is an object that accepts plain text as input, performs encryption, and returns the encrypted text. The key used to encrypt and decrypt data can be a number, a word, or a string of a specific length depending on the encrypting algorithm being used. The length of a key determines the strength of the encryption. A key with a greater length performs stronger encryption. However, it comes at the cost of speed. Generally, 128-bit keys are considered to be strong and are most commonly used.

The following steps describe the process of symmetric encryption: 1. User A needs to send sensitive data to user B. 2. User A generates a secret key. 3. User A encrypts the data using the secret key.

Encrypting and Decrypting Data

Symmetric Encryption

12.4 Cryptographic Techniques NIIT

Note

4. User A sends the data and the secret key, separately, to user B. 5. User B uses the secret key to decrypt the data.

To make symmetric encryption more secure, you can use an initialization vector (IV) with the secret key. An IV is a random number that generates different sequence of encrypted text for identical sequence of text present in the plain text. When you use an IV with a key to symmetrically encrypt data, you will need the same IV and key to decrypt data.

The symmetric encryption algorithms that the .NET Framework supports are Data Encryption Standard (DES), RC2, Rijndael, and TripleDES. The .NET Framework implements these algorithms through various types in the System.Security.Cryptography namespace.

The SymmetricAlgorithm class is the base class of the algorithm-specific base classes. The following table describes the algorithm-specific base classes and their implementation classes.

Class Description

DES Is an abstract base class for all the classes that implement the DES algorithm. The DESCryptoServicerProvider class is derived from the DES class to support encryption up to 64-bit key length.

RC2 Is an abstract base class for all classes that implement the RC2 algorithm. The RC2CryptoServiceProvider class is derived from the RC2 class to support key lengths from 40 bits to 128 bits in 8-bit increments.

Rijndael Is an abstract base class for all classes that implement the Rijndael symmetric encryption. The RijndealManaged class is derived from the Rijndael class to support key lengths of 128, 192, or 256 bits. The CreateEncryptor() and CreateDecryptor() methods of the RijndealManaged class returns a RijndaelManagedTransform object that is responsible for encrypting and decrypting data.

TripleDES Is an abstract base class for all classes that implement the TripleDES algorithm. The TripleDESCryptoServiceProvider class inherits the TripleDES class to support key lengths from 128 bits to 192 bits in 64-bit blocks.

Algorithm-Specific Base Classes


Note

Each of the preceding classes overrides the members of the SymmetricAlgorithm base class to enable you to perform symmetric encryption based on their implemented algorithms. The following table describes the methods of the SymmetricAlgorithm class that you can use to perform symmetric encryption.

Method Description

GenerateIV() Generates an IV that, along with a secret key, performs encryption

GenerateKey() Generates a random key that, along with an IV, performs encryption

Methods of the SymmetricAlgorithm Base Class

The following table describes the properties of the SymmetricAlgorithm class that you can use to perform symmetric encryption.

Property Description

IV Gets or sets the IV for the symmetric algorithm

Key Gets or sets the secret key for the symmetric algorithm

KeySize Gets or sets the size of the secret key in bits

Properties of the SymmetricAlgorithm Base Class

.NET Framework 3.5 has introduced support for the Advanced Encryption Standard (AES) algorithm with key sizes of 128 and 256 bits for encryption. The Aes class is an abstract base class for all classes that implement the AES symmetric encryption. The AesCryptoServiceProvider class derives from the Aes class to perform symmetric encryptions.

Implementing Symmetric Encryption

When you create an object of an encryption algorithm class using the default constructor, the object is automatically initialized with a key and an IV. The following code snippet shows how to create an object of the DESCryptoServiceProvider class:

DESCryptoServiceProvider key = new DESCryptoServiceProvider();


After creating an object of an encryption algorithm, you can obtain a symmetric encryptor object that will enable you to perform encryption. You can obtain a symmetric encryptor object by calling the CreateEncryptor() method of the DESCryptoServiceProvider class. This method returns a symmetric encryptor object, which is an object of the ICryptoTransform interface.

You can encrypt data using a special stream class known as CryptoStream. When you create an object of the CryptoStream class, you can initialize the CryptoStream class by passing a stream implementation, a symmetric encryptor object, and the mode of a cryptographic stream, which can be either read or write mode.

The following example shows how to initialize a CryptoStream object to encrypt data to a memory stream in write mode:

MemoryStream mStream = new MemoryStream(); CryptoStream mCrypStream = new CryptoStream(mStream, key.CreateEncryptor(), CryptoStreamMode.Write);

Finally, you can initialize a stream writer with a CryptoStream object and write the encrypted data to the underlying stream, which is a memory stream in this example. The following code snippet shows how to write encrypted data to a memory stream:

StreamWriter sw = new StreamWriter(mCrypStream); sw.WriteLine(Data);

The process of decrypting data with symmetric algorithms is similar to the encryption process. To decrypt data, initialize a stream with a byte array containing the encrypted data. You can then initialize a CryptoStream object with the stream, a symmetric decryptor object, and the read mode of the cryptographic stream. You can obtain a symmetric decryptor object by calling the CreateDecryptor() method of the DESCryptoServiceProvider object that was used to perform the encryption. The following code snippet shows how to initialize a CryptoStream object to decrypt data:

MemoryStream mStream = new MemoryStream(mStream.ToArray()); CryptoStream encStream = new CryptoStream(mStream, key.CreateDecryptor(), CryptoStreamMode.Read);

Finally, you can access the original text using a StreamReader object initialized with the CryptoStream object, as shown in the following code snippet:

StreamReader sr = new StreamReader(encStream); string value = sr.ReadLine();


Note

Note

One of the problems with symmetric encryption is that the secret key needs to be exchanged between the sender and the receiver. As a result, anyone with access to the secret key will be able to decrypt the message. To overcome the security issues involved in symmetric encryption, you can use the asymmetric encryption mechanism. Asymmetric encryption involves a key pair that consists of a public key and a private key. The public key is available to anyone who needs to encrypt and send a message. However, the private key is available only to the receiver of the message for decrypting the message.

The public key and the private key have a mathematical relation. The data encrypted by using a public key can only be decrypted by using the corresponding private key.

One drawback of using asymmetric encryption is that it requires more processing power to encrypt and decrypt messages. Therefore, it is slower than symmetric encryption.

The .NET Framework also provides supports the Digital Signature Algorithm (DSA) and RSA (named after Ron Rivest, Adi Shamir and Len Adleman) asymmetric encryption algorithms. The classes implementing these algorithms inherit directly from the abstract AsymmetricAlgorithm base class. The following classes implement the asymmetric algorithms:

DSA: Is an abstract base class for all the classes that implement the DSA algorithm. The DSACryptoServiceProvider class derives from the DSA class to provide an implementation of the DSA algorithm.

RSA: Is an abstract base class for all the classes that implement the RSA algorithm. The RSACryptoServiceProvider class derives from the RSA class to provide an implementation of the RSA algorithm.

In addition to the preceding classes, the .NET Framework 3.5 introduces support for the Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH) algorithms. The ECDSA algorithm is implemented by the ECDsaCng class that enables you to encrypt data with a private key and verify the data with a public key. The ECDH algorithm is implemented by ECDiffieHellmanCng in the .NET Framework to enable asymmetric encryption.

Asymmetric Encryption


Implementing Asymmetric Encryption

When you create a new instance of a class, such as the RSACryptoServiceProvider and DSACryptoServiceProvider classes, to perform asymmetric encryption, a new public/private key pair is generated. After you create a new instance of the class, you can export the key information by using one of the methods as described in the following table.

Method Description

ToXMLString() Returns an XML representation of the key information

ExportParameters() Returns an RSAParameters structure that holds the key information

Methods to Export Key Information

Both these methods accept a Boolean value that indicates whether these should return only the public key information or return both the public key and the private key information.

The following code snippet shows how to create and initialize an RSACryptoServiceProvider object and then export the public key in XML format:

RSACryptoServiceProvider rSA = new RSACryptoServiceProvider(); string publicKey = rSA.ExportParameters(false);

If you pass true to the ExportParameters() method in the preceding code snippet, it will export both the public and private keys in XML format, as shown in the following code snippet:

RSACryptoServiceProvider rSA = new RSACryptoServiceProvider(); string keyPair = rSA.ExportParameters(true);

Encrypting Data

To encrypt data, you need to create a new instance of the RSACryptoServiceProvider class and initialize it with the public key information stored in XML format by calling the FromXmlString() method. If the public key is exported to an RSAParameters structure, you need to call the ImportParameters() method.

The following code snippet shows how to initialize an RSACryptoServiceProvider object with a public key stored in XML format:

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(publicKey);


After the RSACryptoServiceProvider object is initialized with the public key, you can encrypt data by calling the Encrypt() method of the RSACryptoServiceProvider class. The Encrypt() method accepts a byte array of the data to encrypt the array and returns a byte array of the encrypted text , as shown in the following code snippet:

byte[] plainbytes = Encoding.UTF8.GetBytes(textPlaintext.Text); byte[] cipherbytes = rsa.Encrypt(plainbytes, false);

Decrypting Data

To decrypt data, you need to initialize an RSACryptoServiceProvider object using the private key of the key pair whose public key was used for encryption. The following code snippet shows how to create and initialize an RSACryptoServiceProvider object with a private key to perform decryption:

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(keyPair);

When the RSACryptoServiceProvider object is initialized with the private key, you can decrypt data by calling the Decrypt() method of the RSACryptoServiceProvider class. The Decrypt() method accepts a byte array of the encrypted data and returns a byte array of the original data, as shown in the following code snippet:

byte[] plainbytes = rsa.Decrypt(cipherbytes, false);

Using Key Containers

When you use one of the asymmetric cryptographic classes to generate keys, you can use a key container to store the key pair instead of storing it in a file. The .NET Framework provides the CspParameters class to create a key container and to add and remove a key pair to and from the container.

To create a key container named MyKeyContainer using the CspParameters class, you can use the following code snippet:

CspParameters cp = new CspParameters(); cp.KeyContainerName = "MyKeyContainer";

To store the key pair in the key container, you need to pass the CspParameters object to the constructor while creating an asymmetric algorithm implementation object, as shown in the following code snippet:

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);


Note

To retrieve a key pair from the container, you need to first create a new object of the CspParameters class and initialize it with the name of the key container that contains the key pair, as shown in the following code snippet:

CspParameters cp = new CspParameters(); cp.KeyContainerName = "MyKeyContainer";

Then, you need to create a new object of the RSACryptoServiceProvider class that accesses the key container MyKeyContainer to retrieve the key pair, as shown in the following code snippet:

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);

In addition to the discussed symmetric and asymmetric encryption classes, the .NET Framework provides various classes and enumerations for implementing advanced cryptography. You can use the following classes and enumerations to implement advanced cryptography:

The RandomNumberGenerator class The CryptoAPITransform class The CryptoConfig class The ProtectedData class The ProtectedMemory class The CipherAlgorithmType enumeration The ExchangeAlgorithmType enumeration The SslProtocols enumeration

The RandomNumberGenerator Class

The RandomNumberGenerator class acts as the base class for the cryptographic classes that need to generate random numbers. The cryptographic classes generate random numbers to create keys.

The RandomNumberGenerator class is intended for the built-in cryptographic classes. You should not use it in your application code. Instead, you can use the RNGCryptoServiceProvider sub class of the RandomNumberGenerator class. The RNGCryptoServiceProvider class allows applications to generate cryptographically strong random bytes that can be used to create a secret key.

Identifying Advanced Cryptography Types


The following code snippet shows how to use the RNGCryptoServiceProvider object to create a secret key by using random bytes:

byte[] secretkey = new Byte[64]; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetBytes(secretkey);

In the preceding code snippet, the GetBytes() method of RNGCryptoServiceProvider class fills an array of bytes with a cryptographically strong sequence of random values.

The CryptoAPITransform class

The .NET Framework provides the CryptoAPITransform class. This class enables you to create functionality that is common to all cryptographic algorithm implementation classes. The following table describes the important methods of the CryptoAPITransform class.

Method Description

Reset() Resets the internal state of CryptoAPITransform object so that you can use it again to perform a different encryption or decryption

TransformBlock() Computes the transformation for the specified region of the input byte array and copies the resulting transformation to the specified region of the output byte array

TransformFinalBlock() Computes the transformation for the specified region of the specified byte array

Methods of the CryptoAPITransform Class


The following table describes the properties of the CryptoAPITransform class.

Property Description

CanReuseTransform Gets a value indicating whether you can reuse the current transformation

CanTransformMultipleBlocks Gets a value indicating whether you can transform multiple blocks

InputBlockSize Returns the size of the input block

KeyHandle Gets the key handle

OutputBlockSize Gets the size of the output block

Properties of the CryptoAPITransform Class

The CryptoConfig Class

You can use the CryptoConfig class to access the configuration information regarding all the .NET Framework cryptography types. This class is useful when an application needs to decide the cryptographic algorithm to be used at run time. For example, suppose that an application uses the DES algorithm to implement cryptography. At a later time, you decide to use the RSA algorithm because of the newly introduced data security policy of your organization or due to the requirement changes initiated by your client. In this scenario, you either need to create a new application or modify the existing one. Instead, you can use the CryptoConfig class that allows you to use an algorithm by its name, rather than create objects of specific algorithms.

The ProtectedData Class

You can use the ProtectedData class to protect data using the unmanaged Data Protection API (DPAPI) service. This service is provided by the operating system to protect data, such as password and connection strings.


The following table describes some of the methods of the ProtectedData class.

Member Description

Protect() Accepts a byte array of data, encrypts it using the DPAPI service and returns a byte array of the encrypted data

Unprotect() Accepts a byte array of data encrypted using the Protect() method and returns a byte array of the original data

Methods of the ProtectedData Class

The ProtectedMemory Class

You can use the ProtectedMemory class to protect data in memory. The following table describes some of the methods of the ProtectedMemory class.

Member Description

Protect() Accepts a byte array of data in memory and encrypts it

Unprotect() Decrypts a byte array of data in memory encrypted using the Protect() method

Methods of the ProtectedMemory Class

The CipherAlgorithmType Enumeration

You can use the CipherAlgorithmType enumeration to specify the algorithm to use in a Secure Socket Layer (SSL) stream represented by the SslStream class. The following table describes some of the members of the CipherAlgorithmType enumeration.

Member Description

None Indicates that no cipher algorithm is specified

Des Specifies the DES algorithm to use

TripleDes Specifies the TripleDES algorithm to use

RC2 Specifies the RC2 algorithm to use

Members of the CipherAlgorithmType Enumeration


The ExchangeAlgorithmType Enumeration

You can use the ExchangeAlgorithmType enumeration to specify the algorithm to use for creating keys shared by the client and server. The following table describes some of the members of the ExchangeAlgorithmType enumeration.

Member Description

None Indicates that no algorithm is specified

RsaSign Specifies the RSA public key signature algorithm to use

Members of the ExchangeAlgorithmType Enumeration

The SslProtocols Enumeration

You can use the SslProtocols enumeration to specify the algorithm to use for a SSL stream. The following table describes some of the members of the SslProtocols enumeration.

Member Description

None Indicates that no protocol is specified

Tls Specifies the Transport Layer Security (TLS) protocol to use

Members of the SslProtocols Enumeration

Activity 12.1: Implementing Asymmetric Cryptography


Consider a situation where you need to send a sensitive message to a receiver over a public network. As public networks are vulnerable to security threats, you need a mechanism to ensure that your message reaches the receiver in its original state. In such situations, you can use a cryptographic technique, known as hashing, to check the integrity of the message.

Hashing is the process of generating a unique hash value of data by using a hashing algorithm. The following steps describe the process of hashing: 1. User A needs to send a message to user B. 2. User A generates a hash value of the message. 3. User A sends the hash value along with the message to user B. 4. User B generates a new hash value of the message. 5. User B compares the received hash value with the new generated one. If both the

hash values match, the integrity of the message is assured.

The .NET Framework provides several classes that that you can use to generate hash values.

To implement hashing, the .NET Framework provides support for the MD5, SHA1, and HMAC families of algorithms. For each of these algorithms, the .NET Framework provides classes in the System.Security.Cryptography namespace.

All the algorithm-specific classes are derived from the HashAlgorithm base class. The following table describes the commonly used algorithm-specific classes.

Class Description

MD5 Is an abstract base class representing the MD5 algorithm that generates a 128-bit hash value

MD5CryptoServiceProvider

Derives from the MD5 class to provide an implementation of the MD5 algorithm

SHA1 Is an abstract base class representing the SHA-1 algorithm that generates a 160-bit hash value

SHA1CryptoServiceProvider

Derives from the SHA1 class to provide an implementation of the SHA-1 algorithm

Implementing Hashing Techniques

Identifying the Classes Used for Hashing


Note

Class Description

HMAC Is an abstract base class representing the HMAC. A Hash-based Message Authentication Code (HMAC) is used to determine whether a message sent over an insecure channel is tampered or not, provided that the sender and receiver share a secret key. This code uses the MD5 or SHA-1 algorithm in combination with a secret shared key to generate a hash value.

HMACMD5 Derives from the HMAC class to provide an implementation of the HMAC algorithm

Hashing Classes

In addition to the preceding classes, you can use the SHA256CryptoServiceProvider and SHA384CryptoServiceProvider classes introduced in version 3.5 of the .NET Framework. The SHA256CryptoServiceProvider class implements the SHA256 algorithm that implements a 256-bit hashing key. The SHA384CryptoServiceProvider class implements the SHA384 algorithm that enables you to generate a hashing value by using a 256-bit hashing key.

For SSL streams, the HashAlgorithmType enumeration of the System.Security.Authentication namespace provides the Md5 and Sha1 members that represents the MD5 and SHA1 hash algorithm to use.

To implement hashing using the MD5 algorithm, you need to: 1. Generate a hash value of the data by using the MD5CryptoServiceProvider class. 2. Verify the hash value.

Generating a Hash Value

The MD5CryptoServiceProvider class provides the ComputeHash() method that you can use to generate a hash value using the MD5 algorithm. The ComputeHash() method accepts a byte array of the data whose hash value needs to be computed and returns a byte array containing the computed hash value.

Implementing Hashing Using MD5


The following code snippet shows how to compute the hash value of a string: String data = "Hello World"; byte[] source = ASCIIEncoding.ASCII.GetBytes(data); byte[] hashValue = new MD5CryptoServiceProvider().ComputeHash(source);

The hashValue byte array now holds the hash value computed from the source string.

Verifying the Hash Value

To verify the computed hash value, you need to compute a new hash value from the source data, as shown in the following code snippet:

String data = "Hello World"; byte[] receivedSource = ASCIIEncoding.ASCII.GetBytes(data); byte[] newHashValue = new MD5CryptoServiceProvider().ComputeHash(receivedSource);

The simplest way of comparing the original and the newly computed hash values is to loop through the arrays holding the hash values and compare each individual element of the first array with its counterpart in the second array, as shown in the following code snippet:

byte[] newHashValue; byte[] hashValue; ..... ..... bool flag = false; if (newHashValue.Length == hashValue.Length) { int i=0; while ((i < newHashValue.Length) && (newHashValue[i] == hashValue[i])) { i += 1; } if (i == newHashValue.Length) { flag = true; } } if (flag) Console.WriteLine("The hash values are the same"); else Console.WriteLine("The hash values are not the same");

In the preceding code snippet, the first if loop checks whether the lengths of the two byte arrays containing hash values are equal. Inside the if loop, a while loop compares each individual byte of the first array with its counterpart in the second array and


simultaneously increments a counter. Finally, the code snippet compares the value of the counter with the length of the newHashValue byte array. If the values are equal, it is confirmed that both the hash values are same.

MD5 is used widely as a hashing algorithm and is considered to be secure for most applications. However, as MD5 increased in popularity, malicious users started developing techniques to reverse a hash value generated by using MD5. As a result, a new family of hashing algorithms emerged. This new algorithms added an additional iteration to the transformation process, making it more complex to extract the input value. These hashing algorithms, called HMAC, are based on an existing algorithms, such as MD5 or SHA-1.

The .NET Framework provides the HMAC class, which acts as an abstract base class for all the classes that use the HMAC. One such class that derives from the HMAC class is the HMACMD5 class. This class can be used to construct a hash value in combination with the MD5 algorithm and a secret key.

Generating a Hash Value

An object of the HMACMD5 class needs to be initialized with a secret key before computing the hash value of data. You can use an RNGCryptoServiceProvider object to create a secret key with random bytes, as shown in the following code snippet:

byte[] secretkey = new Byte[64]; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetBytes(secretkey);

To compute a hash value, you need to create an object of the HMACMD5 class by passing the secret key to the constructor, as shown in the following code snippet:

HMACMD5 myhmacMD5 = new HMACMD5(secretkey);

Finally, you need to call the overloaded ComputeHash() method by passing the byte array of the data for which you need to compute the hash value, as shown in the following code snippet:

byte[] hashValue = myhmacMD5.ComputeHash(inputDatainByteArray);

The hashValue byte array now holds the hash value computed from the source string.

Implementing Hashing Using HMAC


Note

You can also compute the hash value for retrieved data using a stream by calling the overloaded ComputeHash() method that accepts a Stream object.

Verifying a Hash Value

To verify the computed hash value, you need to compute a new hash value from the source data, as shown in the following code snippet:

Byte [] inputDatainByteArray= ASCIIEncoding.ASCII.GetBytes("Hello"); HMACMD5 hmacMD5 = new HMACMD5(secretkey); byte[] newComputedHash = hmacMD5.ComputeHash(inputDatainByteArray);

Finally, you can compare the original and the newly computed hash value exactly in the same manner in which you have compared the hash values generated using the MD5 algorithm.

Activity 12.2: Securing Data through Hashing


1. Which of the following classes support asymmetric encryption? a. DES

b. RC2

c. Rijndael

d. RSA

2. Which of the following symmetric encryption algorithms support key lengths from 128 bits to 192 bits in 64-bit blocks? a. DES b. TripleDES c. RSA d. Rijndael

3. Which of the following methods of the DESCryptoServiceProvider class creates a decryptor object to decrypt data? a. CreateDecryptor()

b. Decrypt()

c. ExportParameters()

d. GetDecryptor()

4. Which of the following classes generate a hash value from data? a. MD5CryptoServiceProvider

b. RNGCryptoServiceProvider

c. DESCryptoServicerProvider

d. RijndealManaged

5. Which of the following classes enable generating random values for cryptographic keys? a. TripleDESCryptoServiceProvider

b. AesCryptoServiceProvider

c. CryptoConfig

d. RNGCryptoServiceProvider

Practice Questions


In this chapter, you learned that: Cryptography is a mechanism to ensure data confidentiality and integrity. Encryption is the process of converting plain text to encrypted text. The reverse

process is called decryption. Encryption can be symmetric and asymmetric. Symmetric encryption, also known as the secret-key encryption, uses a single key to

encrypt and decrypt data. The symmetric encryption classes of the .NET Framework require a key and an IV to

encrypt and decrypt data. The CryptoStream class enables encrypting and decrypting data from any managed

stream object. Asymmetric encryption uses two related keys, public and private keys. The public key is freely available to anyone who wants to send you an encrypted

message. The private key is kept secret and is used to decrypt message. The .NET Framework supports the DSA and RSA asymmetric encryption

algorithms. You can securely store secret keys used in asymmetric encryption in key containers. The RandomNumberGenerator class provides you with methods to generate random

numbers. You can use hashing techniques to verify the integrity of messages transmitted over a

network. The process of transforming a string of characters into a fixed length value that

represents the original string is called hashing. You can generate hash values by using the MD5CryptoServiceProvider,

SHA1CryptoServiceProvider, and HMACMD5 classes.

Summary


Documents

Cryptographic Techniques Objective