Implementing Data Encryption

Previous page
Table of content
Next page


Chapter 7 demonstrates that the .NET Framework provides a number of ways to encrypt and decrypt data. You have a number of choices to make, such as the use of symmetric or asymmetric encryption. Remember that the asymmetric technique found in the System.Security .Cryptography.AsymmetricAlgorithm class relies on a public/private key pair, making it the logical choice for Web communications because you can trust others with the public key, while keeping the private key safe on your system. The use of two keys makes it possible to work with others in a secure manner without exposing yourself to needless risk.

Encryption also relies on an encryption technique and a specific hash algorithm. When working with Web-based algorithms, you need to consider the likes, dislikes, and requirements of the other participants in a data exchange. The most common encryption technique in use today is Rivest, Shamir, and Adleman (RSA). You can find this algorithm in the RSA class and the implementation in the RSACryptoServiceProvider class. The example in the “Using Asymmetric Cryptography” section of Chapter 7 demonstrates the basics of working with this technology.

Some developers see data encryption as an all or nothing undertaking. The facts are less clear. You actually have multiple encryption choices and strategies to choose from when working with Web applications. However, you can group these approaches into whole message or individual element categories. When you use SSL to create an application, the system encrypts the entire message. (See the “Creating an SSL Application” section for details.) Encryption and decryption time is one reason why SSL communication takes so much time. Likewise, you can implement channel sinks to perform the task if you don’t want to rely on a pure SSL approach (see the “Understanding Remoting and Code Access Security” section for details). A channel sink lets you maintain control over the communication.

Encryption always increases the size of the message, consumes additional processing time, and generally slows everything down. Consequently, the smart developer uses enough encryption to ensure sensitive data remains safe, but not so much encryption that the system slows to an unacceptable speed. Desktop applications have faster communication channels, so full message encryption isn’t quite as much a burden as with Web applications. Partial message encryption is much faster and resource efficient when working with Web applications. You can see an example of one approach to this problem in the example in the “Understanding Remoting and Data Encryption” section.


Previous page
Table of content
Next page
.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168
Authors: John Paul Mueller
BUY ON AMAZON
Java How to Program (6th Edition) (How to Program (Deitel))
Data Structures and Algorithms in Java
File System Forensic Analysis
Special Edition Using FileMaker 8
Programming .Net Windows Applications
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy