Although Microsoft offers more than one type of encryption in .NET, the type I explore is symmetric encryption. Symmetric encryption, also known as private key encryption, uses the same key (and essentially the same process) to encrypt and decrypt. Both the encryptor and decryptor must keep the key secret. (In public key, asymmetric encryption, two keys are generated and one of them is made public. This technique is considered the strongest current encryption technology, but it is quite a bit slower than symmetric encryption.)
Before actually encrypting with the .NET encryption classes, you must generate a key from the password a user provides. You can generate the key using a hash function. Hashing in cryptography converts a user's password string into an unrecognizable mish-mash of what look like (and ideally should be) random bits. The mish-mash can be used as a key, which is then employed in the encryption process as a way of uniquely distorting the data.
For example, one way to use a key to encrypt would be to add the ASCII values of the key to the ASCII values of the data:
Key: ab = ASCII: 97, 98
Data: merry = ASCII: 109, 101, 114, 114, 121
So, when you add the values (and repeat the key as necessary), you get the encryption:
97 98 97 98 97
+109 +101 +114 +114 +121
206 199 211 212 218
Hashing always produces the same bit pattern if you provide it with identical data (thus the same password will always generate the same key, if you use the same hashing algorithm). In fact, you can test this process in the example code provided with this article by using the
ComputeHash method of the .NET
SHA1CryptoServiceProvider class. Any time you provide the word morph to this method, for example, you'll reliably get back the following hash: 124, 230, 93, 253, 197, 206, 136, 72. So will anyone else who knows that morph is the secret word.
Determining Your Key Length
The .NET encryption routines expect the keys that you use to be a particular size. For example, the DES (Data Encryption Standard) function wants a key to be 64 bits long, while the Rijndael algorithm wants 128-, 192-, or 256-bit keysall other things being equal, the longer the key, the stronger the encryption. So if you decide to use an algorithm other than DES, you can find out which key sizes it permits by querying the LegalKeySizes property. You can get the MinSize (the smallest key size permitted), the MaxSize (the largest), and the SkipSize (the increment). SkipSize indicates any sizes available between the minimum and maximum sizes. For instance, the SkipSize for the Rijndael algorithm is 64 bits.
You can use the following code to find out the key sizes:
'create the DES Crypto object
des As New DESCryptoServiceProvider()
Dim fd() As KeySizes
fd = des.LegalKeySizes() 'tells us the size(s), in bits
MsgBox("minsize = " & fd(0).MinSize & Chr(13) & "maxsize = " & fd(0).MaxSize &
Chr(13) & "skipsize = " & fd(0).SkipSize)
If you run this code, you'll get 64, 64, 0. But if you change the declaration to
TripleDESCryptoServiceProvider() , you'll get 128, 192, 64.
Note: The DES specification asks for an eight-byte password, but employs only a 56-bit key (seven bytes). The least significant bit in each byte is thrown away (it's used as a parity bit, but is not used in the actual encryption process).