Asymmetrical Encryption

Team Fly 

Page 151

In this code, you first create a key and an IV, then create a byte array (barray) holding the plaintext. You use the ComputeHash method to get the hash value of the plaintext. (Notice that these techniques require lots of byte arrays—so far, you've used four of them.) Then you use a cryptostream object to encrypt and save the results (the ciphertext) to a file, and then to append the encrypted hash values to the same file. Both your encryption and decryption procedures know how many bytes to remove from the end of the file because the hash value size (in bytes) is available from the SHA1 hashing object. For example, the decryption routine reads this value from the SHA1's HashSize property:

 Dim hashSize As Integer = sha1.HashSize / 8 

The results reported from this property are in bits (who knows why?) so you have to divide by 8 to get the actual number of bytes. The answer for SHA1 is 20 bytes.

The Decrypt procedure mostly follows the same steps as the encryption procedure. First you define a key and vector, then you open the file into a filestream and decrypt it via a cryptostream, and finally you are ready to test the hash. Recall that the hash values in the encrypting procedure were calculated only on the plaintext message, not on the entire contents sent to the file. You cannot get into the house of mirrors that would be created were you to try to get a hash value of your plaintext+hashvalue.

So, in the decryption procedure you create a byte array (sArray) that holds the entire file contents (ciphertext+hashvalue). Then you extract the hash value from the message portion of (sArray.Length - hashSize). In other words, you subtract the length of the hash value (hashSize) from the size of the byte array.

Next you extract the hash value that was appended to the file, and store those 20 bytes into the byte array messageHashValue. Finally, you use a loop to compare each byte in the message's hash value (messageHashValue) to each byte in the hash value computed in the decrypt procedure (hash Value). If any of the 20 bytes don't match, you alert the user that tampering occurred and that the ciphertext file's integrity has been compromised.

Asymmetrical Encryption

It's slower, but stronger. Asymmetrical encryption technology was illegal only a few years ago. The government felt that the bad guys—mobsters, dealers, wheeler dealers, lounge lizards, Eurotrash, and whatnot—would have a way of communicating that the FBI and others couldn't monitor. The problem with these laws was the usual one: laws don't deter lawbreakers.

The law against strong encryption was withdrawn. So now you can go ahead and use the most advanced encryption, asymmetrical algorithms. They're asymmetrical because the method used to encrypt is different from the method used to decrypt. It's a little more cumbersome than symmetrical systems, though, and slower. Because it's slower, you quite frequently find people using an asymmetric system such as RSA to encrypt the keys, but encrypting the actual plaintext message with a faster symmetrical system such as DES.

RSA and other asymmetric systems allow quite a bit of information to be public. They're sometimes even called public key systems. Three elements are permitted to be viewed by everyone, including any intruders: the enciphering process itself (the algorithm used to encipher and decipher), the ciphertext message, and a key. With all that information, Eve should be able to figure out the plaintext, don't you imagine? Guess again.

Team Fly 


Visual Basic  .NET Power Tools
Visual Basic .NET Power Tools
ISBN: 0782142427
EAN: 2147483647
Year: 2003
Pages: 178

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net