rior to the .NET Framework, programming encryption was sort of an obstacle race. You first had to find the right algorithm, then set up the key, and finally struggle with the programming interface of the library. With the .NET Framework, doing encryption is no longer a cryptic task. Simple and well-designed classes let you tackle symmetric, asymmetric, and hash algorithms.
Cryptography is as ancient as the world is. Have you heard about the ingenious tricks performed by Roman commanders such as Julius Caesar and Augustus to send orders to detached troops? They scrambled their messages by mapping letters in the alphabet with another letter by a fixed number of positions. This number was the actual key to decode the message. In particular, Caesar used to shift letters by 3 positions (A becomes D and Z becomes C), whereas Augustus preferred to shift by 1. Caesar's cipher book probably was the predecessor of today's public key encryption algorithms. A good set of cryptographic tools is vital in many sectors of the software industry. Cryptography protects the confidentiality of the data being exchanged, but it also prevents attacks that a sniffer could plan once he or she knows internal aspects of the system. Using cryptography you can make connections safer as your code enables reliable and secure user authentication.
Cryptography itself is not that difficult to work with, but it can have an overly complex API. Since in many real-world scenarios you can't just do without encryption, the more a software platform supports you with easy-to-use tools, the better. A good measure to evaluate such tools is the level of expertise in the cryptographic science they assume. In the .NET Framework, cryptographic services have been designed to smooth difficulties quite a bit. As a result, using cryptographic providers and encryption classes is not harder than using, say, XML readers or ADO.NET data relations.
In this article I'll take you on a whistle-stop tour of cryptography in the .NET Framework. I'll discuss symmetric and asymmetric algorithms as well as hashing techniques. After that, I'll show you practical implementations of encryption and hashing on disk files and streams. Using encryption in Web applications is nearly identical to using it in Windows applications. The final part of this article discusses how the ASP.NET infrastructure makes use of encryption internally.
Cryptography is the science (or is it better described as an art?) that encrypts information so that it looks completely different from the originalscrambled and camouflaged. Cryptography must be a two-way and lossless channel. In other words, there must be a way for a user to decrypt the encrypted information and regain the original information. Only one user should be able to perform this taskthe user who holds the key used to encrypt. Generations of scientists and mathematicians and even hobbyists have worked hard to come up with effective techniques to define keys and generate algorithms.
|Hash values represent an effective way to verify the integrity of the data being received over a potentially insecure channel.|
Cryptography serves three main purposes: confidentiality, data integrity, and authentication. Confidentiality
means that data is scrambled and hidden from ill-intentioned, or simply too curious, eyes. Data integrity
prevents tampering with the data, whereas authentication
consists in verifying the identity of the sender to ensure that he or she is exactly who they say that they are.
Cryptography recognizes four main categories of functions: symmetric algorithms, asymmetric algorithm, signatures, and hash algorithms.
- Symmetric algorithms perform a transformation on data, camouflaging its real contents. In doing so, it employs a single secret key to both encrypt and decrypt data. Each individual who gets the key can decrypt any file encrypted with the same key.
- Asymmetric algorithms use a pair of keys, known as public/private keys. Anyone can use a public key to encrypt data. Only a particular private key, though, can decrypt that content. To set up a public key encryption, you must use a pair of public and private keys that are mathematically linked. Once you obtain a pair of keys, you keep the private key for yourself and distribute the public key to anyone that needs to send data to you. The algorithm is said to be asymmetric because two different keys are involvedone to encrypt and one to decrypt.
- A digital signature is designed to ensure that any received data originates from a specific user. A digital signature is a block of data that is unique to a party.
- People often use hash functions to digitally sign documents. A hash function creates a fixed-length array of bytes given a block of data of any length. More importantly, the hash code generated is mathematically guaranteed to be random and unique and not particularly affine to the data. Put another way, two nearly identical streams of data generate radically different hash codes.