|
|
Cryptography is used to provide the following:
Confidentiality. To ensure data remains private. Confidentiality is usually achieved using encryption. Encryption algorithms (that use encryption keys) are used to convert plain text into cipher text and the equivalent decryption algorithm is used to convert the cipher text back to plain text. Symmetric encryption algorithms use the same key for encryption and decryption, while asymmetric algorithms use a public/private key pair.
Data integrity. To ensure data is protected from accidental or deliberate (malicious) modification. Integrity is usually provided by message authentication codes or hashes. A hash value is a fixed length numeric value derived from a sequence of data. Hash values are used to verify the integrity of data sent through insecure channels. The hash value of received data is compared to the hash value of the data as it was sent to determine if the data was altered.
Authentication. To assure that data originates from a particular party. Digital certificates are used to provide authentication. Digital signatures are usually applied to hash values as these are significantly smaller than the source data that they represent.
Use a hash when you want a way of verifying that data has not been tampered with in transit.
Use a keyed hash when you want to prove that an entity knows a secret without sending the secret back and forth, or you want to defend against interception during transit by using a simple hash.
Use encryption when you want to hide data when being sent across an insecure medium or when making the data persistent.
Use a certificate when you want to verify the person claiming to be the owner of the public key.
Use symmetric encryption for speed and when both parties share the key in advance.
Use asymmetric encryption when you want to safely exchange data across an insecure medium.
Use a digital signature when you want authentication and non-repudiation.
Use a salt value (a cryptographically generated random number) to defend against dictionary attacks.
The System.Security.Cryptography namespace provides cryptographic services, including secure encoding and decoding of data, hashing, random number generation, and message authentication.
The .NET Framework provides implementations of many standard cryptographic algorithms and these can be easily extended because of the well defined inheritance hierarchy consisting of abstract classes that define the basic algorithm types — symmetric, asymmetric and hash algorithms, together with algorithm classes.
|
Symmetric Algorithms |
Asymmetric Algorithms |
Hash Algorithms |
|---|---|---|
|
DES (Data Encryption Standard) |
DSA (Digital Signature Algorithm) |
HMAC SHA1 (Hash-based Message Authentication Code using the SHA1 hash algorithm) |
|
TripleDES (Triple Data Encryption Standard) |
RSA |
MAC Triple DES (Message Authentication Code using Triple DES) |
|
Rijndael |
MD5 |
|
|
RC2 |
SHA1, SHA256, SHA384, SHA512 (Secure Hash Algorithm using various hash sizes) |
.NET provides the following implementation classes that provide symmetric, secret key encryption algorithms:
DESCryptoServiceProvider
RC2CryptoServiceProvider
RijndaelManaged
TripleDESCryptoServiceProvider
| Note |
The classes that end with “CryptoServiceProvider” are wrappers that use the underlying services of the cryptographic service provider (CSP) and the classes that end with “Managed” are implemented in managed code. |
Figure 2 shows the inheritance hierarchy adopted by the .NET Framework. The algorithm type base class (for example, SymmetricAlgorithm) is abstract. A set of abstract algorithm classes derive from the abstract type base class. Algorithm implementation classes provide concrete implementations of the selected algorithm; for example DES, Triple-DES, Rijndael and RC2.
.NET provides following asymmetric (public/private key) encryption algorithms through the abstract base class (System.Security.Crytography.AsymmetricAlgorithm):
DSACryptoServiceProvider
RSACryptoServiceProvider
These are used to digitally sign and encrypt data. Figure 3 shows the inheritance hierarchy.
.NET provides following hash algorithms:
SHA1, SHA256, SHA384, SHA512
MD5
HMACSHA (Keyed Hashed algorithm)
MACTripleDES (Keyed Hashed algorithm)
Figure 4 shows the inheritance hierarchy for the hash algorithm classes.
|
|
