This article has been
excerpted from book "The Complete Visual C# Programmer's Guide" from the Authors
of C# Corner.
Cryptography, an area of discrete mathematics, gives you additional means of
protecting your data from security threats. Cryptographic techniques provide the
following security measures:
- Confidentiality-information remains hidden
from anyone for whom it is not intended. To prevent "eavesdropping," data is
encrypted before it is transmitted over an insecure channel.
- Integrity-data has not been altered during
transmission.
- Nonrepudiation-the sender of a message
cannot deny sending the message.
- Antireplay prevention-a message is not a
replay of some part of a previous communication session.
- Authentication-an entity proves its
identity to other entities. Authentication prevents an entity from
successfully disguising itself.
Cryptography implements these security measures
through the use of mathematical techniques that encrypt and decrypt data. The
process consists of two parts: the creation of codes to secure communications
and data, and the deciphering of those codes.
Cryptographic algorithms associate your original data, called plaintext or
cleartext, with a key to generate encrypted data, called ciphertext. The
algorithms also associate ciphertext with a decryption key to convert the data
to its original form again. The encryption and decryption keys can be the same
key or two different keys, depending on the cryptography algorithms.
Let's start with a simple example to illustrate the concept. The following
algorithm encrypts data with key k1 to create CipheredDATA.
CipheredDATA = Encryptk1(DATA)
To get the original DATA, you decrypt the CipheredDATA with key k1.
DATA = Decryptk1(CipheredDATA)
It is difficult but not impossible for hackers to understand the original DATA
without key k1. The hackers must find what k1 is to start the decryption. This
simple example illustrates symmetric (secret-key) cryptography, in which a
single key is used to encrypt and decrypt data. In asymmetric (or public-key)
cryptography, a public key encrypts the data, and the recipient uses his or her
private key to decrypt the data.
Real cryptography algorithms are much more complex than the one in the example
because the mathematicians who develop algorithms have considered almost all of
the known approaches to deducing those algorithms. If you want an even greater
degree of sophistication, you can use steganography to hide one set of data
within another in a way that allows it to be extracted later. Steganography is
best used with cryptography, although cryptography need not be used with
steganography unless you want to conceal the fact that you are hiding data
through encryption.
The .NET Framework provides a set of cryptographic classes that offer
encryption, digital signatures, hashing, and random-number generation, which
implement well-known algorithms such as RSA, DSA, Rijndael/AES, Triple DES, DES,
and RC2, as well as the MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hash
algorithms. Let's briefly look at some of these cryptography algorithms:
- RSA (Rivest-Shamir-Adleman), a public-key
cryptosystem for encryption and authentication, was invented in 1977 by the
founders of RSA Data Security, Inc. RSA accepts a variable key length.
- Digital Signature Algorithm (DSA) is used
to generate and verify signatures.
- Data Encryption Standard (DES) is an
encryption block cipher defined and endorsed by the National Institute of
Standards and Technology (NIST) in 1977 as a U.S. government standard. It
has become the best-known and most widely used symmetric cryptosystem in the
world. DES uses a 64-bit block size and a 56-bit key.
- Triple DES (3DES) consists of running DES
three times using three distinct keys.
- RC2 and the more recent RC4 and RC5 are
developed by RSA Data Security for use in place of DES.
- MD2 and the more recent MD4 and MD5,
developed by one of the founders of RSA Data Security, are useful for
digital signature applications in which a large message must be compressed
in a secure manner before being signed with a private key.
- The secure hash algorithms SHA and SHA-1
were developed by NIST and published as federal information-processing
standards.
The .NET Framework also supports the XML
Digital Signature specification, under development by the Internet Engineering
Task Force and the World Wide Web Consortium. The framework provided
cryptographic classes support .NET's internal services, too. The classes are
available as managed code to developers who require cryptographic support.
For more information about implementing cryptography algorithms, we recommend
Bruce Schneier's Applied Cryptography: Protocols, Algorithms, and Source Code in
C, 2nd edition (John Wiley & Sons, 1996). Though the examples are coded in ANSI
C, this is one of the best cryptography books available.
Conclusion
Hope this article would have helped you in
understanding Cryptography in .NET. See other articles on the website on .NET and C#.
|
The Complete Visual
C# Programmer's Guide covers most of the major components that make
up C# and the .net environment. The book is geared toward the
intermediate programmer, but contains enough material to satisfy the
advanced developer. |