Encryption in .NET

The data encryption and security features included with .NET appear in the System.Security.Cryptography namespace. Most of the classes in this namespace implement various well-known encryption algorithms that have been accepted by organizations and governments as dependable encryption standards. For instance, the DESCryptoServiceProvider class provides features based on the Data Encryption Standard (DES) algorithm, an algorithm originally developed by IBM in the mid-1970s.

Symmetric Cryptography

Symmetric cryptography uses a single secret key to both encrypt and decrypt a block of data. Although these algorithms are often quite fast (when compared to asymmetric cryptography), the need to share the full secret key with others in order to share data may make them inherently less secure. Still, for many applications, "secret key encryption" is sufficient.

The .NET Framework includes support for four symmetric encryption algorithms.

• Data Encryption Standard (DES), a 56-bit block cipher with primary support through the DESCryptoServiceProvider class. This algorithm is generally secure, but due to its small key size (smaller keys are more easily compromised), it is inappropriate for highly sensitive data.

• RC2 (Rivest Cipher number 2), a 56-bit block cipher with primary support through the RC2CryptoServiceProvider class. The cipher was originally developed by Lotus for use in its Lotus Notes product. It is not excitingly secure, but for this reason, it was given more favorable export freedoms by the United States government.

• Rijndael (derived from the names of its two designers, Daemen and Rijmen), a variable bit (between 128 to 256 bits) block cipher with primary support through the RijndaelManaged class. It is related to a similar algorithm named Advanced Encryption Standard (AES), and is the most secure of the secret key algorithms provided with .NET.

• Triple DES, a block cipher that uses the underlying DES algorithm three times to generate a more secure result, with primary support through the TripleDESCryptoServiceProvider class. Although more secure than plain DES, it is still much more vulnerable than the Rijndael or AES standard.

The various "provider" classes are tools that must be used together with other cryptography classes to work properly. For instance, this sample code (based on code found in the MSDN documentation) uses the DESCryptoServiceProvider and CryptoStream classes, both members of System.Security.Cryptography, to jointly encrypt and decrypt a block of text.

Imports System Imports System.IO Imports System.Text Imports System.Security.Cryptography Class CryptoMemoryStream    Public Shared Sub Main()       ' ----- Encrypt then decrypt some text.       Dim key As New DESCryptoServiceProvider       Dim encryptedVersion() As Byte       Dim decryptedVersion As String       ' ----- First, encrypt some text.       encryptedVersion = Encrypt("This is a secret.", key)       ' ----- Then, decrypt it to get the original.       decryptedVersion = Decrypt(encryptedVersion, key)     End Sub Public Shared Function Encrypt(origText As String, _       key As SymmetricAlgorithm) As Byte()    ' ----- Uses a crytographic memory stream and a    '       secret key provider (DES in this case)    '       to encrypt some text.    Dim baseStream As New MemoryStream    Dim secretStream As CryptoStream    Dim streamOut As StreamWriter    Dim encryptedText() As Byte    ' ----- A memory stream just shuffles data from    '       end to end. Adding a CryptoStream to it    '       will encrypt the data as it moves through    '       the stream.    secretStream = New CryptoStream(baseStream, _       key.CreateEncryptor(), CryptoStreamMode.Write)    streamOut = New StreamWriter(secretStream)    streamOut.WriteLine(origText)    streamOut.Close()    secretStream.Close()    ' ----- Move the encrypted content into a useful    '       byte array.    encryptedText = baseStream.ToArray()    baseStream.Close()    Return encryptedText End Function Public Shared Function Decrypt(encryptedText() As Byte, _       key As SymmetricAlgorithm) As String    ' ----- Clearly, this is the opposite of the    '       Encrypt() function, using a stream reader    '       instead of a writer, and the key's    '       "decryptor" instead of its "encryptor."    Dim baseStream As MemoryStream    Dim secretStream As CryptoStream    Dim streamIn As StreamReader    Dim origText As String    ' ----- Build a stream that automatically decrypts    '       as data is passed through it.    baseStream = New MemoryStream(encryptedText)    secretStream = New CryptoStream(baseStream, _       key.CreateDecryptor(), CryptoStreamMode.Read)    streamIn = New StreamReader(secretStream)       ' ----- Move the decrypted content back to a string.       origText = streamIn.ReadLine()       streamIn.Close()       secretStream.Close()       baseStream.Close()       Return origText    End Function End Class 

This code combines a DES encryption class with a Stream, a common tool in .NET applications for transferring data from one state or location to another. (Streams are a primary method used to read and write files.) Streams are not too hard to use, but the code still seems a little convoluted. Why doesn't the DESCryptoServiceProvider class simply include Encrypt and Decrypt methods? That's my question, at least. I'm sure it has something to do with keeping the class generic for use in many data environments. Still, as chunky as this code is, it's sure a lot easier than writing the encryption code myself. And it's general enough that I could swap in one of the other secret key algorithms without very much change in the code.

Asymmetric Cryptography

In secret key cryptography, you can use any old key you wish to support the encryption and decryption process. As long as you keep it a secret, the content of the key itself isn't really too important. The same cannot be said, though, of asymmetric (public key) cryptography. Because separate keys are used to encrypt and decrypt the data, specific private and public keys must be crafted specifically as a pair. You can't just select random public and private keys and hope that they work together.

The components used to support asymmetric cryptography include "generators" that emit public and private key pairs. Once generated, these keys can be used in your code to mask sensitive data. And due to the large key size, it's very difficult for anyone to hack into your encrypted data.

Public key encryption is notoriously slow; it takes forever and a day to encode large amounts of data using the source key. This is one of the reasons that the Founding Fathers didn't use public key encryption on the Declaration of Independence. Because of the sluggish performance of asymmetric encryption, many secure data systems use a combination of public-key and secret-key encryption to protect data. The initial authorization occurs with public-key processes, but once the secure channel opens, the data passed between the systems gets encrypted using faster secret-key methods.

.NET includes two public key cryptography classes for your encrypting and decrypting pleasure.

• Digital Signature Algorithm (DSA), an algorithm designed by the United States government for use in digital signatures, with primary support through the DSACryptoServiceProvider class.

• The RSA algorithm (named after its founders: Ron Rivest, Adi Shamir, and Len Adleman), an older though generally secure asymmetric algorithm, with primary support through the RSACryptoServiceProvider class.

I won't be using asymmetric encryption in the Library Project. While the code needed to use these providers is interesting, and while the background information on prime number generation and large number factorization is fascinating, such discussions are beyond the scope of this book.

Hashing

Although hashing algorithms do not give you the ability to encrypt and decrypt data at will, they are useful in supporting systems that secure and verify data content. In fact, hashing is the one cryptography component that we will directly code in the Library Project, so stay alert.

Coming up with a hashing algorithm is easy. It took the best minds of the National Security Agency and the Massachusetts Institute of Technology to come up with reliable secret-key and public-key encryption systems, but you can develop a hashing algorithm in just a few minutes. A few years ago, I wrote my own hashing algorithm that I used for years in business applications. That fact alone should prove how simple and basic they can be. Here's a hashing algorithm I just made up while I was sitting here.

Public Function HashSomeText(ByVal origText As String) As Long    ' ----- Create a hash value from some data.    Dim hashValue As Long = 0&    Dim counter As Long    For counter = 1 To Len(origText)       hashValue += Asc(Mid(origText, counter, 1))       If (hashValue > (Long.MaxValue * 0.9)) Then _          hashValue /= 2       Next counter       Return hashValue End Function 

In the code, I just add up the ASCII values of each character in the text string, and return the result. I do a check in the loop to make sure I don't exceed 90% of the maximum Long value; I don't want to overflow the hashValue variable and generate an error. Although HashSomeText does generate a hashed representation of the input data, it also has some deficiencies.

• It's pretty easy to guess from the hash value whether the incoming content was short or long. Shorter content will usually generate small numbers, and larger output values tend to indicate longer input content.

• It's not very sensitive to some types of content changes. For instance, if you rearrange several characters in the content, it probably won't impact the hash value. Changing a character will impact the value, but if you change one character from "A" to "B" and another nearby letter from "T" to "S," the hash value will remain unchanged.

• The shorter the content, the greater the chance that two inputs will generate the same hash value.

Perhaps you want something a little more robust. If so, .NET includes several hashing tools.

• Hash-based Message Authentication Code (HMAC) calculated using the Secure Hash Algorithm number 1 (SHA-1) hash function, made available through the HMACSHA1 class. It uses a 160-bit hash code. There are no specific restrictions on the length of the secret key used in the calculation. While suitable for low-risk situations, the SHA-1 algorithm is susceptible to attack.

• Message Authentication Code (MAC) calculated using the Triple-DES secret key algorithms (described earlier), made available through the MACTripleDES class. The secret key used in the calculation is either 16 or 24 bytes long, and the generated value is 8 bytes in length.

• Message-Digest algorithm number 5 (MD5) hash calculation, made available through the MD5CryptoServiceProvider class. MD5 is yet another super-secret algorithm designed by Ron Rivest (that guy is amazing), but it has been shown to contain some flaws that could make it an encoding security risk. The resulting hash value is 128 bits long.

• Like the HMACSHA1 class, the SHA1Managed class computes a hash value using the SHA-1 hash function. However, it is written using .NET managed code only. HMACSHA1 and some of the other cryptographic features in .NET are simply wrappers around the older Cryptography API (CAPI), a pre-.NET DLL library. SHA1Managed uses a 160-bit hash code.

• Three other classes SHA256Managed, SHA384Managed, and SHA512Managedare similar to the SHA1Managed class, but use 256-bit, 384-bit, and 512-bit hash codes, respectively.

Each of these algorithms uses a secret key that must be included each time the hash is generated against the same set of input data. As long as the input data is unchanged, and the secret key is the same, the resulting hash value will also remain unchanged. By design, even the smallest change in the input data generates major changes in the output hash value.