Cryptography in the .NET Framework
On this page
Overview
The .NET Framework provides a comprehensive set of cryptographic services that enable developers to secure data, sign and verify messages, and manage certificates. These services are exposed through a set of classes in the System.Security.Cryptography namespace and related namespaces.
Key Namespaces
- System.Security.Cryptography – Core hashing, encryption, and digital signature classes.
- System.Security.Cryptography.X509Certificates – Working with X.509 certificates.
- System.Security.Cryptography.Xml – XML digital signatures and encryption.
Important Classes
| Class | Purpose |
|---|---|
SHA256 | Computes SHA‑256 hash values. |
RSA | Implements RSA asymmetric encryption and signing. |
Aes | Provides AES symmetric encryption. |
HMACSHA1 | Computes HMAC using SHA‑1. |
X509Certificate2 | Represents an X.509 certificate with a private key. |
Supported Algorithms
The framework supports a wide range of algorithms, grouped into hashing, symmetric, and asymmetric categories.
- Hashing: MD5, SHA‑1, SHA‑256, SHA‑384, SHA‑512
- Symmetric: AES, DES, TripleDES, RC2
- Asymmetric: RSA, DSA, ECDsa
- Message Authentication: HMAC, CMAC
Code Examples
Hashing with SHA‑256
// Compute SHA‑256 hash for a string
using System;
using System.Text;
using System.Security.Cryptography;
class Sha256Demo
{
static void Main()
{
string input = "Hello, World!";
byte[] bytes = Encoding.UTF8.GetBytes(input);
using (SHA256 sha = SHA256.Create())
{
byte[] hash = sha.ComputeHash(bytes);
Console.WriteLine("SHA‑256: " + BitConverter.ToString(hash).Replace("-", ""));
}
}
}
Encrypting with AES
// AES encryption/decryption example
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
class AesDemo
{
static void Main()
{
var key = Encoding.UTF8.GetBytes("0123456789ABCDEF0123456789ABCDEF");
var iv = Encoding.UTF8.GetBytes("ABCDEF0123456789");
string plaintext = "Sensitive data";
byte[] encrypted = Encrypt(plaintext, key, iv);
string decrypted = Decrypt(encrypted, key, iv);
Console.WriteLine($"Encrypted: {Convert.ToBase64String(encrypted)}");
Console.WriteLine($"Decrypted: {decrypted}");
}
static byte[] Encrypt(string plain, byte[] key, byte[] iv)
{
using (Aes aes = Aes.Create())
{
aes.Key = key; aes.IV = iv;
using var encryptor = aes.CreateEncryptor();
using var ms = new MemoryStream();
using var cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write);
using (var sw = new StreamWriter(cs))
sw.Write(plain);
return ms.ToArray();
}
}
static string Decrypt(byte[] cipher, byte[] key, byte[] iv)
{
using (Aes aes = Aes.Create())
{
aes.Key = key; aes.IV = iv;
using var decryptor = aes.CreateDecryptor();
using var ms = new MemoryStream(cipher);
using var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read);
using var sr = new StreamReader(cs);
return sr.ReadToEnd();
}
}
}
Signing with RSA
// Create a digital signature using RSA
using System;
using System.Security.Cryptography;
using System.Text;
class RsaSignDemo
{
static void Main()
{
string message = "Message to sign";
byte[] data = Encoding.UTF8.GetBytes(message);
using (RSA rsa = RSA.Create())
{
rsa.KeySize = 2048;
byte[] signature = rsa.SignData(data, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Console.WriteLine("Signature: " + Convert.ToBase64String(signature));
bool verified = rsa.VerifyData(data, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
Console.WriteLine("Verified: " + verified);
}
}
}