Cryptography in .NET

The .NET Framework provides a rich set of classes for implementing cryptographic operations, allowing developers to secure data and communications effectively. These classes are part of the System.Security.Cryptography namespace and cover a wide range of cryptographic algorithms and functionalities.

Key Concepts and Classes

Understanding the core concepts is crucial. .NET's cryptography model supports both symmetric and asymmetric encryption, hashing, digital signatures, and random number generation.

Symmetric Cryptography

Symmetric encryption uses the same key for both encryption and decryption. It's generally faster than asymmetric encryption and is suitable for encrypting large amounts of data.

Key Classes:

AesManaged (Advanced Encryption Standard): A modern and widely adopted symmetric algorithm.
RijndaelManaged: The .NET implementation of the Rijndael algorithm, the basis for AES.
DES, TripleDES: Older symmetric algorithms, generally not recommended for new applications due to security concerns.

Example of AES encryption:


using System;
using System.Security.Cryptography;
using System.Text;

public class SymmetricExample
{
    public static void Main(string[] args)
    {
        string original = "This is a secret message.";
        using (AesManaged aes = new AesManaged())
        {
            // Generate a key and IV
            aes.GenerateKey();
            aes.GenerateIV();

            // Encrypt the string
            byte[] encrypted = EncryptString(original, aes.Key, aes.IV);
            Console.WriteLine($"Encrypted: {Convert.ToBase64String(encrypted)}");

            // Decrypt the string
            string decrypted = DecryptString(encrypted, aes.Key, aes.IV);
            Console.WriteLine($"Decrypted: {decrypted}");
        }
    }

    public static byte[] EncryptString(string plainText, byte[] Key, byte[] IV)
    {
        using (var ms = new System.IO.MemoryStream())
        using (var aes = new AesManaged { Key = Key, IV = IV })
        {
            using (var cryptoStream = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
            {
                byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);
                cryptoStream.Write(plainBytes, 0, plainBytes.Length);
                cryptoStream.FlushFinalBlock();
                return ms.ToArray();
            }
        }
    }

    public static string DecryptString(byte[] cipherText, byte[] Key, byte[] IV)
    {
        using (var ms = new System.IO.MemoryStream(cipherText))
        using (var aes = new AesManaged { Key = Key, IV = IV })
        {
            using (var cryptoStream = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Read))
            {
                using (var reader = new System.IO.StreamReader(cryptoStream, Encoding.UTF8))
                {
                    return reader.ReadToEnd();
                }
            }
        }
    }
}

Asymmetric Cryptography

Asymmetric encryption uses a pair of keys: a public key for encryption and a private key for decryption. This is useful for secure key exchange and digital signatures.

Key Classes:

RSA (Rivest–Shamir–Adleman): A widely used asymmetric algorithm.
DSASigFormatter, DSASigDeformatter: For Digital Signature Algorithm.

Hashing

Hashing algorithms produce a fixed-size "fingerprint" of data. They are one-way functions; you cannot recover the original data from the hash. Hashing is used for data integrity verification and password storage.

Key Classes:

SHA256Managed, SHA384Managed, SHA512Managed: Secure Hash Algorithms (SHA-2 family).
MD5CryptoServiceProvider: Message Digest 5 (MD5), considered cryptographically broken and not suitable for security-sensitive applications.

Example of SHA256 hashing:


using System;
using System.Security.Cryptography;
using System.Text;

public class HashingExample
{
    public static void Main(string[] args)
    {
        string dataToHash = "This string will be hashed.";
        string hash = ComputeSha256Hash(dataToHash);
        Console.WriteLine($"The SHA256 hash of '{dataToHash}' is: {hash}");
    }

    public static string ComputeSha256Hash(string rawString)
    {
        using (SHA256 sha256Hash = SHA256.Create())
        {
            byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(rawString));
            StringBuilder builder = new StringBuilder();
            for (int i = 0; i < bytes.Length; i++)
            {
                builder.Append(bytes[i].ToString("x2"));
            }
            return builder.ToString();
        }
    }
}

Digital Signatures

Digital signatures use asymmetric cryptography to provide authentication, integrity, and non-repudiation. A sender signs data with their private key, and the recipient verifies the signature using the sender's public key.

Random Number Generation

Secure and unpredictable random numbers are essential for cryptographic operations like key generation. The RNGCryptoServiceProvider class provides a cryptographically strong random number generator.

Best Practice: Always use the latest, secure algorithms like AES and SHA-256/384/512. Avoid deprecated algorithms like DES and MD5 for security-critical tasks.

« Previous: Security Overview Next: Authentication »