In this article Brian Patterson will cover some of the encryption classes provided in the .NET Framework. Once you have got a grasp on how to use these algorithms, he will wrap things up with a sample order application that will encrypt credit card information before saving it to either a SQL Server or Oracle database server.
String Encryption With Visual Basic .NET - Encryption and the .NET Framework (Page 2 of 7 )
Many of the encryption methods I am about to discuss are generally referred to as "private-key" algorithms. This simply means that you use one key (such as a password) to encrypt the data, and you use the same key to decrypt the data. These private-key, or symmetric algorithms, are much faster than systems that use public key encryption. Though speed is a benefit, there are drawbacks as well. Since there is one key to encrypt and decrypt, if you wish to give the encrypted data to another person, you must communicate the secret key to them so they can decrypt the information. Relaying the key is a point of weakness since the information could be intercepted by a third party, thus allowing someone else to decrypt the information.
Typically, these private-key algorithms are also referred to as block ciphers. This is because when they encrypt data they do it in chunks, referred to as blocks. All of the encryption methods below use blocks of 8 bytes when encrypting data with the exception of Rijndael. Simplistic forms of block ciphers will encrypt a block of data and then move on to the next block using the same key to encrypt each block. That means if both blocks 1 and 3 contain the same data, their encrypted equivalent will be the same as well. This can lead to someone figuring out your encryption method and recovering the encryption key. To solve this, the algorithms below use something called an initialization vector. This initialization vector is mixed with the key to encode the first block of data. When the algorithm proceeds to encrypt subsequent blocks of data, previous block information is passed along to help the encryption process. Thus, by using an initialization vector, if blocks 1 and 3 contained the same information - their encrypted equivalent would be totally different.
When using the various encryption classes within .NET, it is very helpful to know that their method of operation is very similar between all of them. When you write code to use one, TripleDES, for example, it takes very little to change the encryption type. Now let's take a brief look at some of the encryption algorithms provided in the .NET Framework.
DES The Data Encryption Standard (DES), as its name implies, has been the de-facto standard for encryption for the last 30 years. As I already mentioned, DES encrypts data using 8 byte blocks. The same key used to encrypt data is also use to decrypt data. When encrypting data with DES, you must provide an 8-byte key which in turn is reduced to a 7-byte key because the algorithm removed the 8th bit of every key byte for parity purposes.
DES employs 16 rounds of encryption to every block of data. That said - the key you provide is used to encrypt a block of data. The key is then slightly modified and the block of data is encrypted again. This continues on until the block of data has been encrypted 16 times.
DES encryption uses standard mathematical and logical operators for encryption - it was implemented very easily in the late 1970s with the computer hardware available at that time. Since it performs a very repetitive encryption routine, DES was also an ideal candidate to be embedded in microchips to help speed the process up even more.
DES encryption was officially broken in 1997 during a challenge sponsored by RSA Security. This prompted better implementations of the encryption standard, which will be covered shortly.
RC2 RC2 (Rivest Cipher) was designed as a replacement for DES and boasts a 3 times speed increase over DES when used in software. It, like DES, is an 8-byte block cipher. Unlike DES, RC2 can accept a key size limited only by the maximum string size on the computing platform. It is said that the speed of the algorithm is in no way affected by the length of the key. Many pieces of software use RC2 encryption, but it doesn't come close to being as popular as DES.
RSA RSA is a very well known public key encryption system. To demonstrate what public key encryption is let's look at an example:
Once a day I send an EDI 850 Purchase Order file to a fulfillment center I have hired to distribute the thousands of applications I make and sell. Rather than just uploading the file to my vendors FTP site where anyone can access it and read the information in it, I decide to encrypt it. My fulfillment vendor provides me with their public key. I use this public key to encrypt the data. Once the file has been encrypted, I upload the file to their FTP site where they can take the file and decrypt it with their Private Key before importing the information into their warehouse computer system. As you can see in this example, I use my password to actually encrypt the information, but I provide the public key of my vendor. This public key ensures that the information is encrypted in such a way that the vendor need only enter in their private key to decrypt the information. If I wished to send a copy of this file to my accountant as well, I could encrypt the file with the public key of my vendor and accountant.
RSA solves the age-old problem of key exchange by not having a common key for encryption and decryption. RSA is very secure and is used in thousands upon thousands of implementations around the world. The most common application in use today would be PGP (Pretty Good Privacy) - which allows anyone to encrypt files and emails with public key information.
A practical use for RSA would be, for example, that you are a vendor of widgets for the ACME Corporation and you simply take orders and send those orders on the ACME for processing. When you take the orders you could encrypt the information with a public key so only ACME could decrypt it. Since we will be encrypting order information for our own use, RSA is a bit out of scope for us so we won't use it here.
TripleDES As the name implies, TripleDES performs three times as much encryption as standard DES. TripleDES also requires a 24-byte key, which is divided into three 8-byte keys for encrypting each block 3 times. When you take the rounds of encryption into consideration, each block is actually encrypted 48 times. As you must imagine, TripleDES is a very secure encryption algorithm and will be the basis for the test application below.