Members

Technology Zones

IBM Learning Center

Articles

Hosted By

MaximumASP

Info
Rated
Read 54,914 times
5 comments

Contents

Related Categories

Using Encryption in .NET - Conclusion

sjjohnson

Conclusion

While we have left much about the field of cryptography unsaid, I hope that you've gained a good understanding of the basics of using the FCL classes for encryption. In summary, remember the following points:

  • Always use proven, public technology
  • Use Rijndael, if possible
  • Use 256-bit keys and blocks
  • Take care how you derive keys
  • Use PKCS7 padding in .NET 1.1, ISO10126 in .NET 2.0
  • Don't use ECB mode unless you have a good reason and know what you're doing
  • Always use a unique IV for each message
  • Take the time to be explicit in your code for important details, even when you're using defaults

Finally, here is the complete text of the CipherWrapper class we developed in this article. Keep in mind that this code is provided for demonstration purposes only. I designed the code for simplicity and illustration foremost and I typically write more complex crypto code to accomplish such goals as to make the classes thread safe and useable from multiple sessions. These details, in my view, do not contribute to the subject at hand, so they were omitted. That stated, this class puts to work all the principles covered by this article. Take some time to study the documentation for the SymmetricAlgorithm class, from which all the FCL ciphers derive, and the ICryptoTransform interface, particularly the overloads for the CreateEncryptor/Decryptor methods.

class CipherWrapper
{
  RijndaelManaged _cipher = null;
  public CipherWrapper()
  {
    _cipher = InitCipher();
  }
  public CipherWrapper(byte[] key)
  {
    _cipher = InitCipher(key);
  }
  public byte[] Key
  {
  get { return _cipher.Key;  }
  set { _cipher.Key = value; }
  }
  public byte[] EncryptMessage(byte[] plainText, out byte[] iv)
  {
    _cipher.GenerateIV();
    iv = _cipher.IV;
    ICryptoTransform transform = _cipher.CreateEncryptor();
    byte[] cipherText = transform.TransformFinalBlock(plainText, 0, plainText.Length);
    return cipherText;
  }
  public byte[] DecryptMessage(byte[] cipherText, byte[] iv)
  {
    _cipher.IV = iv;
    ICryptoTransform transform = _cipher.CreateDecryptor();
    byte[] plainText = transform.TransformFinalBlock(cipherText, 0, cipherText.Length);
    return plainText;
  }
  private RijndaelManaged InitCipher()
  {
    RijndaelManaged cipher = CreateCipher();
    cipher.GenerateKey();
    return cipher;
  }

  private RijndaelManaged InitCipher(byte[] key)
  {
    RijndaelManaged cipher = CreateCipher();
    cipher.Key = key;
    return cipher;
  }
  private RijndaelManaged CreateCipher()
  {
    RijndaelManaged cipher = new RijndaelManaged();
    cipher.KeySize  = 256;
    cipher.BlockSize = 256;
    cipher.Mode      = CipherMode.CBC;
    cipher.Padding  = PaddingMode.PKCS7;
    return cipher;
  }
}

Kudos

Many thanks to Keith Brown for his review of this article. Keith provided many helpful suggestions and corrections.

This article was originally published at DotNetDevs.com

Steve is a senior developer and consultant for 3t Systems, Inc. in Denver, CO, where he spends his days doing architecture, training, and "in-the-trenches" development. Steve began programming Windows on version 3.1 in 1995 using only C, the SDK, and Petzold's classic "Programming Windows 3.1". He was a hobbyist programmer until February 1999, when he turned professional. Steve particularly enjoys learning internals and behind-the-scenes details and developing low-level infrastructure code. Steve currently resides in Highlands Ranch, CO with his wife Kathleen and two cats.

Comments

Read Comments | Post Comment

  • RE: varbinary

    Posted by bmills on 21 May 2005

    I totally agree that varbinary could have been used. My only problem with that solution is that it seems difficult to work with binary data in ADO.NET and SQL Server. I may be wrong. I haven't trie...

  • Varbinary

    Posted by nuikeoni on 19 May 2005

    Couldn't you also store this in a Varbinary field instead of trying to convert it to a string for a varchar field?

  • File Encrypting

    Posted by nuikeoni on 18 May 2005

    Dear Steve,
    I was wondering if you had some insight as to how to best to file encrypting with the rijndael encryption. Most examples I've found only give info. about how to encrypt messages. I know...

  • Posted by sjjohnson on 24 Apr 2005

    Exactly. If you don't use the same IV for encryption and decryption, the message can't be properly decoded.

  • Fixed

    Posted by wheeldo on 23 Apr 2005

    Problem seems to be fixed now - I'd uncommented the initialisation vector code and it looks like it's mandetory.

    Also - replaced the hex encoding with base64 strings (many thanks to Ben Mills on th...