Browse DevX
Sign up for e-mail newsletters from DevX


Keeping Secrets: A Guide to VB .NET Cryptography : Page 2

Learn how to use the .NET encryption and key-generating classes in your own VB programming to maintain secret files on your hard drive or encrypt files before sending them over the Internet.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

Although Microsoft offers more than one type of encryption in .NET, the type I explore is symmetric encryption. Symmetric encryption, also known as private key encryption, uses the same key (and essentially the same process) to encrypt and decrypt. Both the encryptor and decryptor must keep the key secret. (In public key, asymmetric encryption, two keys are generated and one of them is made public. This technique is considered the strongest current encryption technology, but it is quite a bit slower than symmetric encryption.)

Before actually encrypting with the .NET encryption classes, you must generate a key from the password a user provides. You can generate the key using a hash function. Hashing in cryptography converts a user's password string into an unrecognizable mish-mash of what look like (and ideally should be) random bits. The mish-mash can be used as a key, which is then employed in the encryption process as a way of uniquely distorting the data.

For example, one way to use a key to encrypt would be to add the ASCII values of the key to the ASCII values of the data:

Key: ab = ASCII: 97, 98 Data: merry = ASCII: 109, 101, 114, 114, 121

So, when you add the values (and repeat the key as necessary), you get the encryption:

97 98 97 98 97 +109 +101 +114 +114 +121 206 199 211 212 218

Hashing always produces the same bit pattern if you provide it with identical data (thus the same password will always generate the same key, if you use the same hashing algorithm). In fact, you can test this process in the example code provided with this article by using the ComputeHash method of the .NET SHA1CryptoServiceProvider class. Any time you provide the word morph to this method, for example, you'll reliably get back the following hash: 124, 230, 93, 253, 197, 206, 136, 72. So will anyone else who knows that morph is the secret word.

Determining Your Key Length
The .NET encryption routines expect the keys that you use to be a particular size. For example, the DES (Data Encryption Standard) function wants a key to be 64 bits long, while the Rijndael algorithm wants 128-, 192-, or 256-bit keys—all other things being equal, the longer the key, the stronger the encryption. So if you decide to use an algorithm other than DES, you can find out which key sizes it permits by querying the LegalKeySizes property. You can get the MinSize (the smallest key size permitted), the MaxSize (the largest), and the SkipSize (the increment). SkipSize indicates any sizes available between the minimum and maximum sizes. For instance, the SkipSize for the Rijndael algorithm is 64 bits.

You can use the following code to find out the key sizes:

'create the DES Crypto object des As New DESCryptoServiceProvider()   Dim fd() As KeySizes fd = des.LegalKeySizes() 'tells us the size(s), in bits MsgBox("minsize = " & fd(0).MinSize & Chr(13) & "maxsize = " & fd(0).MaxSize &
Chr(13) & "skipsize = " & fd(0).SkipSize)

If you run this code, you'll get 64, 64, 0. But if you change the declaration to TripleDESCryptoServiceProvider() , you'll get 128, 192, 64.

Note: The DES specification asks for an eight-byte password, but employs only a 56-bit key (seven bytes). The least significant bit in each byte is thrown away (it's used as a parity bit, but is not used in the actual encryption process).

Thanks for your registration, follow us on our social networks to keep up-to-date