Home arrow ASP.NET arrow Page 3 - Cryptographic Objects in C#: Part 1
ASP.NET

Cryptographic Objects in C#: Part 1


In this article, Richard takes us through some of the cryptography tools available in the .NET Framework that provide hashing and encryption of different types of data.

Author Info:
By: Wrox Team
Rating: 5 stars5 stars5 stars5 stars5 stars / 33
February 05, 2003
TABLE OF CONTENTS:
  1. · Cryptographic Objects in C#: Part 1
  2. · Hashing Functions
  3. · Hashing Class
  4. · Using ICryptoTransform Interfaces and Cryptographic Objects
  5. · Conclusion

print this article
SEARCH DEVARTICLES

Cryptographic Objects in C#: Part 1 - Hashing Class
(Page 3 of 5 )

public class HashLoginCredentials
  {
    public enum HashTypeDef { MD5, SHA1 }

    bool isSha = false;
    string[] gCredentials = {};
    string plain = String.Empty;
    byte[] hashed = {};
    byte[] bHashResult = new byte[21];

    public HashLoginCredentials(HashTypeDef htd, params string[] sCredentials)
    {
      if(htd==HashTypeDef.SHA1)
      {
        isSha = true;
      }
      gCredentials = sCredentials;
    }
    public string Hash(bool isBase64)
    {
      if(isSha)
      {
        SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
        for(int i = 0; i<gCredentials.Length; i++) plain += gCredentials[i];
        byte[] bSha1Hash = Encoding.ASCII.GetBytes(plain);
        //sha1.TransformBlock(bSha1Hash, 0, bSha1Hash.Length, bHashResult, 0);
        bHashResult = sha1.ComputeHash(bSha1Hash);
        hashed = bHashResult;
      }
      else
      {
        MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
        for(int i = 0; i<gCredentials.Length; i++) plain += gCredentials[i];
        byte[] bMD5Hash = Encoding.ASCII.GetBytes(plain);
        //md5.TransformBlock(bMD5Hash, 0, bMD5Hash.Length, bHashResult, 0);
        bHashResult = md5.ComputeHash(bMD5Hash);
        hashed = bHashResult;
      }
      if(isBase64)
      {
        return Convert.ToBase64String(hashed);
      }
      else
      {
        return Encoding.ASCII.GetString(hashed);
      }
    }
  }


This is a very simple wrapper class for hashing but immensely useful. As mentioned before any text can have a unique message digest. The two implementations in .NET used here are MD5 and SHA1 which are the most common. If we take a more detailed look at the cryptographic hashing objects themselves we begin with the SHA1CryptoServiceProvider object, we can use the ComputeHash(byte[]) method to put any amount of data into the hashing object. This method returns the value of the hash in the form of a byte array. In this implementation a string is returned from this hash wrapper object instead of a byte array, simply because this can be written to a database table very easily for a particular user or in an XML file as I've done in the ASP.NET implementation of this object.

Convert.ToBase64String(hashed);

The above line of code is very useful. A static method of the Convert object enables us to pass a byte array and retrieve a Base64 encoded string. Base64 defines a character set of upper and lower case alphabet characters, digits 0-9 and a plus sign, a slash and a space. This means that if any piece of encrypted text or hashed text is converted into this from ASCII text it will always be viewable and printable. A Base64 string always has an equals sign at the end (to show that it is Base64). See the code below:

string temp_test = String.Copy("ABCDE&^%$!@");

...which produces as a Base64 output:

QUJDREUmXiUkIUA=

Using the encoding object is also very useful. It can be used to convert characters to ASCII from Unicode or vice-versa. It can be used to get the default system encoding and translate between strings and byte arrays or char arrays etc.

Encoding.ASCII.GetString(hashed);

Encryption Classes

There are three internal classes which map onto the 3 key algorithms discussed above; one of them looks as follows:

internal class GenerateDesKey : SymDefKey
{
    private byte[] desIVVal = {
      10, 20, 30, 40, 50, 60, 70, 80
    };
    byte[] desKeyVal = {};
    
    public GenerateDesKey()
    {
      DESCryptoServiceProvider desKey = new DESCryptoServiceProvider();
      desKey.GenerateKey();
      desKeyVal = desKey.Key;
      desKey = null;
    }
    public byte[] Key()    {
      //Returns key value
      return desKeyVal;    
    }
    public byte[] IV()
    {
      //Returns IV Value
      return desIVVal;
    }
}


The value IV is used to store an Initialization Vector, which is used to make it a little more complicated to break the encryption. The IV is added to the plaintext block to be encrypted using CBC making it slightly harder to crack.

This is a simple class which implements a common interface: SymDefKey so that Key() and IV() methods can be defined on all these wrapper classes. The DESCryptoServiceProvider is used here to create a DES key (DES keys are normally 56 bits long). As can be seen the GenerateKey() method is used to generate a key within the DESCryptoServiceProvider object and it can be retrieved through the Key property. IV's are only really used for DES now since key lengths are small and DES keys have been found via brute force and decryptions have followed. With Triple DES (DES3) we have 168 bit keys (or three 56 bit keys) which are used to encrypt, decrypt and re-encrypt the plaintext - Essentially this is an extension of DES using the same key sizes but to perform operations on the plaintext 3 times. This is the most common key used and is far more secure than DES.

However, to use this, the high encryption pack needs to be installed on Windows. This can be found on the Microsoft website at http://www.microsoft.com/windows2000/downloads/recommended/encryption/.

case KeyEncryptAlgorithm.DES:
  keyAlg = (SymDefKey) new GenerateDesKey();
  keyTemp = KeyEncryptAlgorithm.DES;
  break;
//Create an instance of internal DES3key class
case KeyEncryptAlgorithm.DES3:
  keyAlg = (SymDefKey) new GenerateDes3Key();
  keyTemp = KeyEncryptAlgorithm.DES3;
  break;
//Create an instance of internal RC2 class
case KeyEncryptAlgorithm.RC2:
  keyAlg = (SymDefKey) new GenerateRC2Key();
  keyTemp = KeyEncryptAlgorithm.RC2;
  break;


The above segment of code shows that the class defined above casts to the interface type that it implements (SymDefKey) - all of these wrapper classes implement the methods Key and IV which enable the objects which we'll talk through later on to retrieve and use to get do the actual work (encryption or decryption). This code exists in the object constructor.

A boolean flag is set to enable the object to work out whether the user has passed a file name (which must exist) or a string - It will check first if the file exists, if not then it will assume that the user has passed a string needs to be encrypted. This is set after the file name is tested for existence.

If the file does exist then the following code is executed:

if(!fileNameOrTextToEncrypt.EndsWith(".enc"))
  {
    //Calculate output name of encryption file
    outName = fileNameOrTextToEncrypt.Substring(0, fileNameOrTextToEncrypt.Length - 3)+"enc";
  }  
  else
  {
    //Calculate output name of decrypted file
    outName = fileNameOrTextToEncrypt.Substring(0, fileNameOrTextToEncrypt.Length - 3)+"tmp";
    bToBeEncrypted = false;
  }


This forms part of the Encrypt() method. It checks to see if the filename being passed ends with .enc. If so then the method will create an output file of the same name in the same directory ending with .tmp which will contain the decrypted output from the .enc file.

ReadKeyFileContents(ref keyVal, ref IVVal, outName);

Assuming the latter, then the program will be unable to proceed and will generate an exception if it is unable to find a .key file in the current directory containing a key and an IV value. This ReadFileContents() method resides within a try-catch block ensuring that the file will have to be present for decryption.
blog comments powered by Disqus
ASP.NET ARTICLES

- How Caching Means More Ca-ching, Part 2
- How Caching Means More Ca-ching, Part 1
- Reading a Delimited File Using ASP.Net and V...
- What is .Net and Where is ASP.NET?
- An Object Driven Interface with .Net
- Create Your Own Guestbook In ASP.NET
- HTTP File Download Without User Interaction ...
- Dynamically Using Methods in ASP.NET
- Changing the Page Size Interactively in a Da...
- XML Serialization in ASP.NET
- Using Objects in ASP.NET: Part 1/2
- IE Web Controls in VB.NET
- Class Frameworks in VB .NET
- Cryptographic Objects in C#: Part 1
- Sample Chapter: Pure ASP.Net

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials